Andreas Schneider, as an individual working for Sachsen DPA
Marcus Hild, as an individual working for Austrian DPA
Patrick van Eecke, DLA Piper
Valter Nordh, Sunet
Mikael Linden, CSC
Peter Schober, Vienna University
- Andreas and Marcus emphasised they were not formally representing WP29 in the meeting
- CoCo should contain more practical advices on how to conform to the data protection laws
- current CoCo just repeats the wording of directive
- instead the CoCo should fill the gap between the abstract law and practical things in reality
- goal is to make it easy for an SP to understand what do the data protection laws expect them to do
- we should present what alternative ways an SP can have to meet the requirements of the law
- perhaps extract something from the explanatory memorandum and the CoCo web in the REFEDS wiki and make it integral part of the CoCo
- "20 pages instead of 4 pages"
- what is now in REFEDS wiki looks more like what a code of conduct should contain
- a list of possible attributes to be transferred based on the CoCo would be good
- now the signal is vague; on the other hand the list of attributes is very innocuous (name, uniqueID, e-mail, affiliation) but on the other hand we appear to want to leave the door open for transferring more personal data which makes DPAs suspicious
- "You are lucky when you don't need much personal data"
- we haven't wanted to define an exhaustive list because if we then come up with a new attribute we needed to bring it to WP29 for approval
1 Comment
Nicole Roy
Thanks Mikael, this is good info. I hold out great hope for wider/scalable attribute release based on the comment
Has there been any thought about how this might play out to our advantage for global scalable attribute release in the context of eduGAIN (and now that Safe Harbor has been rescinded?)