3524394 - How to Update the Data Privacy Consent Statement via ODATA API - Recruiting Management

This article describes how to update the Data Privacy Consent Statement of an existing candidate via ODATA API or accept the Data Privacy Consent Statement on behalf of the candidate via ODATA API. Note: This enhancement is only for External Candidates. 

This is especially useful for accepting the DPCS on behalf of candidates created via Candidate > ADD CANDIDATE. 

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

SAP SuccessFactors Recruiting Management

Prerequisites: There should be a Data Privacy Statement setup in Admin Center > Data Privacy Statement for your External Candidates' countries. 

IMPORTANT NOTE: You can accept the DPCS on behalf of a newly created candidate or decline the DPCS for a candidate that has accepted the DCPS before.

Declining the DPCS would anonymize the candidate. Once this is done, this is irreversible. Moreover, you cannot accept the DPCS for a candidate that is already anonymized or has declined DPCS already.  

GETTING THE STATEMENT ID

a. Perform a query against the instance to get the statement ID of the Data Privacy statement from Admin Center > Data Privacy Statement. The statement ID is unique for the instance and the statement ID of the statement for all locales will be the same. 

GET: https://<endpoint URL>/rest/security/privacy/v1/statements?type=recruiting_external&country=USA

Note: The statement 'type' should be 'recruiting_external' as the candidates being updated are EXTERNAL candidates. The 'country' should be the three-letter country code of the country for which your Data Privacy Statement is setup. The endpoint URL depends on the instance's data center -  KBA 2215682.

b. Sample Output: In this sample, you will see that the Data Privacy statement is setup for 2 locales 'default' and 'en_GB', while the statement ID is 216. This is important for the updating the candidates' DPCS via API.

RESPONSE:

{
    "id": 216,
    "version": 6,
    "customFieldType": null,
    "template": {
        "id": 1,
        "name": "External Data Privacy Statement",
        "type": 2,
        "status": 1,
        "forceAccept": 0
    },
    "contents": [
        {
            "id": 256,
            "statementId": 216,
            "locale": "default",
            "title": "Privacy Statement – Careers",
            "content": "<font face=\"Times New Roman\" size=\"3\">\n\n</font><p style=\"margin: 0in 0in 8pt;\"><span style='background: white; color: black; line-height: 107%; font-family: \"Arial\",sans-serif; font-size: 9pt;'>I understand that my data will\nbe visible to all Company recruiters and HR personnel. I agree that my data may\nbe shared, at the Company's discretion, with hiring managers considering me for\npotential future positions.</span></p><font face=\"Times New Roman\" size=\"3\">\n\n</font>"
        },
        {
            "id": 257,
            "statementId": 216,
            "locale": "en_GB",
            "title": "Privacy Statement – Careers",
            "content": "<font face=\"Times New Roman\" size=\"3\">\n\n</font><p style=\"margin: 0in 0in 8pt;\"><span style='background: white; color: black; line-height: 107%; font-family: \"Arial\",sans-serif; font-size: 9pt;'>I understand that my data will\nbe visible to all Company recruiters and HR personnel. I agree that my data may\nbe shared, at the Company's discretion, with hiring managers considering me for\npotential future positions.</span></p><font face=\"Times New Roman\" size=\"3\">\n\n</font>"
        },
            ],
    "attributes": [
        {
            "id": 218,
            "statementId": 216,
            "attributeName": "as_default",
            "attributeValue": "1",
            "displayValue": null
        },
        {
            "id": 219,
            "statementId": 216,
            "attributeName": "assigned_country",
            "attributeValue": "AGO",
            "displayValue": null
        }
    ]
}

c. Afterwards, update the candidate's DPCS status via ODATA API.

UPDATING THE CANDIDATE'S DPCS STATUS

POST: https://<endpoint URL>/rest/security/privacy/v1/acknowledgements

{
  "type": "RECRUITING_EXTERNAL",
  "statementId": 217,
  "subjectId": "3558",
  "action": 1
}

Note: This is in JSON format.

SAMPLE RESPONSE:

You will not see any successful message in the output, just simply status 1 and the statementId.

Notes: The sample above is accepting the Data Privacy Statement (ID 217) for Candidate ID 3558.

• 'type': RECRUITING_EXTERNAL as the candidates are external candidates.
• 'statementId': <number> is the unique identifier of your Data Privacy Statement.
• 'subjectId': <number> is the candidate ID.
• 'action': 1 is for accept and 2 is for decline. 

d. This would set the agreeToPrivacyStatement's value to true.

e. You can also confirm the Candidate DPCS status via Admin Center >  Set DPCS Statement Status.

ADDITIONAL NOTES:

a. If the country is not provided when you query the statement, you will encounter an error: Required request parameter 'country' for method parameter type String is not present.

Sample: https://<endpoint URL>/rest/security/privacy/v1/statements?type=recruiting_external&country= 
Sample: https://<endpoint URL>/rest/security/privacy/v1/statements?type=recruiting_external

b. If you provide an invalid statement ID when you update an acknowledgement, you will encounter an error: Statement not found

c. If you provide an invalid candidate ID when you update an acknowledgement, you will encounter an error: Invalid subjectId. Please provide a valid candidate ID.

Note: This error will appear when you try to update the DPCS of an internal candidate or with an invalid candidate ID.

WNV: Enhancements to Data Privacy Consent Statement APIs

2H2024, PLA-46056, PLA-46102, update, accept, decline, Data Privacy Consent Statement, DPCS, ODATA API, API, RCM, Recruiting Management , KBA , LOD-SF-RCM-CAN , General Candidate Issues (not Offers, not Profiles) , How To