2018 Internet2 Global Summit

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Regulating User Privacy in Europe: GDPR

Time 05/08/18 08:45AM-10:00AM

Room Pacific 25-26

Session Abstract

The EU General Data Protection Regulation (GDPR) is Europe's new privacy regulation that aims to provide for harmonization of data privacy laws across Europe and to protect and empower all EU citizens data privacy.

The GDPR affects all organisations that process personal data of anyone in the European Union (EU) and in non-EU members of the European Economic Area (EEA), resident or not. This holds no matter where the user is, or where the processing takes place, even if the processing organisation is located outside the EU/EEA. It must be implemented in national law by all member states within European Union and by agreement in all non-EU-member states of the European Economic Area effective date 18 May 2018. Unlike the previous EU Data Protection Directives (DPD) which gave member states some leeway in interpretation and implementation, as a regulation, the GDPR is a binding legislative act and must be applied in its entirety, fostering harmonisation of data protection laws. The most important changes that GDPR brings are in the areas of Increased Territorial Scope, Penalties, Consent, Breach Notification, Right to Access, Right to be Forgotten, Data Portability, Privacy by Design and Data Protection Officers.

GDPR regulates the core business of identity federations, e.g. release of personal information from an Identity Provider to a Service Provider. Therefore, it is important for all parties within a federated environment to understand the impact of the new regulation. All IdPs, SPs and federation operators within EU/EEA are directly in the scope of GDPR. The increased territorial scope of the new regulation also makes all Service Providers that accept end users from within EU/EEA affected by GDPR even if they operate outside EU/EEA.

This session will present the evaluation of the GDPR regulation impact on trust and identity eduroam and eduGAIN services, recommendations and activities taken to approach them. The findings will be presented in an introductory presentation, followed by the discussion engaging with the session participants.


Speaker Miroslav Milinovic GÉANT

Speaker Nicole Harris GÉANT

Speaker Pål Axelsson SUNET (Swedish University Computer Network)

Speaker Marina Adomeit AMRES (Academic Network of Serbia)

Presentation Media

media item thumbnail GDPR: An Overview

Speaker Marina Adomeit SUNET (Swedish University Computer Network)

Speaker Pål Axelsson SUNET (Swedish University Computer Network)

Speaker Nicole Harris GÉANT

Speaker Miroslav Milinovic GÉANT

Primary track Trust, Identity, and Security

platinum Sponsors

gold Sponsors

bronze Sponsors