...
- Andreas and Marcus emphasised they were not formally representing WP29 in the meeting
- CoCo should contain more practical advices on how to conform to the data protection laws
- current CoCo just repeats the wording of directive
- instead the CoCo should fill the gap between the abstract laws law and practical things in reality
- goal is to make it easy for an SP to understand what do the data protection laws expect them to do
- we should present what alternative ways an SP can have to meet the requirements of the law
- perhaps extract something from the explanatory memorandum and the CoCo web in the REFEDS wiki and make it integral part of the CoCo
- "20 pages instead of 4 pages"
- what is now in REFEDS wiki looks more like what a code of conduct should contain
- a list of possible attributes to be transferred based on the CoCo would be good
- now the signal is vague; on the other hand the list of attributes is very innocuous (name, uniqueID, e-mail, affiliation) but on the other hand we appear to want to leave the door open for transferring more personal data which makes DPAs suspicious
- "You are lucky when you don't need much personal data"
- we haven't wanted to define an exhaustive list because if we then come up with a new attribute we needed to bring it to WP29 for approval