[Fim4l] RA21's endorsement of the GEANT Data Protection Code of Conduct

Peter Schober peter.schober at univie.ac.at
Thu Apr 4 18:24:49 CEST 2019

* Heather Flanagan <hlf at sphericalcowconsulting.com> [2019-04-04 16:40]:
> I wrote up a blog post
> <https://ra21.org/index.php/2019/02/28/ra21-adopts-refeds-data-protection-code-of-conduct/>
> on the RA21 website about this. 

Ignoring other nonsensical parts of that endorsement (about applying a
document that specifically says it's only for EU/EEA "globally,
regardless of the location") my issue with v1 vs. v2 is this:

> On 31 January 2019, the RA21 Security and Privacy Work Group voted
> to endorse the GEANT Data Protection Code of Conduct v1 (the current
> approved version)

"Approved" by whom? Codes of conduct (in both the current and the
previous European Data Protection regime) only become legal
instruments if they are approved by the data protection authorities.
And v1 was never approved as I explained in my previous post.

Now, other groups may have "approved" the v1 version but that just
means "We agree that this is a good idea and we support that it may be
submitted to the authorities in the hopes that it may be approved by

But claiming v1 to be an "approved Code of Conduct" (to raise it above
a "draft" v2) is mispresenting the status of v1 and ignoring all the
work the community has put into creating an improved v2.


More information about the FIM4L mailing list