Talk:SPG:Drafts:Data Privacy EGI CheckIn
Comments and discussion
Comments from Hannah Short (8 Nov 2016)
Minor points since this looks very thorough:
- It is potentially confusing to have two nested policies. There are references to "The Policy", "This policy", "this Policy" and it's not obvious to which one they are referring. It might be clearer to insert the word Privacy or Data Processing before each use of the word Policy
- "Stored where?" I worry this is opening a can of worms since we do not specify the actual location and readers will want to see a physical country listed. As far as I can see, this isn't a requirement of the Policy on the Processing of Personal Data
Answer from DaveK: Agreed. Potentially a BIG can of worms! In the past with the old User-level Job Accounting Policy we did require the data to be held within the EU (or country with similar data protection). In general this does not work for e-Infrastructures like WLCG where we do need to store and process outside of the EU, so our plan was that the fact that all members of the e-Infrastructure are bound by the single set of policy documents should be sufficient.