Presentation is loading. Please wait.

Presentation is loading. Please wait.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Published byBaldwin Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science"— Presentation transcript:

1 Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science Mikael.Linden@csc.fi

2 Innovation through participation The data protection risk In EU, a Home organisation takes a risk when it releases attributes to an Service Provider Home organisation may become partly liable if the SP is hacked and personal data is spilled to the Internet => Home Organisations hesitate to release attributes Home organisation (IdP) Service Provider (SP) Attributes = personal data (unique ID, name, mail, eduPersonAffiliation…)

3 Innovation through participation Requirements to attribute release from the EU data protection directive Security of processing Purpose of processing Minimal Disclosure Informing the end user Specify legal grounds for attribute release Necessary attributes based on legitimate interests legal grounds Optional extra attributes on user consent (deferred to phase 2) Attribute release out of EU/EEA and countries with adequate data protection requires EC model contracts Initially the Code of Conduct covers just SPs in EU/EEA and similar

4 Innovation through participation Requirements from the R&E community Scalability (thousands of Entities) Balance risks with easiness of collaboration Tolerate and recover from misbehaving entities Minimise home organisation’s liability Suggest good practices to Home Organisations Minimise federation’s role A global approach needed

5 Innovation through participation Data Protection Code of Conduct approach Voluntary to SPs (but SPs have an interest to commit to receive attributes) Voluntary to Home Orgs to rely on (but may increase Home Org’s scientific output and reduce the IdP admin’s work) It’s simple! SP Commit to SP Commit to SP Commit to HO Learn SP’s commitment GEANT Data protection Code of Conduct

6 Innovation through participation Code of Conduct: Service Providers commits to Directly from the DP law Data minimisation Data rentention Information security Informing the end user Data release out of EU/EEA requires EC model contracts Further specifies the DP law Legal grounds: ”attributes that are necessary…” Purpose: ”enabling access” Deviating purpose: on user consent only Release to 3rd party: on user consent or 3rd party committed to CoC Report security breaches Read the full Code of Conduct text in: https://refeds.terena.org/index.php/Code_of_Conduct_for_Service_Providers

7 Innovation through participation SAML 2.0 metadata profile supporting the Code of Conduct Standard SAML 2.0 metadata elements used to convey SP’s relevant properties to a Home Organisation: Indication of SP’s commitment to the CoC (Entity Category element) List of attributes the SP requires ( md:requestedAttributes ) Link to the SP’s Privacy policy document ( mdui:privacyStatementURL ) SP’s name ( mdui:displayName ) SP’s description ( mdui:Description )

8 Innovation through participation Informing the end user on release of his/her personal data WebLicht is a service for language research. It provides an execution environment for automatic annotation of text corpora. Weblicht Service name Description Your following information will be released Unique IDmlinden@csc.fi NameMikael Linden Privacy policy OK

9 Innovation through participation The Code of Conduct timeline 1st public call for comments 6-8/2012 2nd public call for comments 11-12/2012 Pilot with the CLARIN community 6/2012-4/2013 Submitted to the eduGAIN Technical Steering Group for approval on the 31st of May Use your vote! Submission to Article 29 Working Party Q2/2013 the EU body contributing to the uniform application of the Data protection directive

10 Innovation through participation Code of Conduct pilot with CLARIN Identity Federations: DFN-AAI (Germany). Haka (Finland), SWAMID (Sweden) Home Organisations: DFN (connected to DFN-AAI), Institut für Deutsche Sprache (DFN-AAI), CSC (Haka), Uppsala university (SWAMID) Service Providers LAT – Language Archive Tools (CSC, connected to Haka) IDS – CLARIN services (IDS, DFN-AAI) IDS – repository (IDS, DFN-AAI) CLARIN Catalog (MPI for Psycholingusitics, DFN-AAI) MPI second SP (MPI for Psycholingusitics, DFN-AAI) Weblicht – annotation tool (Tübingen university, DFN-AAI) Filesender (CSC, Haka)

11 Innovation through participation Findings in the pilot Pilot Service Providers happy to commit to the Code of Conduct Pilot Home Organisations happy to release attributes to committed SPs More documentation, templates and training needed How to write a Privacy Policy document What attributes are necessary for a service Some sanity checks seem necessary by a third party (federation operator) Privacy policy document and SAML 2.0 metadata are consistent Service name and description understandable and useful for common users – “Lux17 Service Provider” – “Max Planck Institute for Psycholinguistics second Service Provider” Final report: https://refeds.terena.org/index.php/CocPilotReport

12 Innovation through participation Questions? Read the TNC2013 full paper in: https://tnc2013.terena.org/core/presentation/8

Download ppt "Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science"

Similar presentations

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki 2.10.2013 Mikael Linden, CSC – IT Center for Science

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) 21.6.2012 FIM for research collaboration workshop Mikael Linden,

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,
User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.

User Attributes; who, where, how many? Daan Broeder TLA – MPI for Psycholinguistics.
Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012
CLARIN and the DSA Paul Trilsbeek The Language Archive Max Planck Institute for Psycholinguistics.

CLARIN and the DSA Paul Trilsbeek The Language Archive Max Planck Institute for Psycholinguistics.
Kalmar Union 15.1.2008 Mikael Linden CSC, the Finnish IT Center for Science.

Kalmar Union Mikael Linden CSC, the Finnish IT Center for Science.
Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna 17-18 Oct 2011

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011
REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.

REFEDS RESEARCH AND EDUCATION (R&S) ENTITY CATEGORY NICOLE HARRIS.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science

CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.

The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.
Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
FIM, 2012-06-22, Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.

FIM, , Nijmegen CLARIN: status of FIM Dieter Van Uytvanck 1.
Authentication and Authorization Overview Kimmo Koskenniemi, Antti Arppe, Mikael Lindén University of Helsinki, CSC – IT Centre for Science Consortium.

Authentication and Authorization Overview Kimmo Koskenniemi, Antti Arppe, Mikael Lindén University of Helsinki, CSC – IT Centre for Science Consortium.
Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.

Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org Life science community update for the 7 th Federated Identity Management.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.

Similar presentations

Ads by Google