Difference between revisions of "GOCDB/data privacy"
Line 38: | Line 38: | ||
| '''Personal data processed''' | | '''Personal data processed''' | ||
| ''Unique user identifier:'' <br> | | ''Unique user identifier:'' <br> | ||
* If you login/register your GOCDB account using the [[http://www.ukfederation.org.uk/ UK Access Management Federation]] your '''eduPersonPrincipalName''' is retrieved from your home organisation and is anonymised to produce an opaque ID string (hashed using a secret salt value). | * <strike>If you login/register your GOCDB account using the [[http://www.ukfederation.org.uk/ UK Access Management Federation]] your '''eduPersonPrincipalName''' is retrieved from your home organisation and is anonymised to produce an opaque ID string (hashed using a secret salt value) </strike> (future - not yet implemented). | ||
* If you register your GOCDB account using the [[https://www.igtf.net Interoperable Global Trust Federation (IGTF)]], your '''Distinguished Name (DN)''' is retrieved from your personal certificate loaded in your web browser. | * If you register your GOCDB account using the [[https://www.igtf.net Interoperable Global Trust Federation (IGTF)]], your '''Distinguished Name (DN)''' is retrieved from your personal certificate loaded in your web browser. | ||
<br/><br/> | <br/><br/> | ||
Line 50: | Line 50: | ||
|- | |- | ||
| '''Purpose of processing personal data''' | | '''Purpose of processing personal data''' | ||
| The personal data listed above is used to establish a persistent user account within EGI. Your | | The personal data listed above is used to establish a persistent user account within EGI. Your ID string is re-published by GOCDB to third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. | ||
|- | |- | ||
| '''Third parties to whom personal data is disclosed''' | | '''Third parties to whom personal data is disclosed''' | ||
| After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and | | After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and client-services of GOCDB via its Web interface and its REST API. This includes those authenticated by: | ||
* a certificate issued from a Certification Authority (CA) that is registered in the [[https://www.igtf.net Interoperable Global Trust Federation]]] | * a certificate issued from a Certification Authority (CA) that is registered in the [[https://www.igtf.net Interoperable Global Trust Federation]]] - this includes countries outside the European Economic Area that may <b>NOT have adequate data protection</b> (pursuant to Article 25.6 of the directive 95/46/EC). | ||
* users authenticating using the [[http://www.ukfederation.org.uk UK Access Management Federation (UKAMF)]]. | * <strike>users authenticating using the [[http://www.ukfederation.org.uk UK Access Management Federation (UKAMF)]]</strike> (future - not yet implemented). | ||
<br/> | <br/> | ||
These details are not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is required from the end user before their attributes can be shared to third parties including collaboration partners. | These details are not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is required from the end user before their attributes can be shared to third parties including collaboration partners. |
Revision as of 12:12, 2 December 2015
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Tools menu: | • Main page | • Instructions for developers | • AAI Proxy | • Accounting Portal | • Accounting Repository | • AppDB | • ARGO | • GGUS | • GOCDB |
• Message brokers | • Licenses | • OTAGs | • Operations Portal | • Perun | • EGI Collaboration tools | • LToS | • EGI Workload Manager |
GOCDB Personal Data Privacy and Code of Conduct
DRAFT - Under construction
Some discussion and Q/A on using eppn in EGI/GOCDB: GOCDB/notifications
Data Protection Code of Conduct and Account Registration
The following warning text is shown to all users who register a new GOCDB account (see screen grab below), also note that clicking an 'OK' dialog is required:
- Registering a GOCDB account means you accept that your ID string, your basic user details and roles will be visible to all other users and client-services that authenticate to GOCDB. This includes those authenticated by:
- a certificate issued from a Certification Authority (CA) that is registered by the [Interoperable Global Trust Federation (IGTF)], note, IGTF includes CAs from countries outside the European Economic Area.
an organisation registered with the UK Access Management Federation(future - not yet implemented).an organisation registered in a federation that participates in eduGAIN(future - not yet implemented).- new authentication/security realms will be listed here and you will be updated by email and notified in the portal.
- Your details are re-published by GOCDB and are used by EGI for Monitoring, Accounting and for use in its data processing systems.
- If you do not provide this consent, please [do NOT register | DELETE your account].
This table follows the [template suggested by GEANT] in their privacy policy guidelines for Service Providers:
Name of Service | Grid Operations Centre Database (GOCDB) hosted by the [Science and Technology Facilities Council (STFC)] on behalf of the [European Grid Initiative (EGI.eu)]. |
Description of Service | GOCDB is a central registry to record information about the topology of the EGI e-Infrastructure. This includes entities such as Operations Centres, Resource Centres, service types, service endpoints and their downtimes, user contact information and roles of users responsible for operations at different levels |
Data Controller/Processor and contact | Data Controller: [EGI.eu], Data Processor: [Science and Technology Facilities Council] |
Jurisdiction of data processor | GB |
Personal data processed | Unique user identifier:
|
Purpose of processing personal data | The personal data listed above is used to establish a persistent user account within EGI. Your ID string is re-published by GOCDB to third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. |
Third parties to whom personal data is disclosed | After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and client-services of GOCDB via its Web interface and its REST API. This includes those authenticated by:
|
Data retention | The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts will also be deleted after a period of 3yrs of inactivity (will be implemented soon). |
User Provided Positive Informed Consent