🏠 Overview 👥 User Roles 📖 Confirm Personnummer Sharing After Vipps Login

Confirm Personnummer Sharing After Vipps Login

When Vipps Login returns a personnummer in the authentication response, the app displays a confirmation step before storing or syncing the data. The personnummer confirmation widget shows the user what data will be shared, with whom, and for what purpose. The user must actively confirm before the data is persisted. This step is a GDPR and privacy best practice requirement and builds trust with users who may be sensitive about sharing their national ID number.

HIGH story-bankid-vipps-login-peer-mentor-004 3 pts
3
Story Points
High
Priority
BankID and Vipps Login
Feature

User Story

As a Peer Mentor (Likeperson)
I want to be clearly informed when my national ID number (personnummer) will be shared with my organization
So that I can give informed consent before my sensitive personal data is stored and linked to my member record

Audience Summaries

This high-priority story addresses a critical GDPR compliance requirement for handling Norwegian national identity numbers (personnummer) collected during Vipps Login. Partner organizations currently face administrative overhead and inaccurate Bufdir reporting due to missing personnummer data for many members. By implementing an explicit opt-in consent step during authentication, the platform converts a legal obligation into a trust-building moment. This improves data completeness across all partner organizations, directly reducing reporting errors and administrative costs.

The consent-first design demonstrates responsible data stewardship, strengthening user confidence and supporting long-term engagement among peer mentors who are rightfully cautious about sharing national identity data.

This story introduces a personnummer confirmation widget as a mandatory gate in the Vipps Login flow, with moderate development complexity. A hard dependency exists on story-bankid-vipps-login-peer-mentor-003, which must be complete before end-to-end testing is possible. Delivery requires coordination between the authentication team, UX designers, and a legal or GDPR reviewer to validate that consent language and data disclosure wording meets Norwegian regulatory standards. Acceptance criteria explicitly require VoiceOver accessibility compliance, so QA must involve assistive technology testing on iOS.

Two distinct user paths — confirm and decline — must both be validated. Rollout should include a legal sign-off checkpoint before release given the regulatory sensitivity of this feature.

Implementation requires intercepting the Vipps Login authentication response to detect when a personnummer is present, then routing users through a confirmation widget before any persistence occurs. The widget must display the personnummer, the linked organization, and the storage purpose in plain language. On confirmation, the personnummer must be encrypted and written to Supabase with consent metadata attached; on decline, the value must be discarded from memory and the authentication flow must complete successfully without storing data. All interactive controls and text must be fully VoiceOver-accessible with proper accessibility labels.

Edge cases include network interruption during the confirmation step and ensuring the personnummer is never written to logs, analytics, or crash reporters. The widget should be stateless and architected for reuse in future consent flows.

Acceptance Criteria

  • Given Vipps Login succeeds and returns a personnummer, When the response is processed, Then the personnummer confirmation widget is shown before any data is stored
  • Given the confirmation widget is shown, When I review the information, Then I can see exactly what data (personnummer) will be stored and which organization it will be linked to
  • Given I confirm sharing, When I tap the confirm button, Then the personnummer is stored securely and I am navigated to the role-based home screen
  • Given I decline sharing, When I tap decline, Then the personnummer is discarded, authentication still succeeds, and I am navigated to the home screen without the personnummer being stored
  • Given the confirmation screen is shown, When I use a screen reader (VoiceOver), Then all text and interactive controls are properly labeled and announced

Business Value

Explicit consent for personnummer sharing is both a GDPR legal requirement and an ethical obligation when handling Norwegian national identity numbers. Partner organizations currently lack personnummer data for many members, which prevents accurate Bufdir reporting and causes administrative overhead. Solving this through opt-in consent during Vipps Login is a clean, user-respecting solution that simultaneously resolves a compliance gap and improves data quality.

Components

Dependencies

BankID and Vipps Login
Related Feature
Peer Mentor (Likeperson)
User Role