...
| Issue | Discussion | Review of R&S |
|---|---|---|
| Put in Place Safeguards | Data minimisation (necessary), privacy enhancing technologies (for example pseudonyms), transparency and a right to opt-out. | R&S addresses all of these areas. The Code of Conduct also has information on necessary attributes. We'd also recommend reviewing the Privacy Notice of an SP and encouraging them to populate privacy statement URL in metadata. |
| Balance the Rights of Data Subjects and the Rights of Data Controllers | Ensures the necessary flexibility for data controllers for situations where there is no undue impact on data subjects, while at the same time providing sufficient legal certainty and guarantees to data subjects that this open-ended provision will not be misused. The stronger the legitimate interest being pursued by the data controller and the less harm the processing does to the interests of the data subject, the greater the likelihood that the activity will be lawful. | R&S addresses this by limiting the types of services that are allowed to claim this category and focusing on low-risk services that have a clearly identifiable need for personal information such as wikis etc. |
| Impact Management | Impact on the individual will depend on the nature of the personal information, how it is processed and what the individual would reasonably expect. | Controlled in the R&S use case by minimal attribute sets and stress on the concept that attribute must not be asked for if it is not needed. |
| Define the "legitimate" reasons? | Norms in the community concerned falls in to this definition, as does the idea of both parties wishing to provide and receive access. Those claiming legitimate interest should be able to explain their interest and how it satisfies this balancing test | R&S provides this reason in its definition to support the process and to ensure that release is happening against an agreed set of criteria. |
| Ensure Transparency | Relying on legitimate interests still means users have to be informed about what their personal information is being used for. Privacy notices should still be put in place by IdPs and SPs. | Transparency is provided by keeping lists of SPs in this category and clear descriptions of what is being released. |
| Case-by-Case | Legitimacy must be ensured for each service. | Each SP is considered on a case-by-case basis by the federation in question and reviewed annually. |
...