| No. | Criteria (notes available) | Yes/No |
|---|
| 1 | Evaluation or scoring |
1 | No |
| 2 | Automated-decision making with legal or similar significant effect |
23 | No |
| 4 | Sensitive data or data of a highly personal nature |
4 | No |
| 5 | Data processed on a large scale |
5 | Yes |
| 6 | Matching or combining datasets |
6 | No |
| 7 | Data concerning vulnerable data subjects |
7Yes| No |
| 8 | Innovative use or applying new technological or organisational solutions |
8 | No |
| 9 | When the processing in itself "prevents data subjects from exercising a right or using a
service or a contract" |
9 | No |
| DPIA likely to be required | No |
Comment: data about NROs, institutions and locations doesn't contain data about children. Logs contains IP and MAC address and GÉANT don't have way to identify users without information form IdPs and SPs. Data about end users are processed in encrypted form and are not readable to GÉANT.
Notes
5. In 2017. the eduroam AuthN system recorded more than 834 million international authentications.
7. Personal data of children are processed, but in encrypted form not readable to GÉANT.
