How to edit a page on GDPRhub: Difference between revisions

From GDPRhub
(Complaints have been filed along 2020 and January 2021 with the public Spanish University Carlos III in Madrid, Spain, for presumably not taking into account the data protection rights of their employees, while possibly exporting them to a non EES country through the platform Google Entreprise for Education.)
Line 1: Line 1:
==GDPRhub Style Guide==
'''DATA SECURITY UNDER QUESTION IN THE UNIVERSITY, SPAIN.-'''
Every EU jurisdiction has different legal writing styles. We have tried to develop a common ground in our [[GDPRhub style guide]].


→ Please consult the [[GDPRhub style guide]] before you edit pages.
Complaints have been filed along 2020 and January 2021 with the public Spanish University Carlos III in Madrid, Spain, for presumably not taking into account the data protection rights of their employees, while possibly exporting them to a non EES country through the platform Google Entreprise for Education. Concerns about data security of these transfers are a recurring reason for such complaints.
Most of these complaints take as a basis the landmark Case C-311/18, known as the Schrems II case, which invalidated the EU-US Privacy Shield on July 16, 2020. Details:


==How to edit an existing page==
In September 2020, a first complaint was filed with the University DPO for the holding of Academic Department Conferences through the medium of the Google Meet application, as a part of the Apps Enterprise for Education platform. DPO response laid mainly in the conventional guarantees offered by the standard clauses, or SCCs.
In general editing a wiki is simple: Just click the "edit" button in the right corner of a page and change the text.


→ For more details (like formatting) we recommend to check out the [https://www.mediawiki.org/wiki/Help:Contents MediaWiki Help Page]!
• In October 2020, a second complaint was filed with the University DPO, asking for transparence about the contracts signed between the University and Google Inc./LLC. This complaint is presently under study by the Spanish Council for Transparency.


===Text Editor===
• In January 2021, a new complaint was filed with the University DPO asking for the guarantees of “equivalent data security” in the framework of likely data transfers to non UE countries.
Traditionally you can edit Wikis in a text editor. Just click on "edit source" to get to the text editor. Here you can also enter Markup like <nowiki> [[Article 6 GDPR]]</nowiki> to make a text link to other pages. The text editor allows you to see the raw code of a page and gives you full control over what you edit.


===Visual Editor===
Up to this date, no satisfactory response has been given by the University’s DPO, which has defended the current use of the Standard Contractual Clauses (SCCs), routinely included in some Educational contracts with the Google trillion dollar monopoly.  
The visual editor allows you to edit the front page directly. Just click on "edit" to open the visual editor. This may be helpful if you only want to change a typo or add a sentence here and there.


==Add a new decision==
It is hoped, however, that the Spanish Data Protection Agency, Agencia Española de Protección de Datos, will soon launch a thorough assessment of the data transfers in the University, on account of the presumable lack of guarantees evidenced by US surveillance practices (i.e., UPSTREAM, PRISM) and relevant US laws (principally Section 702 of Foreign Intelligence Surveillance Act, or FISA 702,  and Executive Order 12333).


If you want to add a new decision, you can find all information here on the "Add a decision" page!
Given the reluctance of the Spanish University Carlos III de Madrid to introduce supplementary measures, the judgement by the Spanish DPA will be crucial in determining whether the present tools are sufficient or additional tools will be required. It is expected that a careful mapping of the international data flows and the existing transfer mechanisms via Google LLC will result in a deep revision of present practices in the University.
 
→ See [[How to add a new decision]]
 
==Add a new page==
It is generally not foreseen to add other pages than new decisions. You may however submit a new page like on any other wiki.

Revision as of 20:32, 13 February 2021

DATA SECURITY UNDER QUESTION IN THE UNIVERSITY, SPAIN.-

Complaints have been filed along 2020 and January 2021 with the public Spanish University Carlos III in Madrid, Spain, for presumably not taking into account the data protection rights of their employees, while possibly exporting them to a non EES country through the platform Google Entreprise for Education. Concerns about data security of these transfers are a recurring reason for such complaints.

Most of these complaints take as a basis the landmark Case C-311/18, known as the Schrems II case, which invalidated the EU-US Privacy Shield on July 16, 2020. Details:

• In September 2020, a first complaint was filed with the University DPO for the holding of Academic Department Conferences through the medium of the Google Meet application, as a part of the Apps Enterprise for Education platform. DPO response laid mainly in the conventional guarantees offered by the standard clauses, or SCCs.

• In October 2020, a second complaint was filed with the University DPO, asking for transparence about the contracts signed between the University and Google Inc./LLC. This complaint is presently under study by the Spanish Council for Transparency.

• In January 2021, a new complaint was filed with the University DPO asking for the guarantees of “equivalent data security” in the framework of likely data transfers to non UE countries.

Up to this date, no satisfactory response has been given by the University’s DPO, which has defended the current use of the Standard Contractual Clauses (SCCs), routinely included in some Educational contracts with the Google trillion dollar monopoly.

It is hoped, however, that the Spanish Data Protection Agency, Agencia Española de Protección de Datos, will soon launch a thorough assessment of the data transfers in the University, on account of the presumable lack of guarantees evidenced by US surveillance practices (i.e., UPSTREAM, PRISM) and relevant US laws (principally Section 702 of Foreign Intelligence Surveillance Act, or FISA 702, and Executive Order 12333).

Given the reluctance of the Spanish University Carlos III de Madrid to introduce supplementary measures, the judgement by the Spanish DPA will be crucial in determining whether the present tools are sufficient or additional tools will be required. It is expected that a careful mapping of the international data flows and the existing transfer mechanisms via Google LLC will result in a deep revision of present practices in the University.