Communities of researchers and students, as well as the research and computing and data infrastructures, need to be able to process data and meta-data about the users and their interaction with the systems. This is essential for accounting and for assigning use data to allocations, and to be able to follow up on incidents in the infrastructure. Before recommendation can be developed, it is necessary to make an inventory of the relevant use cases, identify the types of data generated within the infrastructure as a result of its use, and the respective roles of the participants in the infrastructure with respect to data protection. Using the identified roles and responsibilities (and taking into account the wide diversity in laws and regulations related to personal data protection throughout Europe!), we can then develop recommendations and template policies for the processing of personal data for each of the identified participants with the aim of providing recommendations that can be applied across the entire infrastructure.
This work in done is close collaboration with the e-Infrastructures (PRACE and EGI in particular), and with reference to organised user communities, since it is likely that policies and frameworks adopted at that level will gain sufficient traction in processing centres that it will have a harmonising effect across the European e-Infrastructure area.
- Requirements on data to protect from AAI, community, resource providers and e-infrastructure (MNA3.2)
- Recommendations and template policies for the processing of personal data by participants in the pan-European AAI (under development)