-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathethics_security.tex
41 lines (33 loc) · 2.85 KB
/
ethics_security.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
\subsection{Ethics}
\subsubsection{Ethics framework and relevant legislation}
All activities of the \TheProject project will conform to National, EC and International legislation as listed and described below:
\begin{compactitem}
\item The Charter of Fundamental Rights of the EU.
\item The European Convention for the Protection of Human Rights and Fundamental Freedoms.
\item The European Charter for Researchers and the Code of Conduct for the Recruitment of Researchers
\item The Data Protection Directive (95/46/EC) of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
\item The European General Data Protection Regulation (GDPR)
\item The Directive on Privacy and Electronic Communications (2002/58/EC) as well as the new ePrivacy directive.
\item The Directive on the Re-use of Public Sector Information (2003/98/EC) as well as the new revised version.
\end{compactitem}
\subsubsection{Protection of personal data}
The aim of \TheProject is to improve the accessibility, interactivity, and reproducibility of computational research in the EOSC. The handling and protection of personal data must therefore be carefully considered. For this reason, the following activities are foreseen:
\begin{compactitem}
\item Appointment of a Data Protection Officer (DPO) for the project. The DPO will be responsible for overseeing data protection strategy and implementation to ensure compliance with ethics and legal requirements, particularly focusing on GDPR provisions.
\item For organisations that must appoint a DPO under the GDPR: Involvement of the data protection officer (DPO).
\item For all other organisations: Details of the data protection policy for the project (i.e. project-specific, not general).
\item Elaboration of a Data Management Plan (D1.2, D1.4), which will include, but will not be limited to, details of procedures for data collection, anonymisation, storage, protection, retention, destruction, and re-use.
\item Providing details of the security measures to prevent unauthorised access to personal data.
\item Anonymisation/Pseudoanonymisation in case network traffic needs to be stored for processing. This will include not only replacement of IP addresses, but also replacement of HTTP requests, since these also may contain data which can be associated with individuals.
\item Informing about details of the data transfers (type of data transferred and country to which it is transferred ? for both EU and non-EU countries).
\end{compactitem}
\subsection{Security}
The BOSSE project does NOT involve any of the following:
\begin{compactitem}
\item activities or results raising security issues: NO
\item 'EU-classified information' as background or results: NO
\end{compactitem}
%%% Local Variables:
%%% mode: latex
%%% TeX-master: "proposal"
%%% End: