Dear all,
thanks a lot, Heather, for the details regarding RA21's endorsement of the GEANT Data Protection Code of Conduct. Thanks, Peter, for your comments. Regardless of version GEANT Data Protection Code of Conduct creates a framework helping to fix current issues with attributes release to library service providers. Looking forward to fine tune our recommendations and guidelines in next call.
Sunny regards
Jiri
On Thu, Apr 4, 2019 at 8:19 PM Peter Schober peter.schober@univie.ac.at wrote:
- Heather Flanagan hlf@sphericalcowconsulting.com [2019-04-04 18:40]:
Ignoring other nonsensical parts of that endorsement (about applying a document that specifically says it's only for EU/EEA "globally, regardless of the location") my issue with v1 vs. v2 is this:
I disagree with your categorization that endorsing the principles of a document is nonsense.
The section I specifically referred to is this:
"[T]he RA21 Security and Privacy Work Group voted to endorse the GEANT Data Protection Code of Conduct v1 (the current approved version) and further stated that this should apply globally"
That does not say that you endorse /the principles/ of the v1 CoCo nor does it say that you encourage to apply /the principles/ of that document globally. It says you endorse the v1 coco (which is of course welcome, but misguided IMHO, but we can easily disagree on that) and it says -- and that's the main gripe I have -- that "this" (meaning the v1 CoCo) should be applied globally. Which I continue to claim is not possible and does therefore not make sense.
The GEANT Data Protection Code of Conduct v1 was approved in June 2013 by the eduGAIN Technical Steering Group and announced as such on the REFEDS mailing list. Did that make it a legal document? No. But it set a solid marker on what consists of v1 versus future work.
Since even the term and document title "Code of conduct" (i.e., in the current context) comes directly from a legal document (the EU Data Protection Directive and now the Regulation) I read the term "approved" next to it with the same terminological meaning.
We did not misrepresent the status of v1, thus the emphasis on principles and not an assumption of legal language
Well, it's only at the end of that news entry (from "While" to "today.") that principles and v1's obsolete status are mentioned, far from being "the emphasis".
And again if all you want are principles why not take them from v2? Those principles are not up for discussion nor change, whatever amendments the data protection authorities may demand for v2.
Mikael Linden and Nicole Harris were on the RA21 S&P call to discuss this with the group; the decisions were not made without expert consultation.
While I'm surprised to hear that maybe that just means I'm just a stickler for words (and others are not). ;)
As I said I wouldn't have bothered to even comment if the text had said that RA21 subgroup encouraged to apply the principles of v1 (e.g. as highlighted in the "Key points" of the news entry) -- those are the principles of data protection as such! Hard not to agree with those principles (unless you're Facebook, I guess).
Cheers, -peter _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l