Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The eduroam (education roaming) is a secure, world-wide roaming access service developed for the international research and education community.   eduroam allows any user from an eduroam participating site to get network access at any location that provides eduroam service.

...

Thus the eduroam roaming consortium is comprised of many legal entities: (N)ROs, IdPs and SPs. (National) roaming operators ((N)RO)  are entities that operate the eduroam service for a country or economy and coordinate the activity of IdPs and SPs at in the respective teritory.

GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam consortium (community, from the technical infrastructure at the European level to supporting services aimed for the world-wide comunity)community.Those services  are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam consortium service that is operated and maintained by GÉANT including, but not limited to, the following services: the European level authentication proxy infrastructure, the eduroam database,  the eduroam Configuration Assistant Tool (CAT), the eduroam F-ticks traffic measurement, portal with technical information about the service monitor.eduroam.org, eduroam wiki and website.

We are proud to say that The eduroam was designed for minimal disclosure of end users personal data following the requirement that user must be authenticated by his/hers IdP. The design of the system provides and favours the end user anonymization, i.e., a possibility to hide the end user’s identity from any third parties, including providers of the eduroam network access (SPs). The eduroam technical foundations have a built-in support for end user privacy throughout the authentication process. For all intermediate services, like routing of authentication requests and F-Ticks (log format for distributed federations), we strive towards knowing *nothing* about the actual identity of an end user, while still maintaining log traces which allow for resolving security incidents, debugging, monitoring of and usage statistics.
To view the general Privacy Notice for GÉANT, please visit the GÉANT website. 

Why We Process Personal Data

We process various data in order to provide the reliable and secure eduroam service and to ensure and improve the quality of services we provide and to improve and protect themeduroam supporting service. The eduroam service is designed in a way that we don't need to know end user identity in order to provide the service: partners . Partners within eduroam federations community can anonymise potential end user's private data.  We give advice and guidance to the community that recommends the highest levels of anonymity of data in all deployments. 

We also collect data related to National Roaming Operators (NRO) to help support the administration of the service through a contacts database. NROs, IdPS and SPs to enable supporting services and improve incident response and user support.. Access to the data collected in the eduroam dabatase and orther supporting services which is considered private is limited (via authentication mechanism based on eduGAIN) to responsible personel of GEANT and NROs.

What Personal Data We Process

...

  • When you roam and visit other countries, the eduroam OT European proxy servers will receive and log the following data: your realm (denoting your institution and federation) , your IP and MAC addresses. We can also receive your username if the visited institution choose if  you have choosen to not anonymise this data. When you roam to another institution within your home country we don’t receive any data because the European international authentication proxy infrastructure is servers are not included in that process.  The service has a legitimate interest in processing this information.

  • When you roam and visit other countries or other institutions within your federation we may also process the following data for monitoring, measuring and reporting services: visited federation, producer of your NIC card and authentication outcome. We can also receive your username and your MAC address if visited institution choose to not anonymise this data and name of the visited institution if the visited federation choose to send this data, ,in addition to the data mentioned above, the data about visited country, visited institution and authentication outcome. The service has a legitimate interest in processing this information. The service has a legitimate interest in processing this information..

  • As part of supporting activities we maintain several public web sites (e.g. web of CAT service) where  we collect normal web server logs, i.e. timestamp of access, IP address which requested the page, the page being requested, the HTML result code, etc. The data collected is for the purpose of troubleshooting and debugging potential problems of with eduroam web servers and therefore the service has a legitimate interest in processing this information. 
    As part of administration activities, the eduroam Operational Team maintain a database of contacts for National Roaming Operators only. We process contact name, email address and phone numbers of Operator contacts to support incident response and operational information flow for between the Operators and the eduroam OT.  This information is only accessible by the eduroam OT and is provided with the consent of the NROs.

  • The eduroam Operations Team maintains a database where  we collect data related to NROs, IdPS and SPs to enable supporting services and improve incident response and user support. The data is provided by the NROs based on the eduroam Policy.

  • To ensure proper fuctioning of the eduroam Configuration Assistant Tool (CAT) we collect the identifers and e-mail addresses of the NRO and IdP admins responsible for the configurations that will be used be the end usersTO DO: CAT.

  • TO DO: eduroam Managed IdP. 

Who Do We Share Data With?

Personal data gathered for website statistics is only shared within the GÉANT Association and the eduroam Operational Team for analysis and reporting.

All other personal data is held and processed only by the eduroam OT(is this true?) The contact information collected in the eduroam database is used by the OT and NROs in order to resolve securty incident and debug problems reported by the end users.

Personal Data Retention

Analytical data for website statistics is currently retained permanently.

...


To view the general Privacy Notice for GÉANT, please visit the GÉANT website. 


Contact Information

Data Controller and Contact

Data Protection Officer

GÉANT Association
Hoekenrode 3
1102 BR
Amsterdam – Zuidoost
Netherlands
Telephone number: +31 20 530 4488
email: gdpr@geant.org

Jurisdiction

Netherlands

Dutch Data Protection Authority
Autoriteit Persoonsgegevens
Postbus 93374 2509 AJ DEN HAAG.
Telephone number: (+31) - (0)70 - 888 85 00.

...