[Fim4l] RA21's endorsement of the GEANT Data Protection Code of Conduct

Peter Schober peter.schober at univie.ac.at
Thu Apr 4 18:12:09 CEST 2019 

* Heather Flanagan <hlf at sphericalcowconsulting.com> [2019-04-04 16:40]:
> That said, they were only willing to endorse version 1, as version 2
> is still considered a draft. Version 1 does not apply to Service
> Providers outside the EU, and does not cover GDPR, but the
> principles of data minimization, etc, are important in and of
> themselves to endorse in any federated service.

FWIW: It is my understanding that v2 is done for all matters and
intents with only the question of the "monitoring body" being open.

Of course it will then be presented to the European Data Protection
Authority and may require further changes before it might be
approved.
(v1 is only "done" and stable because it will never again be presented
to anyone for approval since it does not represent the state of the
law nor of our work in this area.)

So technically you're right that v2 is not published/final/"done".
*But* v1 was never approved by the authorities either, because at the
time we were submitting it it was already clear that the Data
Protection Directive (aka 95/46/EC) would be replaced "soon" and so no
decisions were being made by the authorities under the "old" rules
(and no decisions under the "new" rules could be made by those
authorities since those new rules did not exist back then).

Both are equally not legally valid approved Codes of Conduct today.
But v2 may be in the future and is is based on the current legal
regime and community inputs.  Whereas v1 will never be and is based
on an obsolete, irrelevant legal regime.
I know which version I'd chose to endorse today (a hint: something
that's not already irrelevant) but RA21's opinion differed, obviously.

Your argument that the data protection principles in v1 are still
solid could also be used to endores v2 today as its data protection
principles and formulations are at least as solid and more fleshed out
than v1's, and v2 also provides more practical guidance for
implementers, to name just one improvement requested by the "then"
authorities.

-peter

More information about the FIM4L mailing list