Description of the eduroam Service
The eduroam service do we have a standard description?
The eduroam roaming consortium is comprised of many legal entities. GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam consortium on the European level, some of which store data about ongoing usage by end users. Those services are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam consortium that is operated and maintained by GÉANT including, but not limited to, the following services: the European international authentication proxy infrastructure, European F-Ticks collection and the eduroam Configuration Assistant Tool (CAT).
GÉANT is the body which is responsible for the international coordination and interoperability of the eduroam within Europe, and operates a number of services for the eduroam consortium globally. These central services are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam consortium that is operated and maintained by GÉANT including, but not limited to, the following services: detail here.
We are fans of privacy, and we are proud to say that eduroam was designed for minimal disclosure of end users personal data.. The design of the system provides and favours the end user anonymization, i.e., a possibility to hide the end user’s identity from any third parties, including providers of the eduroam network access (Service Providers). The consortium's technical foundations have a built-in support for end user privacy throughout the authentication process. For all intermediate supporting services, like routing of authentication requests and F-Ticks (log format for distributed federations), we strive towards knowing *nothing* about the actual identity of an end user, while still maintaining log traces which allow for debugging and monitoring of usage statistics.
To view the general Privacy Notice for GÉANT, please visit the GÉANT website.
Why We Collect Personal Data
We collect and process various data in order to provide the eduroam service and to ensure the quality of services we provide and to improve and protect them. The eduroam service is designed in a way that we don't need to know end user identity in order to provide the service: partners within eduroam federations can anonymise potential end user's private data. We give advice and guidance to the community that recommends the highest levels of anonymity of data in all deployments.
We also collect data related to National Roaming Operators (NRO) to help support the administration of the service through a contacts database.
What Personal Data We Collect and Process
As part of the eduroam service, we collect and process the following data:
- When you roam and visit other countries, the eduroam OT will receive the following data: your realm (denoting your institution and federation), your IP and MAC addresses. We can also receive your username if the visited institution choose to not anonymise this data. When you roam to another institution within your home country we don’t receive any data because European international authentication proxy infrastructure is not included in that process. The service has a legitimate interest in gathering this information.
- When you roam and visit other countries or other institutions within your federation we may also process the following data for monitoring, measuring and reporting services: visited federation, producer of your NIC card and authentication outcome. We can also receive your username and your MAC address if visited institution choose to not anonymise this data and name of the visited institution if the visited federation choose to send this data. The service has a legitimate interest in gathering this information.
- As part of supporting activities we maintain several public web sites (e.g. web of CAT service) where we collect normal web server logs, i.e. timestamp of access, IP address which requested the page, the page being requested, the HTML result code, etc. The data collected is for the purpose of troubleshooting and debugging potential problems of with eduroam web servers.
- As part of administration activities, the eduroam Operational Team maintain a database of contacts for National Roaming Operators only. We collect contact name, email address and phone numbers of Operator contacts to support incident response and operational information flow for between the Operators and the eduroam OT. This information is only accessible by the eduroam OT and is provided with the consent of the NROs.
- TO DO: CAT.
Who Do We Share Data With?
Personal data gathered for website statistics is only shared within the GÉANT Association. (do we collect any data on eduroam cat stats etc?).
All other data is held and processed only by the eduroam OT. (is this true?)
Personal Data Retention
Analytical data for website statistics is currently retained permanently.
All data related to roaming are kept for a period of six months, unless a different requirement is set by legislation in individual European countries.
Your Rights
You have the following rights:
- You have the right to complain to the Supervisory Authority (Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl) about our data processing activities.
Contact Information
| Data Controller and Contact | Data Protection Officer GÉANT Association |
| Data Processor | (add addresses and contacts) |
| Jurisdiction | Netherlands Dutch Data Protection Authority |