[Fim4l] RA21's endorsement of the GEANT Data Protection Code of Conduct

Peter Schober peter.schober at univie.ac.at
Thu Apr 4 20:18:53 CEST 2019

* Heather Flanagan <hlf at sphericalcowconsulting.com> [2019-04-04 18:40]:
> > Ignoring other nonsensical parts of that endorsement (about applying a
> > document that specifically says it's only for EU/EEA "globally,
> > regardless of the location") my issue with v1 vs. v2 is this:
> I disagree with your categorization that endorsing the principles of
> a document is nonsense. 

The section I specifically referred to is this:

  "[T]he RA21 Security and Privacy Work Group voted to endorse the GEANT
  Data Protection Code of Conduct v1 (the current approved version)
  and further stated that this should apply globally"

That does not say that you endorse /the principles/ of the v1 CoCo nor
does it say that you encourage to apply /the principles/ of that
document globally. It says you endorse the v1 coco (which is of course
welcome, but misguided IMHO, but we can easily disagree on that) and
it says -- and that's the main gripe I have -- that "this" (meaning
the v1 CoCo) should be applied globally.
Which I continue to claim is not possible and does therefore not make

> The GEANT Data Protection Code of Conduct v1 was approved in June
> 2013 by the eduGAIN Technical Steering Group and announced as such
> on the REFEDS mailing list. Did that make it a legal document?
> No. But it set a solid marker on what consists of v1 versus future
> work.

Since even the term and document title "Code of conduct" (i.e., in the
current context) comes directly from a legal document (the EU Data
Protection Directive and now the Regulation) I read the term
"approved" next to it with the same terminological meaning.

> We did not misrepresent the status of v1, thus the emphasis on
> principles and not an assumption of legal language

Well, it's only at the end of that news entry (from "While" to
"today.") that principles and v1's obsolete status are mentioned, far
from being "the emphasis".

And again if all you want are principles why not take them from v2?
Those principles are not up for discussion nor change, whatever
amendments the data protection authorities may demand for v2.

> Mikael Linden and Nicole Harris were on the RA21 S&P call to discuss
> this with the group; the decisions were not made without expert
> consultation.

While I'm surprised to hear that maybe that just means I'm just a
stickler for words (and others are not). ;)

As I said I wouldn't have bothered to even comment if the text had
said that RA21 subgroup encouraged to apply the principles of v1
(e.g. as highlighted in the "Key points" of the news entry) -- those
are the principles of data protection as such!
Hard not to agree with those principles (unless you're Facebook, I guess).


More information about the FIM4L mailing list