Difference between revisions of "GOCDB/data privacy"
< GOCDB
Jump to navigation
Jump to search
(16 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
==GOCDB Personal Data Privacy and Code of Conduct== | ==GOCDB Personal Data Privacy and Code of Conduct== | ||
===Data Protection Code of Conduct and Account Registration=== | ===Data Protection Code of Conduct and Account Registration=== | ||
* Registering a GOCDB account means you accept that your ID string, your basic user details and roles will be visible to all other users and client-services that authenticate to GOCDB. This includes those authenticated by: | * Registering a GOCDB account means you accept that your ID string, your basic user details and roles will be visible to all other users and client-services that authenticate to GOCDB. This includes those authenticated by: | ||
** a certificate issued from a Certification Authority (CA) that is registered by the [[https://www.igtf.net/ Interoperable Global Trust Federation (IGTF)]] | ** a certificate issued from a Certification Authority (CA) that is registered by the [[https://www.igtf.net/ Interoperable Global Trust Federation (IGTF)]]. <b>Please note, this includes clients from countries outside the European Economic Area and from countries that may NOT have adequate data protection</b> (pursuant to Article 25.6 of the directive 95/46/EC). | ||
** an organisation registered in a federation that participates in eduGAIN. | |||
** | ** an organisation registered with the EGI ProxyIdP/CheckIn service. | ||
** new authentication/security realms will be listed here and you will be updated by email and notified in the portal. | ** new authentication/security realms will be listed here. <!--and you will be updated by email and notified in the portal.--> | ||
* Your details are re-published by GOCDB and are used by EGI for Monitoring, Accounting and for use in its data processing systems. | * Your details are re-published by GOCDB and are used by EGI for Monitoring, Accounting and for use in its data processing systems. | ||
* By creating an account, you consent to the EGI Acceptable Use Policy: https://documents.egi.eu/public/ShowDocument?docid=74 | |||
* If you do not provide this consent, please [do NOT register | DELETE your account]. | * If you do not provide this consent, please [do NOT register | DELETE your account]. | ||
* Terms and Conditions table below follows the [[https://wiki.refeds.org/display/CODE/Privacy+policy+guidelines+for+Service+Providers template suggested by GEANT]] in their privacy policy guidelines for Service Providers. | |||
* This does <b>NOT mean GOCDB conforms to the CoC</b> (DM: currently I don't think its possible to conform; the GEANT CoC assumes attributes will only be republished to countries within EU/EEA and to those with adequate data protection (pursuant to Article 25.6 of the directive 95/46/EC), in practice GOCDB republishes to global IGTF). | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 32: | Line 35: | ||
| '''Personal data processed''' | | '''Personal data processed''' | ||
| ''Unique user identifier:'' <br> | | ''Unique user identifier:'' <br> | ||
* If you login/register your GOCDB account using the [[ | * If you login/register your GOCDB account using the [[https://wiki.egi.eu/wiki/AAI EGI AAI ProxyIdP/CheckIn service]] an opaque ID string created by this service is used for your login ID. | ||
* If you register your GOCDB account using the [[https://www.igtf.net Interoperable Global Trust Federation (IGTF)]], your '''Distinguished Name (DN)''' is retrieved from your personal certificate loaded in your web browser. | * If you register your GOCDB account using the [[https://www.igtf.net Interoperable Global Trust Federation (IGTF)]], your '''Distinguished Name (DN)''' is retrieved from your personal certificate loaded in your web browser. | ||
<br/><br/> | <br/><br/> | ||
Line 44: | Line 47: | ||
|- | |- | ||
| '''Purpose of processing personal data''' | | '''Purpose of processing personal data''' | ||
| The personal data listed above is used to establish a persistent user account within EGI. Your | | The personal data listed above is used to establish a persistent user account within EGI. Your ID string is re-published by GOCDB to third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. | ||
|- | |- | ||
| '''Third parties to whom personal data is disclosed''' | | '''Third parties to whom personal data is disclosed''' | ||
| After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and | | After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and client-services of GOCDB via its Web interfaces. This includes clients authenticated by: | ||
* a certificate issued from a Certification Authority (CA) that is registered in the [[https://www.igtf.net Interoperable Global Trust Federation]]] | * a certificate issued from a Certification Authority (CA) that is registered in the [[https://www.igtf.net Interoperable Global Trust Federation]]] | ||
* users authenticating using the [[ | ** this includes clients from <b>countries outside the European Economic Area that may NOT have adequate data protection</b> (pursuant to Article 25.6 of the directive 95/46/EC). | ||
* users authenticating using the [[https://wiki.egi.eu/wiki/AAI EGI AAI ProxyIdP/CheckIn service]]. | |||
<br/> | <br/> | ||
These details are not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is required from the end user before their attributes can be shared to third parties including collaboration partners. | These details are not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). <strike>This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is required from the end user before their attributes can be shared to third parties including collaboration partners</strike> (DM: is only conformant if attributes are shared within EC or to countries with adequate data protection). | ||
|- | |- | ||
| '''Data retention''' | | '''Data retention''' | ||
| The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts will also be deleted after a period of | | The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts will also be deleted after a period of 18mths of inactivity. | ||
<!-- | <!-- | ||
|- | |- | ||
Line 78: | Line 82: | ||
</center> | </center> | ||
--> | --> | ||
Some discussion and Q/A on using eppn in EGI/GOCDB: [[GOCDB/notifications]] |
Latest revision as of 17:09, 23 November 2016
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Tools menu: | • Main page | • Instructions for developers | • AAI Proxy | • Accounting Portal | • Accounting Repository | • AppDB | • ARGO | • GGUS | • GOCDB |
• Message brokers | • Licenses | • OTAGs | • Operations Portal | • Perun | • EGI Collaboration tools | • LToS | • EGI Workload Manager |
GOCDB Personal Data Privacy and Code of Conduct
Data Protection Code of Conduct and Account Registration
- Registering a GOCDB account means you accept that your ID string, your basic user details and roles will be visible to all other users and client-services that authenticate to GOCDB. This includes those authenticated by:
- a certificate issued from a Certification Authority (CA) that is registered by the [Interoperable Global Trust Federation (IGTF)]. Please note, this includes clients from countries outside the European Economic Area and from countries that may NOT have adequate data protection (pursuant to Article 25.6 of the directive 95/46/EC).
- an organisation registered in a federation that participates in eduGAIN.
- an organisation registered with the EGI ProxyIdP/CheckIn service.
- new authentication/security realms will be listed here.
- Your details are re-published by GOCDB and are used by EGI for Monitoring, Accounting and for use in its data processing systems.
- By creating an account, you consent to the EGI Acceptable Use Policy: https://documents.egi.eu/public/ShowDocument?docid=74
- If you do not provide this consent, please [do NOT register | DELETE your account].
- Terms and Conditions table below follows the [template suggested by GEANT] in their privacy policy guidelines for Service Providers.
- This does NOT mean GOCDB conforms to the CoC (DM: currently I don't think its possible to conform; the GEANT CoC assumes attributes will only be republished to countries within EU/EEA and to those with adequate data protection (pursuant to Article 25.6 of the directive 95/46/EC), in practice GOCDB republishes to global IGTF).
Name of Service | Grid Operations Centre Database (GOCDB) hosted by the [Science and Technology Facilities Council (STFC)] on behalf of the [European Grid Initiative (EGI.eu)]. |
Description of Service | GOCDB is a central registry to record information about the topology of the EGI e-Infrastructure. This includes entities such as Operations Centres, Resource Centres, service types, service endpoints and their downtimes, user contact information and roles of users responsible for operations at different levels |
Data Controller/Processor and contact | Data Controller: [EGI.eu], Data Processor: [Science and Technology Facilities Council] |
Jurisdiction of data processor | GB |
Personal data processed | Unique user identifier:
|
Purpose of processing personal data | The personal data listed above is used to establish a persistent user account within EGI. Your ID string is re-published by GOCDB to third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. |
Third parties to whom personal data is disclosed | After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and client-services of GOCDB via its Web interfaces. This includes clients authenticated by:
|
Data retention | The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts will also be deleted after a period of 18mths of inactivity. |
User Provided Positive Informed Consent
Some discussion and Q/A on using eppn in EGI/GOCDB: GOCDB/notifications