Identity Federation and Personal Data Protection

Sharing Personal Data across the Federation

Wishing to use any of the Federation’s services, the user first accesses its home page. There, they are redirected to their home organization. Logon action takes place in the user’s home organization, which subsequently makes certain personal details available to the target service. Federation operators cannot access personal data of users.

Federation principles are explained in greater detail in a separate article. Additional details are given in the Federation Policy or in the Technical Section. Additional information on personal data protection is available at CESNET’s home page.

An IdP (Identity Provider) must state what attributes will be provided to a given service. Should the user fail to agree with providing details required by the service, the service will not be provided. SPs (Service Providers) must explain the parameters of their services, including the use of personal data provided.

Lawful Basis for Processing

Personal data are being provided for the legitimate interest of the data subject and participating organizations, within the framework of cooperation across the scientific and education community. Data are shared to the minimum extent required, all participants treat them ethically and securely. Recipients are mostly subjects participating in research or education. That is mandated by Federation membership conditions, for instance, categories Research & Scholarship, Code of Conduct, and SIRTFI. Personal data being provided, and their intended use, are explained to the user. Should the user fail to agree with the stated manner of personal data processing, the service will not be provided.


Last modified:: 2018/05/28 16:16