Please note this is a summary of the reasoning behind approaches taken to attribute release by federations, with particular reference to the REFEDS Research and Scholarship Entity Category. It does not constitute legal advice but does point to legal documentation that can be used to support the ideas in this process. All federations and organisations should take appropriate legal advice but are free to use this information to support arguments and processes. For more information see: https://refeds.org/research-and-scholarship
|Table of Contents|
A. Useful Information Sources
Any organisation that processes personal data needs to have a legal justification for doing so. Personal data is defined in GDPR as "information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
Practically speaking this may mean government id card information, computer IP address, social media account name as well as personal name, telephone, address etc. The Research and Scholarship Entity Category recommended by REFEDS supports minimal disclosure of a few elements of personal data to support access to resources (an identifier, name, email address).
There are 6 use-cases in which you can share personal data within the EU. These remain the same from the pre-GDPR Directive and within the GDPR (Article 6).