EU General Data Protection Regulation (GDPR) support in ASP.NET Core

By Rick Anderson

ASP.NET Core provides APIs and templates to help meet some of the EU General Data Protection Regulation (GDPR) requirements:

:::moniker range=">= aspnetcore-7.0"

• The project templates include extension points and stubbed markup that you can replace with your privacy and cookie use policy.
• The Pages/Privacy.cshtml page or Views/Home/Privacy.cshtml view provides a page to detail your site's privacy policy.

For GDPR guidance that applies to Blazor apps, see xref:blazor/security/gdpr.

To enable the default cookie consent feature like that found in the ASP.NET Core 2.2 templates in a current ASP.NET Core template generated app, add the following highlighted code to Program.cs:

[!code-csharpMain]

In the preceding code, xref:Microsoft.AspNetCore.Builder.CookiePolicyOptions and xref:Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy%2A are used.

• Add the cookie consent partial to the _Layout.cshtml file:

  [!code-cshtmlMain]

• Add the _CookieConsentPartial.cshtml file to the project:

  [!code-cshtmlMain]

• Select the ASP.NET Core 2.2 version of this article to read about the cookie consent feature.

Customize the cookie consent value

Specify the value used to track if the user consented to the cookie use policy using the CookiePolicyOptions.ConsentCookieValue property:

[!code-csharpMain]

Encryption at rest

Some databases and storage mechanisms allow for encryption at rest. Encryption at rest:

• Encrypts stored data automatically.
• Encrypts without configuration, programming, or other work for the software that accesses the data.
• Is the easiest and safest option.
• Allows the database to manage keys and encryption.

For example:

• Microsoft SQL and Azure SQL provide Transparent Data Encryption (TDE).
• SQL Azure encrypts the database by default
• Azure Blobs, Files, Table, and Queue Storage are encrypted by default.

For databases that don't provide built-in encryption at rest, you may be able to use disk encryption to provide the same protection. For example:

• BitLocker for Windows Server
• Linux:
  • eCryptfs
  • EncFS.

Additional resources

• Microsoft Trust Center: Safeguard individual privacy with cloud services from Microsoft: GDPR
• European Commission: Data protection explained

:::moniker-end

[!INCLUDE] [!INCLUDE] [!INCLUDE]