data protection code of conduct for service providers dp
play

Data Protection Code of Conduct for Service Providers (DP CoC) VAMP - PowerPoint PPT Presentation

Mar 19, 2023 •217 likes •396 views

Data Protection Code of Conduct for Service Providers (DP CoC) VAMP workshop 7.9.2012 Mikael.Linden@csc.fi eduGAIN policy subtask and REFEDS attribute release workgroup Innovation through participation Outline Problem statement Goal of the

  1. Data Protection Code of Conduct for Service Providers (DP CoC) VAMP workshop 7.9.2012 Mikael.Linden@csc.fi eduGAIN policy subtask and REFEDS attribute release workgroup Innovation through participation

  2. Outline Problem statement Goal of the Code of Conduct Introduction to the Data protection directive Data protection Code of Conduct approach Innovation through participation

  3. The data protection risk in Federated identity management Home Service Attributes = organisation Provider personal data (IdP) (SP) (unique ID, name, mail, eduPersonAffiliation…) Home organisation may become partly liable for a Service Provider’s misbehaviour. – E.g. the SP is hacked and personal data spills to the Internet => Home Organisations hesitate to release attributes The key law in European Union: Data Protection Directive Innovation through participation

  4. Goal of the DP CoC Ease the release of attributes from Home Organisations (HO) to Service Providers (SP) => Make it easier for end users to log into SPs (in different federations/countries/jurisdictions) Try to make it in a way which is sufficiently compliant with the EU data protection directive Balance the risk of non-compliance with value of easy collaboration Sharing related responsibilities between the HO and SP Remain scalable when the # of HOs and SPs grows Try to reduce Home Organisations’ hesitation to release attributes Seek for ways to avoid HOs becoming liable for SP’s misbehaviour Cf. ”FIM4R” speak by David Kelsey Innovation through participation

  5. EU Data protection directive and federations Innovation through participation

  6. EU Data protection directive Definitions Personal data : ”any information relating to an identified or identifiable natural person” Lawyer: assume any attribute (ePTID and even eduPersonAffiliation) counts as personal data Processing of personal data : ”any operation or set of operations on personal data, such as collection, …, dissemination,… etc” Both HO and SP processes personal data Data Controller : organisation ”which alone or jointly with others determines the purposes and means of the processing of personal data” HO and SP (usually) are data controllers Federation (and interfederation) may be joint data controller Innovation through participation

  7. EU Data protection directive Obligations to data controllers (1/3) Security of processing The controller must protect personal data properly Level of security depends e.g. on the sensitivity of attributes => Federation policies, use of TLS and endpoint authentication, federation operator’s practices… Purpose of processing Must be defined beforehand You must stick to that purpose => Purpose of processing in HOs: ~to support research and education => SPs’ purpose of processing must not conflict with this Innovation through participation

  8. EU Data protection directive Obligations to data controllers (2/3) Relevance of personal data Personal data processed must be adequate, relevant and not excessive SPs must request and IdPs must release only relevant attributes => md:RequestedAttribute Controller must inform the end user when attributes are released for the first time SP’s name and identity (=>mdui:Displayname, mdui:Logo) SP’s purpose (=>mdui:Description) Categories of attributes processed (=> uApprove or similar) Any other information (mdui:PrivacyStatementURL) Layered notice! Innovation through participation

  9. EU Data protection directive Making data processing legitimate User consents, or a. Processing is necessary for performance of a contract to which the b. user is a subject, or The controller has a legal obligation to process personal data, or c. Necessary for vital interests of the user, or d. Necessary for a task carried out in public interest, or e. Necessary for the legitimate interests of the data controller f. Lawyer: Use (f): the SP has legitimate interests to provide service to the user When the user expresses his willingness to use the service (e.g. by clicking ”log in” link) Innovation through participation

  10. Summary: EU data protection directive in very short Process personal data securely Use personal data only for a pre-defined purpose Inform the user Data minimisation (Minimal disclosure) Service Provider’s legitimate interests as the legal grounds If attributes released out of EU/EEA , some more paperwork needed Federations seem to be coverging on these interpretations The proposed General Data Protection Regulation does not change the big picture, but there are some updates Innovation through participation

  11. GEANT Data Protection Code of Conduct approach Innovation through participation

  12. Data Protection Code of Conduct approach Learn SP’s commitment SP Code of Sign&publish HO SP Conduct Learn SP’s commitment Sign&publish relating to HO SP personal data Learn SP’s commitment Sign&publish HO SP processing Voluntary to SPs (but SPs have interest to sign to receive attributes) Voluntary to Home Orgs to rely on (but may ease IdP admin’s work) Nothing binds to GEANT/eduGAIN only could be used internally in a federation, too It’s not so difficult! Innovation through participation

  13. The SP Code of Conduct details Version 21 June 2012: https://refeds.terena.org/index.php/Code_of_Conduct_for_Service_Provi ders Exposed to public consultation 6-8/2012 Updated version to be published No major changes expected Innovation through participation

  14. Technical implementation SPs MUST populate in their metadata Mdui:DisplayName, mdui: Description, mdui:PrivacyStatementURL (Mdui:Logo is MAY) Md:RequestedAttributes (with isRequired=”true”) Two Entity Attributes – a link to a signed copy of the Code of Conduct for SPs – SP’s jurisdiction SP’s Home Federation makes some sanity checks Links resolve to proper existing documents etc Federations just mediate SPs’ metadata to the IdPs IdPs SHOULD present a GUI to inform the user of the attribute release c.f. uApprove Innovation through participation

  15. Documents supporting the CoC Normative: Code of Conduct for Service Providers <= the document SAML 2 Profile for the Code of Conduct Informative: Introduction to Data protection directive Introduction to Code of Conduct Managing data protection risks Privacy policy guidelines for Service Providers What attributes are relevant for a Service Provider Data protection good practice for Home Organisations Federation operator's guidelines Handling non-compliance Notes on Implementation of INFORM/CONSENT GUI Interfaces Innovation through participation

  16. Planned steps Call for Comments on the supporting documents Pilot with the linguistics community (CLARIN) The Netherlands, Germany, Sweden, Finland Submit the Data Protection Code of Conduct to WP29 for approval The EU body contributing to the uniform application of the Data protection directive Extend the Code of Conduct to cover attribute release out of EU EU model contracts Innovation through participation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

STSD Student Code of Conduct World Class. Every Day. In Every Way. Code e of Conduct ct PB

STSD Student Code of Conduct World Class. Every Day. In Every Way. Code e of Conduct ct PB

STSD Student Code of Conduct World Class. Every Day. In Every Way. Code e of Conduct ct PB PBIS ARROWS STSD ST SD St Studen ents ts K K -12 12 ADLI Four Dimensions of Process Appr pproach: ch: Colle llecte cted d fe

1.05k views • 8 slides
Accessible #FAIR101 #ARDCtraining Webinar 3 PRESENTED BY Matthias Liffers Code of Conduct To

Accessible #FAIR101 #ARDCtraining Webinar 3 PRESENTED BY Matthias Liffers Code of Conduct To

Accessible #FAIR101 #ARDCtraining Webinar 3 PRESENTED BY Matthias Liffers Code of Conduct To ensure that everyone has a fulfilling learning opportunity, FAIR Data 101 is governed by a Code of Conduct. You can view the Code at

634 views • 44 slides
Prsentation gnrale Official service providers Official service providers Official service

Prsentation gnrale Official service providers Official service providers Official service

Prsentation gnrale Official service providers Official service providers Official service providers Official service providers 52 ime Paris Air Show From 19 to 25 June 2017, Paris - Le Bourget Calixir Calixir has a long established

721 views • 21 slides
SCLARC PUBLIC FORUM Purchase of Service Data FY 2018-19 August 24, 2020 (Originally scheduled

SCLARC PUBLIC FORUM Purchase of Service Data FY 2018-19 August 24, 2020 (Originally scheduled

SCLARC PUBLIC FORUM Purchase of Service Data FY 2018-19 August 24, 2020 (Originally scheduled for March, 2020) 1 MEETING CONDUCT GO TO MEETING CODE OF CONDUCT Please keep yourself muted throughout the presentation to avoid background noise.

858 views • 52 slides
Key changes webinar Julie Corney Standards &amp; Compliance Manager About the MRS Code of

Key changes webinar Julie Corney Standards &amp; Compliance Manager About the MRS Code of

MRS Code of Conduct 2019 Key changes webinar Julie Corney Standards &amp; Compliance Manager About the MRS Code of Conduct MRS adopted its first self-regulatory Code in 1954. Current version of the MRS Code of Conduct came into effect on

471 views • 28 slides
DATA CENTERS : Environmental standardisation update &amp; Code of Conduct GreenDays 2018

DATA CENTERS : Environmental standardisation update &amp; Code of Conduct GreenDays 2018

DATA CENTERS : Environmental standardisation update &amp; Code of Conduct GreenDays 2018 Presented by Jean-Marc Pierson (IRIT) Prepared by Nicolas Samman (EATON) AFNOR ECO-TIC : Eco-responsabilit et dveloppement durable pour et par le

321 views • 13 slides
S TS D S tudent Code of Conduct World Class. Every Day. In Every Way. Code ode of of Con

S TS D S tudent Code of Conduct World Class. Every Day. In Every Way. Code ode of of Con

S TS D S tudent Code of Conduct World Class. Every Day. In Every Way. Code ode of of Con ondu duct PBI BIS ARROWS ST STSD SD St Students K K -12 ADLI Four Dimensions of Process App pproach: h: Collec ected f ed

373 views • 8 slides
Student Handbook and Code of Conduct 2020 - 2021 Presented by Mary Seltzer, Ed.D., Director of

Student Handbook and Code of Conduct 2020 - 2021 Presented by Mary Seltzer, Ed.D., Director of

Student Handbook and Code of Conduct 2020 - 2021 Presented by Mary Seltzer, Ed.D., Director of Student Services STUDENT CODE OF CONDUCT CHANGES Vaping / Tobacco Intervention Add additional wording to Code of Conduct to address

296 views • 15 slides
Members Code of Conduct David McCullough www.sefton.gov.uk Seftons New Member Code of

Members Code of Conduct David McCullough www.sefton.gov.uk Seftons New Member Code of

Members Code of Conduct David McCullough www.sefton.gov.uk Seftons New Member Code of Conduct Why change? Background Whats not changed Disclosable Pecuniary Interests Personal Interests Pre Determination &amp;

564 views • 20 slides
Activities Night z Celebratin ing 40 Years of f Excell llence z Student Code of Conduct z

Activities Night z Celebratin ing 40 Years of f Excell llence z Student Code of Conduct z

Devon Aire K-8 Center 8 th Grade z Activities Night z Celebratin ing 40 Years of f Excell llence z Student Code of Conduct z Student Code of Conduct Contract Student Code of Conduct is a contract between the student and the school.

605 views • 16 slides
Lunch Presentation Who is ARCH? Nonprofit homeless service providers, victim services providers,

Lunch Presentation Who is ARCH? Nonprofit homeless service providers, victim services providers,

FEB. 22, 2018 Lunch Presentation Who is ARCH? Nonprofit homeless service providers, victim services providers, faith-based organizations, governments, businesses, advocates, public housing authorities, school districts, social service

671 views • 11 slides
POPI impact on marketing research operations and the SAMRA Code of Conduct? Issues relevant to

POPI impact on marketing research operations and the SAMRA Code of Conduct? Issues relevant to

How will the CPA, the ECT and POPI impact on marketing research operations and the SAMRA Code of Conduct? Issues relevant to marketing research 1. Protection of privacy Children 2. Fit for purpose Joint-liability 3. Industry codes

788 views • 34 slides
Welcome! W RITIN G EF F ICIEN T P YTH ON CODE Logan Thomas Senior Data Scientist, Protection

Welcome! W RITIN G EF F ICIEN T P YTH ON CODE Logan Thomas Senior Data Scientist, Protection

Welcome! W RITIN G EF F ICIEN T P YTH ON CODE Logan Thomas Senior Data Scientist, Protection Engineering Consultants Course overview Your code should be a tool used to gain insights Not something that leaves you waiting for results In this

563 views • 28 slides
ARCH is committed to to the goal of ending homelessness in Acadiana by supporting efforts to

ARCH is committed to to the goal of ending homelessness in Acadiana by supporting efforts to

Who is ARCH? Nonprofit homeless service providers, victim services providers, faith-based organizations, governments, businesses, advocates, public housing authorities, school districts, social service providers, mental health agencies,

493 views • 23 slides
Code of Conduct For online rummy operators Version1.0 19th July 2018 Code for The aim is to

Code of Conduct For online rummy operators Version1.0 19th July 2018 Code for The aim is to

Code of Conduct For online rummy operators Version1.0 19th July 2018 Code for The aim is to prescribe and enforce a range of measures for online rummy operators that Conduct would bring more responsibility to their operations and enhance

240 views • 13 slides
T he distinction between ments could just as readily lead Working Party data controller

T he distinction between ments could just as readily lead Working Party data controller

PAGE 3 PRIVACY &amp; DATA PROTECTION VOLUME 10, ISSUE 5 T he distinction between ments could just as readily lead Working Party data controller and data to other service providers being processor lies at the heart characterised

328 views • 3 slides
BEST PRACTICES FOLLOWED IN SAARC COUNTRIES Presented ed by: Sheema Haide der Director or Qu

BEST PRACTICES FOLLOWED IN SAARC COUNTRIES Presented ed by: Sheema Haide der Director or Qu

CROSS BORDER HIGHER EDUCATION. BEST PRACTICES FOLLOWED IN SAARC COUNTRIES Presented ed by: Sheema Haide der Director or Qu Qualit ity y Enhance ncement ment Cell Indus us Un University sity CROSS BORDER HIGHER EDUCATION

798 views • 25 slides
2016 New York EB-5 &amp; Investment Immigration Convention The Future of EB-5 Review of 2015

2016 New York EB-5 &amp; Investment Immigration Convention The Future of EB-5 Review of 2015

2016 New York EB-5 &amp; Investment Immigration Convention The Future of EB-5 Review of 2015 Legislative Process: What Almost Became Law, Why It Didnt, And What May Happen This Year and Next Stephen Yale-Loehr, Miller Mayer LLP Dan Healy,

757 views • 6 slides
Manufacturing Abroad while Making Profits at Home. A Study on Veneto Footwear and Clothing Global

Manufacturing Abroad while Making Profits at Home. A Study on Veneto Footwear and Clothing Global

Manufacturing Abroad while Making Profits at Home. A Study on Veneto Footwear and Clothing Global Value Chains Carlo Gianelle, University of Siena, Doctoral school. Giuseppe Tattara, University of Venice, Dept of economics. Globalization: a knit

473 views • 13 slides
functions maximization Yao Zhang 03/19/2015 Example Deploy sensors in the water distribution

functions maximization Yao Zhang 03/19/2015 Example Deploy sensors in the water distribution

A survey of submodular functions maximization Yao Zhang 03/19/2015 Example Deploy sensors in the water distribution network to detect contamination F(S): the performance of the detection when a set S of places is selected 2

611 views • 31 slides
CROSS-BORDER HEALTHCARE AND EUROPEAN UNION LAW Ferrara, 13 th March 2017 Fabiana Panin, PhD -

CROSS-BORDER HEALTHCARE AND EUROPEAN UNION LAW Ferrara, 13 th March 2017 Fabiana Panin, PhD -

CROSS-BORDER HEALTHCARE AND EUROPEAN UNION LAW Ferrara, 13 th March 2017 Fabiana Panin, PhD - University of Ferrara fabiana.panin@unife.it Healthcare systems public Provider private public Financing private Beveridge Access Bismarck

478 views • 14 slides
Patients Rights have no Borders. as well as risks! Catherine Donohoe, Irish National

Patients Rights have no Borders. as well as risks! Catherine Donohoe, Irish National

Patients Rights have no Borders. as well as risks! Catherine Donohoe, Irish National Contact Point 3 May 2016 To what risks do patients expose themselves? Who should they contact? Ireland has a population of 4.3million and has a

420 views • 5 slides
AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision? 1 /

AM P A R CudA Multiple Precision ARithmetic librarY When do we need more precision? 1 /

Implementation and performance evaluation of an extended precision floating-point arithmetic library for high-accuracy semidefinite programming Mioara Joldes, Jean-Michel Muller and Valentina Popescu ARITH 24 July 2017 AM P A R CudA

358 views • 35 slides
Reflections on 10 years of FloPoCo Florent de Dinechin The FloPoCo project A generator of

Reflections on 10 years of FloPoCo Florent de Dinechin The FloPoCo project A generator of

Reflections on 10 years of FloPoCo Florent de Dinechin The FloPoCo project A generator of application-specific hardware arithmetic operators open-ended list (division by 3, exp, log, trigs, ... function approximators, FIIR, IIR, ...) each

838 views • 40 slides

More recommend