feat: Add 76 Level-2 regex checks for document correctness verification
Split dsi_document_checker.py (466 LOC) into doc_checks/ package (9 files). Two-pass L1→L2 logic: L1 checks "Is it mentioned?", L2 checks "Is it correct?" (e.g. controller has full address, specific Art. 6 lit., concrete time periods). 138 total checks (62 L1 + 76 L2) across 7 doc types: - DSE Art. 13: 31, Impressum §5 TMG: 16, Cookie §25 TDDDG: 15 - Widerruf §355: 15, AGB §305ff: 21, Social Media Art. 26: 20, DSFA Art. 35: 18 Frontend: hierarchical L1→L2 display with dual progress bars (green=completeness, blue=correctness). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -1,465 +1,18 @@
|
||||
"""
|
||||
DSI Document Checker — validates discovered legal documents against
|
||||
mandatory content requirements.
|
||||
DSI Document Checker — backward-compatible shim.
|
||||
|
||||
Checks each document type against its specific legal requirements:
|
||||
- Datenschutzinformation: Art. 13/14 DSGVO (9 Pflichtangaben)
|
||||
- AGB: §305ff BGB
|
||||
- Widerrufsbelehrung: §355, §312g BGB
|
||||
- Cookie-Richtlinie: §25 TDDDG
|
||||
- Impressum: §5 TMG / §18 MStV
|
||||
All logic moved to compliance.services.doc_checks package.
|
||||
This file re-exports the public API for existing consumers.
|
||||
"""
|
||||
|
||||
import logging
|
||||
import re
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
# Art. 13 DSGVO mandatory fields for privacy policies
|
||||
ART13_CHECKLIST = [
|
||||
{
|
||||
"id": "controller",
|
||||
"label": "Verantwortlicher (Art. 13(1)(a))",
|
||||
"patterns": [
|
||||
r"verantwortlich\w*\s+(?:ist|im sinne|fuer|f(?:ue|ü)r)",
|
||||
r"kontaktdaten\s+des\s+verantwortlichen",
|
||||
r"name\s+(?:und|&)\s+kontaktdaten\s+des",
|
||||
r"controller", r"verantwortliche\s+stelle",
|
||||
r"responsible\s+(?:party|for)",
|
||||
r"ihk\s+\w+\s+bodensee", # IHK-specific: org name as controller
|
||||
],
|
||||
"severity": "HIGH",
|
||||
},
|
||||
{
|
||||
"id": "dpo",
|
||||
"label": "Datenschutzbeauftragter (Art. 13(1)(b))",
|
||||
"patterns": [
|
||||
r"datenschutzbeauftragt", r"data\s+protection\s+officer",
|
||||
r"kontaktdaten\s+de[rs]\s+(?:behördlichen\s+)?datenschutz",
|
||||
r"dsb", r"dpo",
|
||||
],
|
||||
"severity": "MEDIUM",
|
||||
},
|
||||
{
|
||||
"id": "purposes",
|
||||
"label": "Zwecke der Verarbeitung (Art. 13(1)(c))",
|
||||
"patterns": [
|
||||
r"zweck\w*\s+(?:der|und|die)\s+(?:verarbeitung|datenerhebung|datenverarbeitung|rechtsgrundlage)",
|
||||
r"purpose\w*\s+(?:of|for)\s+(?:processing|data)",
|
||||
r"zu\s+welch\w+\s+zweck",
|
||||
r"welche\s+daten\s+werden.*verarbeitet",
|
||||
r"daten\s+werden\s+(?:zu|fuer|für)\s+(?:folgende|diese)",
|
||||
],
|
||||
"severity": "HIGH",
|
||||
},
|
||||
{
|
||||
"id": "legal_basis",
|
||||
"label": "Rechtsgrundlage (Art. 13(1)(c))",
|
||||
"patterns": [
|
||||
r"rechtsgrundlage", r"art\.\s*6\s*(?:abs|absatz)?\s*\.?\s*1",
|
||||
r"legal\s+basis", r"berechtigtes\s+interesse",
|
||||
r"auf\s+grundlage\s+(?:von|des|der)\s+(?:art|§)",
|
||||
r"lit\.\s*[a-f][\s\)]",
|
||||
r"auf\s+(?:der\s+)?grundlage\s+(?:von\s+)?art",
|
||||
r"gem(?:ae|ä)(?:ss|ß)\s+art", # gemäß Art.
|
||||
r"(?:verarbeitung|erhebung).*(?:auf\s+grundlage|gem)",
|
||||
r"§\s*\d+\s+(?:abs|ihkg|bdsg|ldsg|bbig|tdddg)",
|
||||
r"einwilligung\s+gem",
|
||||
],
|
||||
"severity": "HIGH",
|
||||
},
|
||||
{
|
||||
"id": "recipients",
|
||||
"label": "Empfaenger (Art. 13(1)(e))",
|
||||
"patterns": [
|
||||
r"empf(?:ae|ä)nger", r"(?:ueber|über|weiter)mitt(?:el|l)ung",
|
||||
r"recipient", r"weitergabe\s+(?:an|von)\s+daten",
|
||||
r"dritte", r"third\s+part",
|
||||
r"welche\s+daten\s+werden\s+(?:ueber|über)mittelt",
|
||||
r"auftragsverarbeit",
|
||||
],
|
||||
"severity": "MEDIUM",
|
||||
},
|
||||
{
|
||||
"id": "third_country",
|
||||
"label": "Drittlandtransfer (Art. 13(1)(f))",
|
||||
"patterns": [
|
||||
r"drittland", r"dritt\s*staat", r"drittl(?:ae|ä)nder",
|
||||
r"third\s+countr", r"angemessenheitsbeschluss",
|
||||
r"standard\s*vertragsklausel", r"scc",
|
||||
r"(?:ueber|über)mittlung.*(?:ausserhalb|außerhalb)",
|
||||
r"(?:europ(?:ae|ä)ischen\s+wirtschaftsraum|ewr|eea)",
|
||||
r"privacy\s+shield", r"data\s+privacy\s+framework",
|
||||
],
|
||||
"severity": "MEDIUM",
|
||||
},
|
||||
{
|
||||
"id": "retention",
|
||||
"label": "Speicherdauer (Art. 13(2)(a))",
|
||||
"patterns": [
|
||||
r"speicherdauer", r"aufbewahrungsfrist",
|
||||
r"(?:wie\s+lange|dauer)\s+(?:der\s+)?(?:werden|gespeicher|speicherung)",
|
||||
r"retention\s+period", r"l(?:oe|ö)sch(?:ung|frist|konzept)",
|
||||
r"wie\s+lange\s+werden\s+die\s+daten\s+aufbewahrt",
|
||||
r"daten\s+werden\s+gel(?:oe|ö)scht",
|
||||
r"(?:\d+\s+(?:tage|monate|jahre)|nach\s+\d+\s+(?:tag|monat|jahr))",
|
||||
r"dauer\s+der\s+speicherung",
|
||||
r"aufbewahrung(?:sdauer|spflicht|szeit)",
|
||||
r"gesetzliche.*aufbewahrung",
|
||||
],
|
||||
"severity": "HIGH",
|
||||
},
|
||||
{
|
||||
"id": "rights",
|
||||
"label": "Betroffenenrechte (Art. 13(2)(b))",
|
||||
"patterns": [
|
||||
r"recht\s+auf\s+auskunft", r"recht\s+auf\s+l(?:oe|ö)schung",
|
||||
r"recht\s+auf\s+berichtigung", r"widerspruchsrecht",
|
||||
r"art\.\s*1[5-9]", r"art\.\s*2[0-2]",
|
||||
r"right\s+to\s+(?:access|erasure|rectification|object)",
|
||||
r"betroffenenrecht", r"rechte\s+(?:des|der)\s+betroffenen",
|
||||
r"welche\s+rechte\s+ha(?:t|ben)\s+(?:der|die|sie)",
|
||||
r"ihnen\s+(?:stehen|steht)\s+(?:ein|folgende)\s+recht",
|
||||
],
|
||||
"severity": "HIGH",
|
||||
},
|
||||
{
|
||||
"id": "complaint",
|
||||
"label": "Beschwerderecht (Art. 13(2)(d))",
|
||||
"patterns": [
|
||||
r"beschwerderecht", r"aufsichtsbeh(?:oe|ö)rde",
|
||||
r"right\s+to\s+lodge\s+a\s+complaint",
|
||||
r"supervisory\s+authority", r"datenschutzbeh(?:oe|ö)rde",
|
||||
r"recht\s+auf\s+beschwerde", r"art\.\s*77",
|
||||
r"beschwerde.*(?:wenden|einlegen|erheben)",
|
||||
r"(?:zuständige|competent)\s+(?:behörde|beh(?:oe|ö)rde|authority)",
|
||||
],
|
||||
"severity": "MEDIUM",
|
||||
},
|
||||
]
|
||||
|
||||
# §355 BGB requirements for cancellation/withdrawal policies
|
||||
WIDERRUF_CHECKLIST = [
|
||||
{"id": "right_info", "label": "Belehrung ueber Widerrufsrecht",
|
||||
"patterns": [r"widerrufsrecht", r"right\s+of\s+withdrawal", r"recht\s+(?:zum|auf)\s+widerruf"]},
|
||||
{"id": "deadline", "label": "Widerrufsfrist (14 Tage)",
|
||||
"patterns": [r"14\s+tage", r"vierzehn\s+tage", r"14\s+days", r"fourteen\s+days"]},
|
||||
{"id": "form", "label": "Form des Widerrufs",
|
||||
"patterns": [r"widerrufsformular", r"muster.?widerruf", r"withdrawal\s+form", r"formular"]},
|
||||
{"id": "consequences", "label": "Folgen des Widerrufs",
|
||||
"patterns": [r"folgen\s+des\s+widerrufs", r"consequences\s+of\s+withdrawal", r"r(?:ue|ü)ckerstattung"]},
|
||||
{"id": "recipient", "label": "Empfaenger des Widerrufs (Name + Anschrift)",
|
||||
"patterns": [r"widerruf.*(?:richten|senden|erkl(?:ae|ä)ren)\s+(?:an|gegenueber|gegenüber)",
|
||||
r"(?:name|firma|anschrift).*widerruf", r"widerruf.*(?:per|via|an)"]},
|
||||
{"id": "no_reason", "label": "Hinweis: kein Grund erforderlich",
|
||||
"patterns": [r"ohne\s+(?:angabe|nennung).*(?:grund|gr(?:ue|ü)nde)",
|
||||
r"(?:kein|keine).*(?:begruendung|begründung|grund).*(?:erforderlich|noetig|nötig)"]},
|
||||
{"id": "digital_button", "label": "Online-Kuendigungsbutton (§312k BGB)",
|
||||
"patterns": [r"k(?:ue|ü)ndigungsbutton", r"§\s*312k", r"online.*k(?:ue|ü)ndig",
|
||||
r"k(?:ue|ü)ndigung.*(?:button|link|formular|online)"]},
|
||||
]
|
||||
|
||||
# AGB requirements (§305ff BGB)
|
||||
AGB_CHECKLIST = [
|
||||
{"id": "scope", "label": "Geltungsbereich",
|
||||
"patterns": [r"geltungsbereich", r"geltung", r"scope", r"diese\s+(?:agb|bedingungen)\s+gelten"]},
|
||||
{"id": "contract", "label": "Vertragsschluss",
|
||||
"patterns": [r"vertragsschluss", r"zustandekommen", r"contract\s+formation", r"angebot\s+und\s+annahme"]},
|
||||
{"id": "liability", "label": "Haftung / Haftungsbeschraenkung",
|
||||
"patterns": [r"haftung", r"liability", r"schadensersatz", r"haftungsbeschr(?:ae|ä)nkung"]},
|
||||
{"id": "jurisdiction", "label": "Gerichtsstand / Anwendbares Recht",
|
||||
"patterns": [r"gerichtsstand", r"anwendbares\s+recht", r"jurisdiction", r"governing\s+law"]},
|
||||
{"id": "payment", "label": "Zahlungsbedingungen",
|
||||
"patterns": [r"zahlungsbedingung", r"payment\s+terms", r"(?:preis|kosten|entgelt|vergütung)",
|
||||
r"zahlungsweise", r"rechnungsstellung"]},
|
||||
{"id": "delivery", "label": "Lieferung / Leistungserbringung",
|
||||
"patterns": [r"lieferung", r"leistungserbringung", r"delivery", r"lieferfrist",
|
||||
r"bereitstellung", r"(?:zugang|zugriff).*(?:dienst|leistung)"]},
|
||||
{"id": "warranty", "label": "Gewaehrleistung / Maengelrechte",
|
||||
"patterns": [r"gew(?:ae|ä)hrleistung", r"m(?:ae|ä)ngelrecht", r"warranty", r"sachm(?:ae|ä)ngel",
|
||||
r"gew(?:ae|ä)hrleistungsfrist"]},
|
||||
{"id": "termination", "label": "Kuendigung / Vertragsbeendigung",
|
||||
"patterns": [r"k(?:ue|ü)ndigung", r"vertragsbeendigung", r"termination",
|
||||
r"laufzeit.*(?:vertrag|abo)", r"k(?:ue|ü)ndigungsfrist"]},
|
||||
{"id": "data_protection", "label": "Datenschutzhinweis in AGB",
|
||||
"patterns": [r"datenschutz.*(?:agb|bedingung)", r"(?:agb|bedingung).*datenschutz",
|
||||
r"personenbezogen.*daten.*(?:agb|vertrag)", r"dsgvo.*(?:agb|vertrag)"]},
|
||||
]
|
||||
|
||||
# §5 TMG / §18 MStV Impressum requirements
|
||||
IMPRESSUM_CHECKLIST = [
|
||||
{"id": "name", "label": "Name des Anbieters",
|
||||
"patterns": [r"(?:gmbh|ag|e\.v\.|ohg|kg|gbr|ug|mbh|inc|ltd)", r"firma", r"unternehmen"]},
|
||||
{"id": "address", "label": "Anschrift",
|
||||
"patterns": [r"(?:str(?:asse|\.)|weg|platz|allee)\s*\d", r"d-\d{5}", r"\d{5}\s+\w+"]},
|
||||
{"id": "contact", "label": "Kontaktdaten (E-Mail + Telefon)",
|
||||
"patterns": [r"(?:e-?mail|mail).*@", r"telefon|phone|tel\.", r"\+?\d[\d\s/\-]{8,}"]},
|
||||
{"id": "register", "label": "Handelsregister / Registernummer",
|
||||
"patterns": [r"(?:handelsregister|hrb|hra|registergericht|amtsgericht)", r"register.*(?:nr|nummer)"]},
|
||||
{"id": "vat", "label": "USt-IdNr.",
|
||||
"patterns": [r"ust.*id", r"umsatzsteuer.*identifikation", r"vat.*id", r"de\s*\d{9}"]},
|
||||
{"id": "representative", "label": "Vertretungsberechtigte",
|
||||
"patterns": [r"vertretungsberechtigt", r"geschäftsführ", r"vorstand", r"inhaber"]},
|
||||
]
|
||||
|
||||
# §25 TDDDG Cookie policy requirements
|
||||
COOKIE_CHECKLIST = [
|
||||
{"id": "cookie_types", "label": "Arten der Cookies",
|
||||
"patterns": [r"(?:notwendig|essentiell|funktional|statistik|marketing|tracking)", r"cookie.*(?:art|typ|kategori)"]},
|
||||
{"id": "purposes", "label": "Zwecke der Cookies",
|
||||
"patterns": [r"zweck.*cookie", r"cookie.*zweck", r"(?:wofuer|wozu|warum).*cookie",
|
||||
r"cookies?\s+(?:ein|ver)?\s*,?\s*um\s+", r"(?:setzen|verwenden|nutzen)\s+.*cookies?\s+.*(?:um|fuer|für)",
|
||||
r"(?:analyse|marketing|tracking|funktional)\w*\s*cookies?\s*\.?\s*(?:um|damit|diese|sie)",
|
||||
r"cookies?\s+(?:dienen|helfen|ermöglichen|ermoeglichen)"]},
|
||||
{"id": "retention", "label": "Speicherdauer der Cookies",
|
||||
"patterns": [r"(?:speicherdauer|laufzeit|gueltigk|ablauf).*cookie", r"cookie.*(?:\d+\s+(?:tag|monat|jahr)|session)"]},
|
||||
{"id": "third_party", "label": "Drittanbieter-Cookies",
|
||||
"patterns": [r"drittanbieter", r"third.?party", r"(?:google|facebook|meta|microsoft).*cookie"]},
|
||||
{"id": "opt_out", "label": "Widerspruchsmoeglichkeit",
|
||||
"patterns": [r"(?:widerspruch|opt.?out|ablehnen|deaktivieren).*cookie", r"cookie.*(?:ablehnen|deaktivieren|loeschen)"]},
|
||||
]
|
||||
|
||||
# Art. 26 DSGVO Joint Controller (Social Media DSE)
|
||||
JOINT_CONTROLLER_CHECKLIST = [
|
||||
{"id": "joint_parties", "label": "Gemeinsam Verantwortliche benannt (Art. 26(1))",
|
||||
"patterns": [r"gemeinsam.*verantwortlich", r"joint.*controller", r"gemeinsame\s+verantwortlichkeit",
|
||||
r"art\.\s*26", r"mitverantwortlich",
|
||||
r"wir.*(?:und|gemeinsam).*(?:betreiber|facebook|meta|google)",
|
||||
r"(?:betreiber|netzwerk).*verantwortlich"]},
|
||||
{"id": "arrangement", "label": "Vereinbarung nach Art. 26 DSGVO",
|
||||
"patterns": [r"vereinbarung.*art\.\s*26", r"art\.\s*26.*vereinbarung",
|
||||
r"page\s*controller", r"fanpage", r"insights",
|
||||
r"gemeinsame.*verantwortung.*(?:vertrag|vereinbarung)",
|
||||
r"addendum|nachtrag|seiten.*insights"]},
|
||||
{"id": "contact_point", "label": "Anlaufstelle fuer Betroffene (Art. 26(1) S.3)",
|
||||
"patterns": [r"anlaufstelle", r"kontaktstelle", r"ansprechpartner.*betroffene",
|
||||
r"rechte.*(?:gegenueber|gegenüber)\s+(?:uns|beiden)",
|
||||
r"rechte.*(?:sowohl|grundsaetzlich|grundsätzlich).*(?:uns|als auch)",
|
||||
r"rechte.*geltend\s+machen", r"wenden\s+sie\s+sich"]},
|
||||
{"id": "processing_split", "label": "Verarbeitungsaufteilung (wer macht was)",
|
||||
"patterns": [r"(?:wir|betreiber).*(?:verarbeiten|erheben|nutzen).*(?:daten|informationen)",
|
||||
r"(?:facebook|meta|google|youtube|instagram|linkedin|twitter|x\.com).*(?:verarbeit|erhebt|nutzt|speichert)",
|
||||
r"bei\s+besuch\s+(?:unserer|der)\s+(?:seite|fanpage|profil)",
|
||||
r"(?:senden|ver(?:oe|ö)ffentlich|teilen).*(?:inhalte|beitr(?:ae|ä)ge)",
|
||||
r"(?:nutzungsstatistik|statistik|insight).*(?:betreiber|netzwerk)"]},
|
||||
{"id": "social_data_types", "label": "Kategorien verarbeiteter Daten",
|
||||
"patterns": [r"(?:nutzungsstatistik|insight|reichweite|interaktion|klick|aufruf)",
|
||||
r"(?:ip.?adresse|standort|browser|ger(?:ae|ä)t|alter|geschlecht)",
|
||||
r"(?:personenbezogen|daten).*(?:social|netzwerk|plattform)",
|
||||
r"(?:nutzername|beitr(?:ae|ä)g|profil|like|kommentar)",
|
||||
r"(?:sensitive|besondere).*(?:daten|kategori)"]},
|
||||
{"id": "platforms", "label": "Auflistung der genutzten Plattformen",
|
||||
"patterns": [r"(?:facebook|instagram|youtube|twitter|x\.com|linkedin|xing|tiktok)",
|
||||
r"(?:kan(?:ae|ä)le|plattform|netzwerk|profil|account|auftritte).*(?:social|medien)",
|
||||
r"social\s*media.*(?:angebot|pr(?:ae|ä)senz|auftritte)"]},
|
||||
{"id": "third_country", "label": "Drittlandtransfer (USA bei Social Media)",
|
||||
"patterns": [r"(?:usa|vereinigte\s+staaten|drittland|drittstaaten)",
|
||||
r"privacy\s+shield|data\s+privacy\s+framework|angemessenheitsbeschluss",
|
||||
r"standardvertragsklausel|standard.*contractual",
|
||||
r"(?:uebermittlung|übermittlung).*(?:usa|drittland|ausserhalb|außerhalb)"]},
|
||||
{"id": "legal_basis", "label": "Rechtsgrundlage (Art. 6 DSGVO)",
|
||||
"patterns": [r"rechtsgrundlage", r"art\.\s*6", r"berechtigtes\s+interesse",
|
||||
r"einwilligung.*art\.\s*6", r"lit\.\s*[a-f]"]},
|
||||
{"id": "rights", "label": "Betroffenenrechte (Art. 15-21)",
|
||||
"patterns": [r"recht\s+auf\s+auskunft", r"recht\s+auf\s+l(?:oe|ö)schung",
|
||||
r"art\.\s*1[5-9]", r"betroffenenrecht",
|
||||
r"ihre\s+rechte", r"rechte.*betroffene", r"widerspruchsrecht"]},
|
||||
{"id": "social_bookmarks", "label": "Hinweis auf Social Bookmarks vs. Plugins",
|
||||
"patterns": [r"social\s*(?:bookmark|plugin|button|widget)",
|
||||
r"(?:kein|keine).*(?:plugin|widget|button).*(?:gesetzt|eingebunden|geladen)",
|
||||
r"(?:link|verweis|weiterleitung).*(?:dienst|anbieter|netzwerk)"]},
|
||||
]
|
||||
|
||||
# DSFA checklist (Art. 35 DSGVO)
|
||||
DSFA_CHECKLIST = [
|
||||
{"id": "trigger", "label": "Schwellwertanalyse / Ausloesepruefung (Art. 35(1))",
|
||||
"patterns": [r"art\.\s*35\s*(?:abs|absatz)?\s*\.?\s*1", r"hohes\s+risiko",
|
||||
r"voraussichtlich.*risiko", r"schwellwert",
|
||||
r"folgen.*(?:verarbeitung|schutz).*personenbezogen"]},
|
||||
{"id": "description", "label": "Beschreibung der Verarbeitungsvorgaenge (Art. 35(7)(a))",
|
||||
"patterns": [r"beschreibung.*verarbeitung", r"verarbeitungsvorg(?:ae|ä)ng",
|
||||
r"systematische\s+beschreibung", r"gegenstand.*verarbeitung",
|
||||
r"social\s*media.*(?:angebot|nutzung|besteht\s+aus)",
|
||||
r"(?:kan(?:ae|ä)le|plattform).*(?:facebook|twitter|instagram|youtube|linkedin|xing)"]},
|
||||
{"id": "necessity", "label": "Notwendigkeit und Verhaeltnismaessigkeit (Art. 35(7)(b))",
|
||||
"patterns": [r"notwendigkeit", r"verh(?:ae|ä)ltnism(?:ae|ä)ssigkeit",
|
||||
r"erforderlichkeit", r"zweckbindung",
|
||||
r"geringen?\s+umfang", r"nur\s+(?:die|sehr).*daten.*(?:verarbeitet|erhoben)",
|
||||
r"freiwillig\s+angegeben"]},
|
||||
{"id": "risks", "label": "Risikobewertung fuer Betroffene (Art. 35(7)(c))",
|
||||
"patterns": [r"risiko.*(?:bewertung|analyse|einsch(?:ae|ä)tzung|abw(?:ae|ä)gung)",
|
||||
r"risiken.*(?:rechte|freiheit)", r"eintrittswahrscheinlichkeit",
|
||||
r"schwere.*(?:risiko|auswirkung)",
|
||||
r"hohes\s+risiko.*(?:rechte|freiheit)",
|
||||
r"systematische\s+beobachtung",
|
||||
r"(?:sensitiv|politisch|sexuell|gesundheit).*(?:daten|offenbar)"]},
|
||||
{"id": "measures", "label": "Abhilfemassnahmen (Art. 35(7)(d))",
|
||||
"patterns": [r"abhilfe", r"(?:ma(?:ss|ß)nahm).*(?:risiko|schutz|minderung)",
|
||||
r"schutzma(?:ss|ß)nahm", r"(?:technisch|organisatorisch).*ma(?:ss|ß)nahm",
|
||||
r"tom", r"risiko.*(?:minim|reduz|begrenzen)",
|
||||
r"(?:einschr(?:ae|ä)nk|begrenz).*(?:verarbeitung|zugriff)"]},
|
||||
{"id": "lfdi", "label": "Beruecksichtigung Landesbehoerden-Richtlinie",
|
||||
"patterns": [r"l(?:an)?fdi", r"landesbeauftragt.*datenschutz",
|
||||
r"landes.?datenschutz", r"richtlinie.*(?:land|lfdi|landes)",
|
||||
r"(?:aufsichtsbeh(?:oe|ö)rde|beh(?:oe|ö)rde).*(?:richtlinie|empfehlung|vorgabe)"]},
|
||||
{"id": "stakeholders", "label": "Einbeziehung des DSB (Art. 35(2))",
|
||||
"patterns": [r"datenschutzbeauftragt.*(?:einbez|konsult|beteilig|rat)",
|
||||
r"dsb.*(?:konsult|einbez|rat)", r"stellungnahme.*dsb",
|
||||
r"(?:rat|empfehlung).*datenschutzbeauftragt"]},
|
||||
{"id": "documentation", "label": "Dokumentation der Ergebnisse",
|
||||
"patterns": [r"(?:dokument|ergebnis|bericht).*(?:dsfa|folgenabsch(?:ae|ä)tzung)",
|
||||
r"(?:ergebnis|schlussfolgerung|bewertung).*(?:risiko|verarbeitung)",
|
||||
r"vorliegend.*(?:dsfa|analyse|bewertung|absch(?:ae|ä)tzung)"]},
|
||||
]
|
||||
|
||||
|
||||
def check_document_completeness(
|
||||
text: str,
|
||||
doc_type: str,
|
||||
doc_title: str,
|
||||
doc_url: str,
|
||||
) -> list[dict]:
|
||||
"""Check a legal document against its type-specific requirements.
|
||||
|
||||
Returns a list of findings (missing/present fields).
|
||||
"""
|
||||
findings = []
|
||||
text_lower = text.lower()
|
||||
|
||||
if not text or len(text) < 50:
|
||||
findings.append({
|
||||
"code": f"DSI-EMPTY-{doc_type.upper()}",
|
||||
"severity": "HIGH",
|
||||
"text": f"Dokument '{doc_title}' ist leer oder zu kurz fuer eine Pruefung.",
|
||||
"doc_title": doc_title,
|
||||
"doc_url": doc_url,
|
||||
"doc_type": doc_type,
|
||||
})
|
||||
return findings
|
||||
|
||||
# Short documents (< 200 words) are likely navigation snippets or
|
||||
# introductory pages, not full Art. 13 documents — flag but don't check
|
||||
word_count = len(text.split())
|
||||
if word_count < 200 and doc_type == "dse":
|
||||
findings.append({
|
||||
"code": f"DSI-SCORE-{doc_type.upper()}",
|
||||
"severity": "LOW",
|
||||
"text": (
|
||||
f"'{doc_title}': Kurzhinweis ({word_count} Woerter) — zu kurz fuer "
|
||||
f"eine vollstaendige Art. 13 DSGVO Pruefung. Kein eigenstaendiges DSI-Dokument."
|
||||
),
|
||||
"doc_title": doc_title,
|
||||
"doc_url": doc_url,
|
||||
"doc_type": doc_type,
|
||||
"all_checks": [], # No checks run for short documents
|
||||
})
|
||||
return findings
|
||||
|
||||
# Select checklist based on document type
|
||||
if doc_type in ("dse", "datenschutz", "privacy"):
|
||||
checklist = ART13_CHECKLIST
|
||||
label = "Art. 13 DSGVO"
|
||||
elif doc_type in ("widerruf", "withdrawal", "cancellation"):
|
||||
checklist = WIDERRUF_CHECKLIST
|
||||
label = "§355 BGB"
|
||||
elif doc_type in ("agb", "terms", "nutzungsbedingungen"):
|
||||
checklist = AGB_CHECKLIST
|
||||
label = "§305ff BGB"
|
||||
elif doc_type in ("impressum", "imprint"):
|
||||
checklist = IMPRESSUM_CHECKLIST
|
||||
label = "§5 TMG / §18 MStV"
|
||||
elif doc_type in ("cookie",):
|
||||
checklist = COOKIE_CHECKLIST
|
||||
label = "§25 TDDDG"
|
||||
elif doc_type in ("social_media", "joint_controller"):
|
||||
checklist = JOINT_CONTROLLER_CHECKLIST
|
||||
label = "Art. 26 DSGVO"
|
||||
elif doc_type in ("dsfa",):
|
||||
checklist = DSFA_CHECKLIST
|
||||
label = "Art. 35 DSGVO"
|
||||
else:
|
||||
checklist = ART13_CHECKLIST # Default: check as DSE
|
||||
label = "Art. 13 DSGVO"
|
||||
|
||||
present = 0
|
||||
total = len(checklist)
|
||||
all_checks: list[dict] = []
|
||||
|
||||
for check in checklist:
|
||||
match = None
|
||||
for p in check["patterns"]:
|
||||
m = re.search(p, text_lower)
|
||||
if m:
|
||||
match = m
|
||||
break
|
||||
|
||||
passed = match is not None
|
||||
matched_text = ""
|
||||
if match:
|
||||
start = max(0, match.start() - 30)
|
||||
end = min(len(text_lower), match.end() + 30)
|
||||
matched_text = text_lower[start:end].strip()
|
||||
present += 1
|
||||
else:
|
||||
findings.append({
|
||||
"code": f"DSI-MISSING-{check['id'].upper()}",
|
||||
"severity": check.get("severity", "MEDIUM"),
|
||||
"text": (
|
||||
f"'{doc_title}': Pflichtangabe '{check['label']}' nicht gefunden. "
|
||||
f"Erforderlich nach {label}."
|
||||
),
|
||||
"doc_title": doc_title,
|
||||
"doc_url": doc_url,
|
||||
"doc_type": doc_type,
|
||||
"check_id": check["id"],
|
||||
})
|
||||
|
||||
all_checks.append({
|
||||
"id": check["id"],
|
||||
"label": check["label"],
|
||||
"passed": passed,
|
||||
"severity": check.get("severity", "MEDIUM"),
|
||||
"matched_text": matched_text,
|
||||
})
|
||||
|
||||
# Always add summary finding (even at 100% — needed for completeness tracking)
|
||||
if total > 0:
|
||||
pct = round(present / total * 100)
|
||||
findings.insert(0, {
|
||||
"code": f"DSI-SCORE-{doc_type.upper()}",
|
||||
"severity": "OK" if pct == 100 else "LOW" if pct >= 80 else "MEDIUM" if pct >= 50 else "HIGH",
|
||||
"text": (
|
||||
f"'{doc_title}': {present}/{total} Pflichtangaben vorhanden ({pct}%)."
|
||||
+ (f" Fehlend: {total - present} Angaben nach {label}." if pct < 100 else "")
|
||||
),
|
||||
"doc_title": doc_title,
|
||||
"doc_url": doc_url,
|
||||
"doc_type": doc_type,
|
||||
"all_checks": all_checks,
|
||||
})
|
||||
|
||||
return findings
|
||||
|
||||
|
||||
def classify_document_type(title: str, url: str) -> str:
|
||||
"""Classify a document by its title/URL into a legal document type."""
|
||||
combined = f"{title} {url}".lower()
|
||||
|
||||
if any(kw in combined for kw in ["datenschutzfolge", "dsfa", "risikoanalyse für nutzung"]):
|
||||
return "dsfa"
|
||||
if any(kw in combined for kw in ["social media", "facebook", "instagram", "linkedin", "fanpage"]):
|
||||
if any(kw in combined for kw in ["datenschutzerkl", "datenschutz für", "datenschutzinformation"]):
|
||||
return "social_media"
|
||||
if any(kw in combined for kw in ["datenschutz", "privacy", "dsgvo", "data protection", "données"]):
|
||||
return "dse"
|
||||
if any(kw in combined for kw in ["widerruf", "withdrawal", "rétractation", "desistimiento"]):
|
||||
return "widerruf"
|
||||
if any(kw in combined for kw in ["agb", "allgemeine geschäftsbedingungen", "terms",
|
||||
"nutzungsbedingungen", "conditions"]):
|
||||
return "agb"
|
||||
if any(kw in combined for kw in ["cookie", "slapuk", "evästeet", "kakor"]):
|
||||
return "cookie"
|
||||
if any(kw in combined for kw in ["impressum", "imprint", "legal notice", "mentions légales"]):
|
||||
return "impressum"
|
||||
return "other"
|
||||
from compliance.services.doc_checks import ( # noqa: F401
|
||||
check_document_completeness,
|
||||
classify_document_type,
|
||||
ART13_CHECKLIST,
|
||||
WIDERRUF_CHECKLIST,
|
||||
AGB_CHECKLIST,
|
||||
IMPRESSUM_CHECKLIST,
|
||||
COOKIE_CHECKLIST,
|
||||
JOINT_CONTROLLER_CHECKLIST,
|
||||
DSFA_CHECKLIST,
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user