...
Some collaboration deal also with personal data as part of the data they operate on. Think of the data of real people in medical and health studies, social science surveys, and social geography. If your collaboration uses that type of data, and it is not fully anonymised (which is quite hard!), then you should take extra care when engaging service providers and infrastructures. Agreements and contracts should be in place before working with that data, and the safeguards should be firm enough to satisfy your organisation's risk appetite. This PDK article does not address the protection needed for research data - that is specific to the type of research data, and not an AAI issue. Of course, you can use the AAI to implement appropriate safeguards and technical and organisational measures to protect this sensitive data!
| Table of Contents | ||||
|---|---|---|---|---|
|
.
Resources
...
REFEDS DPCoCo v2 example
The REFEDS DPCoCo provides a tabular template for service providers to present their privacy notice. This 12-point notice ticks all the requirements of the GDPR in a way that is consistent and can (almost) be parsed by machines, although it is not very readable by people. The advantage of it is that all service providers that use the REFEDS DPCoCo template can be compares, and it makes it 'easier' to create combined notices (e.g. in the line of AARC-G083):
WLCG Example
The Worldwide LHC Computing Grid (WLCG) notice is an example of a federated infrastructure where there is no single point of control and no single controller. It relies on the concept of controller-to-controller transfer of data and the fact that all parties (service providers and AAI platform) are bound by a common policy framework, overseen by the WLCG Management Board. However, a formally liable monitoring body cannot be identified - this is a very common case for research collaborations. It follows the 'BCR-like' model described in AARC-G016:
Jisc Example
The UK research and education organisation Jisc uses a privacy notice that emphasises readability and - through folding text sections - helps end-users understand how their data is used. Aimed at external data subjects, it targets the same audience type as many research collaborations, while also fulfilling all the GDPR and UK ICO requirements:
...
...