Download
1 / 7
70 likes | 83 Views
Explore the interpretation of the Data Protection Directive, WP29 guidelines, and best practices for privacy in federations. Learn about personal data processing, attribute release, user consent, cross-Atlantic confederations, and TERENA's role.
E N D
Federations, the Data Protection Directive and WP29 TF-EMC2 Mikael Linden, mikael.linden@csc.fi CSC, the Finnish IT Center for Science
Open questions • What is personal data? • e.g. is eduPersonTargetedID Personal Data? (-> library services!) • Purpose of processing personal data? • US: inCommon<->eAuthentication, is that possible in Europe? • Relevance of the attributes released? • How to define/measure relevance of an attribute? • User consent for attribute release? • opting-in for attribute release • How to make the consent informed? • In Finland we provide end user the Privacy Policy of the SP in advance • How to tackle attribute release to third countries? • countries ”without adequate level of data protection” • for example, to the US
The short history of the topic • In TNC2005 my paper on how Haka federation interprets the Data Protection Directive • http://www.terena.nl/events/tnc2005/programme/presentations/show.php?pres_id=77 • Haka’s interpretation is based on discussions with the Finnish Data Protection Ombudsman • Discussion in TF-EMC2/Barcelona and afterwards in the refeds mailing list • How to find a European-wide interpretation of the directive? • in October, I asked the Finnish data protection ombudsman how to proceed • WP29 is the authorative body in EU • WP29 has a meeting in 1st of February
Article 29 Working Party (WP29) • defined in article 29 of the Data Protection Directive • objectives (excerpts) • ”To promote the uniform application of the general principles of the Directives in all Member States” • ”To make recommendations to the public at large, and in particular to Community institutions…” • consists of national supervisory authorities • Chaired by Peter Schaar of Germany • secretariat of two persons in Brussels • http://europa.eu.int/comm/justice_home/fsj/privacy/workinggroup/index_en.htm
WP29 and the Working Documents To communicate its views, WP29 uses to publish Working Documents For example • WP109: Working Programme 2005 • http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2005/wp109_en.pdf • read it to get an idea! (just 3 pages) • WP68: Working Document on on-line authentication services • http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp68_en.pdf • 1/2003 • in essence, about MS Passport and early Liberty specs
Best practices/common guidelines for privacy in federations in Europe? • to make writing policies for national federations easier • no need to make things from scratch • to ease bridging national federations together • make national policies are comparable to some extent • eduGAIN • to ease things when going out of EU (e.g. the US) • ”one EU instead of 25 EU member states” • cross-atlantic confederations • library content providers in the US
The role of TERENA? TERENA Mission and Objectives Statement • … • …TERENA represents the common interests and opinions of its member organisations in contacts with governments,… • …TERENA advises the European Commission, national governments and other authorities on policy and technical matters related to support for the development of research and education networking infrastructures, services and applications….
