* Heather Flanagan hlf@sphericalcowconsulting.com [2019-04-04 16:40]:
I wrote up a blog post https://ra21.org/index.php/2019/02/28/ra21-adopts-refeds-data-protection-code-of-conduct/ on the RA21 website about this.
Ignoring other nonsensical parts of that endorsement (about applying a document that specifically says it's only for EU/EEA "globally, regardless of the location") my issue with v1 vs. v2 is this:
On 31 January 2019, the RA21 Security and Privacy Work Group voted to endorse the GEANT Data Protection Code of Conduct v1 (the current approved version)
"Approved" by whom? Codes of conduct (in both the current and the previous European Data Protection regime) only become legal instruments if they are approved by the data protection authorities. And v1 was never approved as I explained in my previous post.
Now, other groups may have "approved" the v1 version but that just means "We agree that this is a good idea and we support that it may be submitted to the authorities in the hopes that it may be approved by them".
But claiming v1 to be an "approved Code of Conduct" (to raise it above a "draft" v2) is mispresenting the status of v1 and ignoring all the work the community has put into creating an improved v2.
-peter