| No. | Criteria (descriptions available) | Yes/No |
|---|---|---|
| 1 | Evaluation or scoring1 | No |
| 2 | Automated-decision making with legal or similar significant effect2 | No |
| 3 | Systematic monitoring3 | No |
| 4 | Sensitive data or data of a highly personal nature4 | No |
| 5 | Data processed on a large scale5 | Yes |
| 6 | Matching or combining datasets6 | No |
| 7 | Data concerning vulnerable data subjects7 | Yes |
| 8 | Innovative use or applying new technological or organisational solutions8 | Yes |
| 9 | When the processing in itself "prevents data subjects from exercising a right or using a | No |
| DPIA likely to be required | No |
Comment: Data about NROs, institutions and locations doesn't contain data about children. Logs contains IP and MAC address and GÉANT don't have way to identify users without information form IdPs and SPs. Data about end users are processed in encrypted form and are not available to GÉANT.
Notes
5. In 2017. the eduroam AuthN system recorded more than 834 million international authentications.
7. Personal data of children are processed, but in encrypted form not readable to GÉANT.
8. Innovative organisational solutions are used. Common eduroam policy has been applied in large number of federations around the world (usually countries (as of May 2018 86).