DPPS What?! Introducing the Data Privacy Policy Statement

As any experienced AEGEE member might know, the Mediation Commission (MedCom) of AEGEE-Europe, besides mediating in disputes within our network, also acts as an ombudsman when it comes to data privacy. As for many people this might seem quite faraway from their daily AEGEE life and perspectives, or it might be difficult to grasp all the technical details of it, we thought it is time to explain the most recent ins-and-outs regarding data privacy in AEGEE, and finally explain what it means for YOU. For this we will let our readers ask some questions to the Medcom!
Agora Patra: data privacy statement
During Spring Agora Patra in 2014, we modified the “Data Privacy Policy Statement” – from this point referred to as DPPS – which was first adopted at Spring Agora Alicante in 2011. The purpose of this statement was to secure the right to privacy of AEGEE members with regard to the gathering and automatic processing of personal data relating to them, and information and all relevant data about the Association, its work and its members. Certainly in nowadays situation, with a lot of AEGEE work being done by online means and a lot of different data being stored this way, it is of the utmost importance to secure this. The statement outlined that all data should from that point on be classified in different categories:
– External data or data accessible for all;
– Internal data or data accessible only for AEGEE members (subject to exceptions granted by the ombudsman);
– Internal confidential data or data accessible only for certain AEGEE members holding an official position in the Association and responsible for information which they deal with and/or have access to for as long their term lasts.

Besides this, it was agreed that all data and AEGEE work shall be stored and presented through certain official tools meant for storing and spreading information accordingly. A list of approved data communication tools and a separate list of data storage tools according to the levels of protection would be made by the MedCom as the ombudsman for data privacy.

Implementing the data privacy statement
Since Agora Patra, the MedCom has worked to implement all aspects of the data privacy statement. It has started a big research, contacting all AEGEE bodies to find out exactly what kind of data is being used by different bodies, and what possible privacy risks could there be. This way, it would be possible for the MedCom to ensure the best possible compliance with the policy from all affected bodies and individuals. At the last Agora in Asturias, the MedCom finally came up with an annex to the data privacy policy statement, which was presented to the Network. To explain in a simple way, it basically consists out of three parts:

The first part categorises all data in the categories of external, internal or internal confidential data. For example, the Corpus Iuridicum Aegeense (CIA) is also available for externals, activity plans are internal data, but financial reports of locals are internal confidential data (avaliable only for the audit and the Financial Director of AEGEE-Europe). The second part, consists of approved communication tools according to the types of data. For example, The AEGEEan is for external use, so any data labelled “for internal use only” should not be communicated through The AEGEEan. The third part, lists which data storage tools are allowed for what kind of data. Of course, the demands that are set for internal confidential matters are much higher than those for external data.
For those who want to read the full annex with all listed types of data, you can view it here.

Right now, the MedCom is working on the last details analysing all data streams, and fully implementing all findings according to the DPPS and the DPPS annex. Of course, as always, this can only be done with the full cooperation of the network. So far, European bodies have all helped out listing the different types of data they touch. But in the next few months, more help is needed, mainly in the form of your awareness towards data privacy as a whole, and to the specifics being implemented.

As this is a case that concerns every AEGEE member, we let some active AEGEE members ask some (anonymous) questions.

Do you think the members actually care how their data is stored?
MedCom:
 Well, as the Agora approved the Data Privacy Policy Statement, it means they do care about it. Besides that, in nowadays society, we can clearly see a rising awareness towards our own privacy. For example, how many of you have friends on Facebook who made anonymous profile names, or to a lesser extent in guarding privacy, make sure to only make posts and pictures available towards friends, and not public? So if you do care about your privacy using tools like Facebook, we are sure our members also care about the privacy of their AEGEE data – even if it might seem harder to grasp than your Facebook privacy.

Do you encrypt every file in the mediation commission?
In the future, according to the DPPS, all data marked as internal confidential will be encrypted. But we have yet to work on how to implement this.

What does this mean for the locals?
For the locals, not so much will change, as the DPPS outlines data within AEGEE-Europe, thus it mainly affects European bodies that have to abide by it. Every local can have their own power how they regulate their own data towards the public and their members, only when it concerns official AEGEE communications and data, every local (and individual AEGEE member) should follow the guidelines being set. But it also works the other way around in this: any information a local has to send to AEGEE-Europe will now be classified in a certain way protecting the privacy of the data of your local. For example, the financial report your local has to send will be marked as “internal confidential” data only visible for the Financial Director and the audit, and not for anyone else!

On a final note, we would like to thank everyone for their cooperation regarding data privacy, and would like to note we are always open towards any input or questions you might have – you can email us at medcom@aegee.org!

 

Written by the Mediation Commission

You can follow the discussion on the DPPS on the forum here.