...
- Requirements on data to protect from AAI, community, resource providers and e-infrastructure (MNA3.2)
- Recommendations and template policies for the processing of personal data by participants in the pan-European AAI (under development)
With the new general data protection regulation (GDPR) - formally published on May 4th, 2016 - the context is shifting: Although on the one hand the regulation brings the advantage of better alignment in Europe, it also places some further limits on the ground for data processing, and for global collaboration there are many factors (including the Privacy Shield work) that drive change. In the 2nd year of AARC we will investigate new approaches that align with the new environment - and still keep the collaboration from within Europe with the world at large - including approaches inspired by the 'corporate rules' mechanism and its potential applicability to coordinated e-Infrastructures and research infrastructures.
We would like to point out that this effort is focused on the protection of personal data that is generated as a result of participants working within the federated infrastructure. If you are about to exchange (research) data that in and of itself contains (sensitive) personal data, or where the combination of your data set with other data sets can result in the inference of personal or sensitive data, including other research data, please consult with your user community. E.g. for biomedical research data, look at ELIXIR and national initiatives.