Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ai-sdk): ePrivacy/cookie topic — §25 TDDDG co-primary for cookie questions #41

Merged
Benjamin_Boenisch merged 1 commits from feat/tdddg-cookie-ranking into main 2026-06-27 05:27:07 +00:00
Conversation 0 Commits 1 Files Changed 2
+30 -2
Benjamin_Boenisch commented 2026-06-27 05:20:28 +00:00
Owner
Copy Link
Copy Source

Summary

The TDDDG (ex-TTDSG) pilot revealed §25 TDDDG (cookie / terminal-equipment consent) ranked #3 on a cookie query — the subsidiarity rule (#40) demoted it as DE law subsidiary to the DSGVO, but TDDDG is lex specialis (ePrivacy) for cookies.

Topic-based fix (NOT blanket TDDDG > DSGVO):

  • cookie/ePrivacy topic (cookie/endeinrichtung/endgerät/tracking§25 TDDDG) → co-primary (topicGain, no subsidiarity demote)
  • TDDDG/TTDSG added to the data_protection domain (chunkDomain recognition)
  • cookie-specific keywords (NOT bare Einwilligung) so a general consent question still → Art. 7 DSGVO

Evidence (DSGVO+BDSG+TDDDG build, macmini)

  • cookie → §25 TDDDG top-1 (was #3)
  • Rechtsgrundlage → DSGVO (not BDSG/TDDDG)
  • DSB → Art.37 DSGVO + §38 BDSG (not TDDDG)
  • degraded=0, must_not=0; new permanent Golden Suite regression dp_17
  • go build/vet/test ./... green; 2 new table tests

Test plan

  • CI go-lint + test-go green (the 4 red python-lint/nodejs-lint/dep-audit/sbom-scan jobs are pre-existing repo-wide debt, unrelated to this Go-only diff)
  • After merge → Orca dev deploy → smoke

Builds on #40 (national-law subsidiarity). Completes Wave-1a ranking (DSGVO/BDSG/TDDDG).

🤖 Generated with Claude Code

## Summary The TDDDG (ex-TTDSG) pilot revealed **§25 TDDDG** (cookie / terminal-equipment consent) ranked **#3** on a cookie query — the subsidiarity rule (#40) demoted it as DE law subsidiary to the DSGVO, but **TDDDG is lex specialis (ePrivacy) for cookies**. Topic-based fix (NOT blanket TDDDG > DSGVO): - **cookie/ePrivacy topic** (`cookie`/`endeinrichtung`/`endgerät`/`tracking` → `§25 TDDDG`) → co-primary (topicGain, no subsidiarity demote) - `TDDDG`/`TTDSG` added to the `data_protection` domain (chunkDomain recognition) - cookie-specific keywords (NOT bare `Einwilligung`) so a general consent question still → Art. 7 DSGVO ## Evidence (DSGVO+BDSG+TDDDG build, macmini) - cookie → **§25 TDDDG top-1** (was #3) - Rechtsgrundlage → DSGVO (not BDSG/TDDDG) - DSB → Art.37 DSGVO + §38 BDSG (not TDDDG) - **degraded=0, must_not=0**; new permanent Golden Suite regression `dp_17` - `go build/vet/test ./...` green; 2 new table tests ## Test plan - [ ] CI `go-lint` + `test-go` green (the 4 red `python-lint`/`nodejs-lint`/`dep-audit`/`sbom-scan` jobs are pre-existing repo-wide debt, unrelated to this Go-only diff) - [ ] After merge → Orca dev deploy → smoke Builds on #40 (national-law subsidiarity). Completes Wave-1a ranking (DSGVO/BDSG/TDDDG). 🤖 Generated with Claude Code
Benjamin_Boenisch added 1 commit 2026-06-27 05:20:30 +00:00
feat(ai-sdk): ePrivacy/cookie topic — §25 TDDDG co-primary for cookie questions
CI / detect-changes (pull_request) Successful in 12s
Details
CI / branch-name (pull_request) Successful in 2s
Details
CI / guardrail-integrity (pull_request) Successful in 9s
Details
CI / secret-scan (pull_request) Successful in 9s
Details
CI / dep-audit (pull_request) Failing after 57s
Details
CI / sbom-scan (pull_request) Failing after 58s
Details
CI / build-sha-integrity (pull_request) Successful in 5s
Details
CI / validate-canonical-controls (pull_request) Successful in 5s
Details
CI / loc-budget (pull_request) Successful in 19s
Details
CI / go-lint (pull_request) Successful in 40s
Details
CI / python-lint (pull_request) Failing after 14s
Details
CI / nodejs-lint (pull_request) Failing after 1m8s
Details
CI / nodejs-build (pull_request) Successful in 3m1s
Details
CI / test-go (pull_request) Successful in 1m0s
Details
CI / iace-gt-coverage (pull_request) Successful in 17s
Details
CI / test-python-backend (pull_request) Successful in 23s
Details
CI / test-python-document-crawler (pull_request) Successful in 15s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 13s
Details
07916df330 
The TDDDG (ex-TTDSG) pilot revealed §25 TDDDG (terminal-equipment / cookie consent)
ranked #3 on a cookie query — the subsidiarity rule demoted it as DE law subsidiary
to the DSGVO, but TDDDG is lex specialis (ePrivacy) for cookies.

Topic-based fix (NOT blanket TDDDG > DSGVO):
- cookie/ePrivacy topic (cookie/endeinrichtung/endgeraet/tracking -> §25 TDDDG) so it is
  co-primary (topic-matched -> topicGain, no subsidiarity demote).
- TDDDG/TTDSG added to the data_protection domain (chunkDomain recognition).
- cookie-specific keywords (NOT bare 'Einwilligung') so a general consent question still
  resolves to Art. 7 DSGVO.

Acceptance on the DSGVO+BDSG+TDDDG build: cookie -> §25 TDDDG top-1; Rechtsgrundlage -> DSGVO;
DSB -> Art.37+§38 BDSG (not TDDDG); degraded=0, must_not=0. go build/vet/test green; 2 new table tests.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Benjamin_Boenisch merged commit fb4e14d9b9 into main 2026-06-27 05:27:07 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
config
Env vars, secrets management, startup validation
 data-integrity
Transactions, indexes, pagination
 frontend
Next.js, client-side concerns
 observability
Logging, audit trails, health checks
 reliability
Error handling, retries, circuit breakers
 security
Auth, secrets, injection, tenant isolation
 severity: critical
System-level risk, data breach or full outage
 severity: high
Significant risk, must fix before go-live
 severity: medium
Important but not blocking go-live
 testing
Test coverage, integration tests
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
sharang (Sharang Parnerkar) Benjamin_Boenisch
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Benjamin_Boenisch/breakpilot-compliance#41
Delete Branch "feat/tdddg-cookie-ranking"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?