[Dev] Fwd: [refeds] Public consultation on the Data protection Code of Conduct
Mikael Linden
Mikael.Linden at csc.fi
Tue Jun 26 13:21:32 CEST 2012
>On 26/6/12 10:55 , Oliver Schonefeld wrote:
>> I have a question to item f (and possibly m): Given we'll find a
>> solution for the delegation problem, am I right, that we would be
>> allowed to talk to 3rd party web-services on behalf of the user, if we
>> get the users consent, right?
>
>Yes, this situation was explicitly clarified by Mikael (in CC).
>Basically, because the user initiates the web service chain, (s)he
>implicitly agrees that the information can be sent through, because that
>is necessary to achieve the wanted ent results.
We had the CLARIN Web Services in mind when adding
"...unless prior consent has been given by the End User" to f.
The idea is that, legally speaking, the SP's decision to further release
the user's personal data to a 3rd party WS starts a new and separate processing
of personal data where the Home Organisation's Identity Provider isn't
any more involved. Therefore, the Home Organisation cannot become liable for
any data protection issues there. This could provide some freedom for CLARIN
to design the WS for their needs (which are of course subject to the same data
data protection laws, now just eduGAIN isn't involved any more).
Item (m) means attribute release out of EU/EEA.
Please provide any feedback on the Code of Conduct!
Cheers,
mikael (eduGAIN policy subtask)
>best,
>--
>Dieter Van Uytvanck
>Max Planck Institute for Psycholinguistics, Nijmegen, the Netherlands
>tel. +31-(0)24-3521-191 | <http://www.mpi.nl/>
More information about the Dev
mailing list