Configure Privacy Request Options
The list of available privacy request functions is controlled by the Actions section of the configuration file. Within this section, privacy functions may be defined using the following fields:
| Field | Description |
|---|---|
title | Title for the tile displayed on the site that describes the function being performed. |
description | A user-friendly description for each privacy request option. |
icon_path | Specify a URL to a public icon to override the default icon displayed. |
policy_key | A key that refers to the policy that will be used. |
identity_inputs | The list of personally identifiable information gathered to perform an action and whether or not it is required. |
custom_privacy_request_fields | A list of additional metadata that can be provided by the user that is included in the request. (See: Custom request fields) |
locations | (API-only) A list of locations where this action should be available. Use "fallback" as a special value to define an action that should be shown when no location-specific actions match. |
Example: Access request
This is an example of an Access function that requires the Data Subject to enter their email address and executes the default_access_policy when submitted returning the access package to the specified email address.
"actions": [
{
"title": "Access your data",
"description": "We will email you a report of the data related to your account.",
"icon_path": "/download.svg",
"policy_key": "default_access_policy",
"identity_inputs": {
"name": "optional",
"email": "required",
"phone": "optional"
}
}
]Location-Based Actions (API-only)
When using API-based configuration, you can specify which actions should be available in different locations. This is useful for providing region-specific privacy request options or complying with different privacy regulations across jurisdictions.
Example: Location-Specific Actions
"actions": [
{
"locations": ["us_ca"],
"policy_key": "default_access_policy",
"title": "California access policy",
// other fields...
},
{
"locations": ["us"],
"policy_key": "default_access_policy",
"title": "US National access policy",
// other fields...
},
{
"locations": ["eea"],
"policy_key": "default_access_policy",
"title": "Access policy for EEA",
// other fields...
},
{
"locations": "fallback",
"policy_key": "default_access_policy",
"title": "Default access policy",
// other fields...
}
]The location matching is case-insensitive and follows this priority:
- Most specific location (e.g., "us_ca" for California)
- Country-level location (e.g., "us" for United States)
- Regional location (e.g., "eea" for European Economic Area)
- Fallback actions for all other locations
For example:
- A user in California (
us_ca) sees the California access policy because there's a specific action for that state - A user in Utah (
us_ut) sees the US National access policy because country-level actions apply when no state-specific action exists - A user in Spain (
es) sees the EEA access policy because regional actions apply to countries within that region - A user in Mexico (
mx) sees the default access policy because fallback actions apply when no specific location matches
Note: Location-based actions are only available when using API-based configuration. This feature is not supported in file-based configuration.
Note for self-hosted customers: To use location-based actions, your privacy center must be behind Cloudfront to enable geolocation of users. This is required because Cloudfront provides the geolocation information needed to determine which location-specific actions to show to users.