Duplicate DSR detection
Fides can automatically detect and suppress duplicate Data Subject Requests (DSRs). When enabled, any new privacy request that matches an existing one — same identity, same request type, within a configured time window — is automatically labeled Duplicate and skipped without processing.
How duplicate detection works
When a new privacy request is received, Fides checks whether there are any existing requests that match on:
- Identity fields — by default, the requester's email address. Can be extended to include additional fields such as phone number.
- Policy — only requests submitted under the same policy are compared. Different policies of the same type (e.g., two different access policies) are treated separately.
- Time window — only requests submitted within the configured lookback period are considered (default: 365 days).
If a match is found, Fides groups the requests together and then applies the following priority rules to decide which request is the canonical (authoritative) one:
| Priority | Condition | Outcome |
|---|---|---|
| 1 | An existing request in the group is already actioned (approved, in processing, paused, awaiting email send, requires input, requires manual finalization, or error) | New request is marked Duplicate |
| 2 | An existing request in the group has a verified identity and this request does not | New request is marked Duplicate |
| 3 | This request is the first to have its identity verified | This request is canonical and will not be marked as a duplicate; other unverified requests are marked Duplicate |
| 4 | No requests have verified identities — the oldest request in the group is canonical | Newer matching requests are marked Duplicate |
Duplicate requests are assigned a "Duplicate" status and are automatically skipped during execution. Their activity log will record a Duplicate Request Detection entry explaining which canonical request caused the duplicate label.
Configuring duplicate detection
Duplicate detection is disabled by default. To enable it:
- Navigate to Settings → Privacy requests
- Scroll to the Duplicate detection section
- Toggle Enable duplicate detection on
- Set the Duplicate detection window (days) — the number of days to look back when comparing requests (minimum: 1, maximum: 3,650)
- Click Save
The default time window is 365 days (1 year). Set it to match your organization's typical request lifecycle or regulatory obligations.
Advanced configuration
The identity fields used for matching can be extended via the API or environment variables. By default only email is used. To match on additional fields, set the match_identity_fields configuration:
Environment variable:
FIDES__PRIVACY_REQUEST_DUPLICATE_DETECTION__MATCH_IDENTITY_FIELDS=["email","phone_number"]API
{
"privacy_request_duplicate_detection": {
"enabled": true,
"time_window_days": 365,
"match_identity_fields": ["email", "phone_number"]
}
}Viewing duplicate requests
When duplicate detection is enabled and duplicates exist, the Request Manager displays a "X duplicate requests" button above the request list. Clicking it filters the view to show only requests with a Duplicate status.
You can also filter for duplicates manually:
- Navigate to Privacy Requests → Request Manager
- Use the Status filter and select Duplicate
Understanding a duplicate request
To see why a specific request was marked as a duplicate:
- Click on the request to view its details
- Select View Logs
- Click on an Event log row with the skipped status
- Copy the duplicate request ID
- Return to the Request Manager page
- Search for the duplicate request using the ID copied in step 4
Workflow for handling duplicates
Once a request is marked Duplicate, no further action is typically required — Fides skips it automatically. However, depending on your organization's process you may want to take action on them.
Bulk actions on duplicate requests
Duplicate requests support the same bulk actions as pending requests. To act on multiple duplicates at once:
- Navigate to Privacy Requests → Request Manager
- Filter by Status: Duplicate (or click the "X duplicate requests" button)
- Use the Select all checkbox to select all visible requests, or check individual requests
- Open the bulk actions dropdown and choose an action:
- Deny — formally deny the requests (a denial reason is required). This is the recommended action when you want a clear audit trail showing the requests were reviewed and dismissed.
- Delete — remove the requests from view. Use this to clean up noise when the duplicates are clearly redundant.
- Approve — re-queue the requests for processing. Use this if a request was incorrectly labeled as a duplicate and needs to be fulfilled.
Other handling options
- Leave them — Duplicates are already suppressed from processing. If your team reviews them periodically, they can remain as an audit record without any further action.
- Check the canonical request — Use the ID from the duplicate's events log to find the related canonical request and verify it is progressing correctly.
- Re-evaluate configuration — If legitimate requests from the same person are being incorrectly flagged (e.g., two people sharing the same email address, or a re-submission after a previous request errored), consider adjusting the time window or consulting your Fides administrator to review the configuration.