Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description of the eduroam Service

eduroam (education roaming) is a secure, world-wide roaming access service developed for the international research and education community. eduroam allows any user from an eduroam participating site to get network access at any location that provides eduroam service.

The basic principle underpinning the security of eduroam is that the authentication of a user is carried out at his/her home institution (Identity Provider, IdP) using the institution’s specific authentication method. The authorisation required to allow access to local network resources is carried out by the visited institution (Service Provider, SP).

Thus the eduroam roaming consortium is comprised of many legal entities: (N)ROs, IdPs and SPs. (National) roaming operators ((N)RO)  are entities that operate the eduroam service for a country or economy and coordinate the activity of IdPs and SPs in the respective territory.

GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam community, from the technical infrastructure at the European level to supporting services aimed for the world-wide community.Those services are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam service that is operated and maintained by GÉANT including, but not limited to, the following services: the European level authentication proxy infrastructure, the eduroam database,  the eduroam Configuration Assistant Tool (CAT), the eduroam F-ticks traffic measurement, a portal with technical information about the service, monitor.eduroam.org, the eduroam wiki and the eduroam website.

The eduroam was designed for minimal disclosure of end users personal data following the requirement that user must be authenticated by his/hers IdP. The design of the system provides and favours the end user anonymization, i.e., the possibility to hide the end user’s identity from any third parties, including providers of eduroam network access (SPs). eduroam technical foundations have a built-in support for end user privacy throughout the authentication process. For all intermediate services, like routing of authentication requests and F-ticks (log format for distributed federations), the service is designed to know *nothing* about the actual identity of an end user, while still maintaining log traces which allow for resolving security incidents, debugging, monitoring and usage statistics.

To view the general Privacy Notice for GÉANT, please visit the GÉANT website

Why We Process Personal Data

We process various data in order to provide a reliable and secure eduroam service and to ensure and improve the quality of the eduroam supporting service. The eduroam service is designed in a way that we don't need to know end user identity in order to provide the service. Partners within eduroam community can anonymise potential end user's private data.  We give advice and guidance to the community that recommends the highest levels of anonymity of data in all deployments. 

We also collect data related to NROs, IdPS and SPs to enable supporting services and improve incident response and user support.. Access to the data collected in the eduroam database and other supporting services which is considered private is limited (via authentication mechanism based on eduGAIN) to responsible personnel of GEANT and NROs.

What Personal Data We Process

As part of the eduroam service, we process the following data:

...

Who Do We Share Data With?

Personal data gathered for website statistics is only shared within the GÉANT Association and the eduroam Operational Team for analysis and reporting.. 

The contact information collected in the eduroam database is used by the OT and NROs in order to resolve securty incident and debug problems reported by the end users.

All other personal data is held and processed only by the eduroam OT

Personal Data Retention

Analytical data for website statistics is currently retained permanently.

...

Security

We support the following processes to ensure the security of your data:

  • Minimisation of personal data we collect;
  • Managing, limiting and controlling access to personal data;
  • Resilience of processing systems and services;
  • Regular testing of the effectiveness of measures implemented.

...

  • We process your data fairly and lawfully;
  • Your data is accurate (to rectify data released by your home organisation, please contact directly);
  • The data we collect is not excessive but only the data we require to provide the service;
  • Your data is secure;
  • Your personal data is securely destroyed when no longer required

You also have the right to ask what personal data we hold about you, and to complain to the Supervisory Authority (Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl) about our data processing activities if you feel your data is not being managed as described here.

Contact Information

...

Data Protection Officer

GÉANT Association
Hoekenrode 3
1102 BR
Amsterdam – Zuidoost
Netherlands
Telephone number: +31 20 530 4488
email: gdpr@geant.org

...

Netherlands

...

eduroam privacy notice is published at: https://www.eduroam.org/privacy/