Page tree
Skip to end of metadata
Go to start of metadata

Notes from Code of Conduct InfoShare

34 attendees

slides

Q&A:

 GDPR is a law – what does the CoCo add?

  • GDPR gives extra powers to an approved code of conduct (see slide 5)

 Monitoring Body – what should it do and can GÉANT do it?

  •  a 3-tier model has been planned for GEANT CoCo:
    • Level 1: CoCo monitor that makes automated technical checks to eduGAIN metadata
    • Level 2: Regular self assessments carried out by the SP administrators, potentially with an online tool
    • Level 3: Ability to lodge a complaint to the monitoring body
  • Outcome of a monitoring failure would be loss of the CoCo tag

What would be the timescale?

  • We can only give estimates
  • For “option 1”: Non-international could be submitted in Autumn 2020.  Likely to take a year or so to pass through Dutch DPA and EDPB.
  • For “option 2”: International transfers could take a few years, we don't know when EDPB will publish the guidelines for international transfers. 

What about the non-EU if we go ahead with “option 1”?

  • Can we have a best practice for non-EU and approved “official” for EU?
  • Yes but only approved codes provide appropriate safeguards for international transfers

Can we put pressure to move faster?

  • Unlikely unless this comes from the EC. 

Summary of the prefered options, from people that expressed their opinion during the infoshare:

  • Option 1 was preferred one for four persons. 
  • On the question by Nicole if people felt that “option 1” should not be taken, nobody came forward.

  

Comments from the chat:

10:22:42         From *** : Question: any idea when those guidelines will become available ?

10:23:56         From *** : Did your answer got an answer?

10:24:16         From *** : kind of :)

10:25:14         From *** : I think a CoCo *with* a blessing from the official authorities would really add some value. So stopping is not a good idea IMO.

10:25:30         From *** : I agree with *** on this

10:25:54         From *** : +1

10:26:16         From ***: Since a lot of work has already been done and it's unclear when those guidelines would become available, I would be in favour of option 1. It's really unfortunate for all non-EU SPs :(

10:26:46         From ***: Option 3: ‘publish the current CoCo t’ =that is the updated version isn’t it?

10:26:56         From ***: I would also opt to proceed with the blessing of the official authorities. So option 1

10:27:39         From ***: Option 2 could take long

10:27:41         From ***: Question: any idea what a monitoring body should actually do? Is GEANT up for that task?

10:31:09         From ***: thanks :)

10:31:17         From ***: Also think Option 1 is the best. If there is a committment to update the new version as soon as guidelines etc. are ready, option 1 is not worse for Non-EU SPs than option 2...

10:35:03         From ***: Is there any direct effects of applying option 1 on non EU members?

10:36:30         From ***: I guess independent entities (approved by the monitoring body) should be able to perform compliance audits, to give a level of trust to this attachment

10:37:02         From ***: Could CoCo v1 and v2  co-exist for this interim period?

10:37:35         From ***: Was thinking about that too

10:41:49         From ***: UKf has a few Eps with code-of-conduct & there’s no guarantee we’ll have data adequacy agreement post-brexit

10:44:58         From ***: Thank you for the good presentation!

10:45:26         From ***: Excellent presentation - very clear, thanks !

10:45:37         From ***: Thanks all

10:45:37         From ***: Thanks Mikael and Nicole

10:45:39         From ***: Thank you, very interesting!

10:45:39         From ***: Thanks!

10:45:41         From ***: Thanks!

10:45:44         From ***: Thank you!

10:45:44         From ***: Thanks all

  • No labels