Data Privacy within AEGEE Explained

During Agora Rhein-Neckar the Agora requested the Comité Directeur to investigate the data privacy of our members within AEGEE through a motion. Because the Mediation Commission is the Data Privacy Ombudsman as is defined in the Corpus Iuridicum, the Comtié Directeur cooperated with the Mediation Commission to investigate the situation, look at the current pitfalls, and propose changes to further improve the Data Privacy within AEGEE. Here will try to explain what Data Privacy is, why it is important for you and all other members, after which the basic idea behind the policy is explained, then the legal structure and finally an overview and some examples of who can view your personal data.

This document is not the actual proposal but just servers as background information.

Data Privacy, what about it?

Personal data of members are necessary to be able to make AEGEE work. A simple example is your name and e-mail address for the use of mailing lists, but also other personal data might be necessary to organise events, get sponsoring, to understand our network better, or for the use of certain online tools.

Data Privacy has become a hot topic since the many leaks in the past few years (Wikileaks, Snowden-files, etc.). As AEGEE we responsible for the personal data we have from every single member and antenna. You have given it assuming that we will not use it for spamming, selling or giving it to others without your consent or abuse it in any other way.

We AEGEEans, should always consider fellow members that are living in regions of Europe in which democratic values, freedom of speech and privacy are under threat, or may be threatened in the future. These members should be able to express themselves and participate as much as everyone else, not being held back by possible threats from local governments or security agencies. Also we should respect someone’s choices not to be named or portrayed publicly.

Because we all have this responsibility we should always make sure that our actions will not jeopardize someone else’s privacy or even safety. Because it is difficult to keep track what is going on in the network with regards to personal data and your privacy the Mediation Commission acts as Privacy Ombudsman for AEGEE. They can be requested for the use of certain data and inquired for issues or problems regarding your, or your antenna’s privacy.

Policy

The policy is built upon legislation guidelines and refers to personal data and antenna data.

European and National Legislation

The bottom line of the Privacy policy within AEGEE are the national regulations considering privacy. We will always try to conform to these regulations.

Internal Guidelines

Because AEGEE is a complex network of people, antenna and bodies, a more specific policy has been set-up to increase security considering your privacy.

Keep internal if public is not necessary

The main rule of thumb that AEGEE will try to keep your data internal if it is not necessary for any primary goal or process for which it needs to be public. If your data needs to be public for something it means that only the specific personal data required will so and not all data that is available.

Anonymise data if possible

In case data is used for analysis or statistics, the data will first be anonymised by either the CD or the Mediation Commission. The persons or party that will do the analysis will therefore only receive generic data that cannot be linked to a specific person.

Responsible people should be aware and be accountable

People that need to work with your personal data will be requested to sign a Data Privacy Agreement in which they state that they will handle the data with care. Within this agreement it is stated which data they have access in respect to which function they are occupying and for which period of time. Requests to access certain data can be made through the Mediation Commission.

Keep sensitive data internally confidential

Any information that is either sensitive or not required to be known by the entire network will only be available to those within the network that require it for their work. Sensitive information is generally only available to those who are defined in the document describing the Data Types and Tools within AEGEE. Exceptions are not easily granted.

Legal Structure

Within the Corpus Iuridicum there is a section on the Data Privacy Policy Statement (DPPS). This policy statement is approved by the Agora and changes can be made accordingly. Within the policy statement the goal is defined, about storage and processing data, data security, rights & obligations and commercial use of data.

Once people within AEGEE are required to work with personal data (either administrative functions or organisational functions), they are required to sign a Data Privacy Agreement (DPA) giving their consent to act responsibly with the data they are allowed to access.

Finally, for some events applicants will also sign a separate agreement, a privacy statement or disclaimer. For example for applying for the Agora or a Summer University. Within these agreement you generally agree that the organiser of the event has access to your information

Proposed Changes

In the proposed changes the DPPS is extended to explicitly define what kind of data may be public, and what data should be internal or even internally confidential.

Public means that the data is public to anyone in and outside of AEGEE;

Internal means that the data is only available to the members of AEGEE through the use of a log-in form;

Internal confidential means that only specific people within AEGEE have the right to access that piece of data.

Also the different Data tools and the way data is stored is being defined in the proposed changes. All these changes should be acted upon. Changes can be made, but should be approved or ratified by the Agora after which the change comes into effect.

The lists of data, tools and storage types are defined in separate documents and referred to in the DPPS.

So who can access your information?

Who can access which information is defined in the document on Types of Data, Communication Tools, Data Storage and Locations. Below some examples are given.

Elected persons

Elected persons in AEGEE-Europe with specific function can access part of your information after they have signed a Data Privacy Agreement (DPA). For example members of bodies will generally have less access to your personal info than the Comité Directeur. Also data about locals will usually only be available to the NetCom and to the Comité Directeur.

Events

When applying for AEGEE events the organisers can access your private information from the intranet and the extra data you submitted through their application form. Event organisers are expected to handle your information carefully and act according to the Data Privacy rules of AEGEE-Europe.

External Tools (Podio, YPart, Statistics, etc.)

AEGEE may use external tools for certain tasks. For example for administrative, statutory, communication or statistical tasks. The Mediation Commission with support of the Juridical Commission will look into the privacy policy of the third party software and check if it fits within AEGEE Privacy Policy. Unless the external tool is approved by the Agora to be an official and obligatory tool, you have the right to not use it or become part of it. This does not mean alternatives will be given.

In case of using external tools it is your own responsibility to make sure you act safely with your data and those of others.

Sponsoring

AEGEE-Europe may send you a promotional e-mail on behalf of a company. They may however not give your e-mail addresses to that company for the same purpose. This means that your data will stay secure within AEGEE. If you do not want to receive such e-mails you can request to sign a Data Protection Statement in which you indicate this.

Other forms of sponsoring in which personal data is given to a company may be possible, but only if you have given your personal consent to this specific sponsor deal, for example the sales of CVs.

Retrieving your own information

You have the right to request what data is known about you. You can make these request through the Mediation Commission.

Inquiries

Do you have any questions, objections, issues or suggestions, do not hesitate to contact the Mediation Commission at medcom@aegee.org.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>