...
With the new general data protection regulation (GDPR) - formally published on May 4th, 2016 - the context is shifting: Although on the one hand the regulation brings the advantage of better alignment in Europe, it also places some further limits on the ground for data processing, and for global collaboration there are many factors (including the Privacy Shield work) that drive change. In the 2nd year of AARC we will investigate new approaches that align with the new environment - and still keep the collaboration from within Europe with the world at large - including approaches inspired by the 'corporate rules' mechanism and its potential applicability to coordinated e-Infrastructures and research infrastructures.
- Data Protection Impact Assessment - and its application to communities and proxies in the BPA ("AARC2/DNA3.1 - Report on the coordination of accounting data sharing amongst Infrastructures (initial phase)")
Under current legislation, only Model Contracts and Binding Corporate Rules appear to offer the framework required to transfer personal data within trans-national science e-Infrastructures. With hundreds of resource providers and user communities potentially exchanging data, it is impossible to conceive of each party executing a separate, legal agreement with all others as might be required by the standard use of Model Contracts. One possible solution is where each party would sign an adherence form acknowledging compliance with a Code of Conduct (as referred in GDPR Article 46.2(e)) . The signed form is then lodged with the federation. This approach, still a work-in-progress, remains a relatively complex, somewhat lengthy legal document, which may hinder adoption.
...