[Fim4l] RA21's endorsement of the GEANT Data Protection Code of Conduct

Jiri Pavlik jiri.pavlik at mzk.cz
Fri Apr 5 10:03:36 CEST 2019

Dear all,

thanks a lot, Heather, for the details regarding RA21's endorsement of
the GEANT Data Protection Code of Conduct.
Thanks, Peter, for your comments. Regardless of version GEANT Data
Protection Code of Conduct creates a framework
helping to fix current issues with attributes release to library
service providers. Looking forward to fine tune our recommendations
and guidelines in next call.

Sunny regards


On Thu, Apr 4, 2019 at 8:19 PM Peter Schober <peter.schober at univie.ac.at> wrote:
> * Heather Flanagan <hlf at sphericalcowconsulting.com> [2019-04-04 18:40]:
> > > Ignoring other nonsensical parts of that endorsement (about applying a
> > > document that specifically says it's only for EU/EEA "globally,
> > > regardless of the location") my issue with v1 vs. v2 is this:
> >
> > I disagree with your categorization that endorsing the principles of
> > a document is nonsense.
> The section I specifically referred to is this:
>   "[T]he RA21 Security and Privacy Work Group voted to endorse the GEANT
>   Data Protection Code of Conduct v1 (the current approved version)
>   and further stated that this should apply globally"
> That does not say that you endorse /the principles/ of the v1 CoCo nor
> does it say that you encourage to apply /the principles/ of that
> document globally. It says you endorse the v1 coco (which is of course
> welcome, but misguided IMHO, but we can easily disagree on that) and
> it says -- and that's the main gripe I have -- that "this" (meaning
> the v1 CoCo) should be applied globally.
> Which I continue to claim is not possible and does therefore not make
> sense.
> > The GEANT Data Protection Code of Conduct v1 was approved in June
> > 2013 by the eduGAIN Technical Steering Group and announced as such
> > on the REFEDS mailing list. Did that make it a legal document?
> > No. But it set a solid marker on what consists of v1 versus future
> > work.
> Since even the term and document title "Code of conduct" (i.e., in the
> current context) comes directly from a legal document (the EU Data
> Protection Directive and now the Regulation) I read the term
> "approved" next to it with the same terminological meaning.
> > We did not misrepresent the status of v1, thus the emphasis on
> > principles and not an assumption of legal language
> Well, it's only at the end of that news entry (from "While" to
> "today.") that principles and v1's obsolete status are mentioned, far
> from being "the emphasis".
> And again if all you want are principles why not take them from v2?
> Those principles are not up for discussion nor change, whatever
> amendments the data protection authorities may demand for v2.
> > Mikael Linden and Nicole Harris were on the RA21 S&P call to discuss
> > this with the group; the decisions were not made without expert
> > consultation.
> While I'm surprised to hear that maybe that just means I'm just a
> stickler for words (and others are not). ;)
> As I said I wouldn't have bothered to even comment if the text had
> said that RA21 subgroup encouraged to apply the principles of v1
> (e.g. as highlighted in the "Key points" of the news entry) -- those
> are the principles of data protection as such!
> Hard not to agree with those principles (unless you're Facebook, I guess).
> Cheers,
> -peter
> _______________________________________________
> FIM4L mailing list
> FIM4L at lists.daasi.de
> http://lists.daasi.de/listinfo/fim4l

More information about the FIM4L mailing list