When is the information screen displayed?
The revised screen appears each time a student, lecturer, researcher or employee of an educational or research institution visits a new service for the first time using SURFconext. This screen is also displayed to users if something changes in the attributes a service receives. Imagine, for example, that the name of the user that the institution sends through to the service is spelt incorrectly. You inform your institution about this and it is then corrected. The next time that you visit the service you will see the information screen again, now with the corrected details.
The screen is also displayed if the service needs new attributes about the user. Imagine that the service previously only wanted your email address, but now also would like to know your name. That is a change to the attribute set, which means you will be shown the information screen again.
What other information does the information screen show you?
The information screen includes:
- A short explanation of SURFconext (see also Figure 2)
- A link to the service’s privacy policy (if known)
- The list of attributes the service needs, for example your name and email address
- The reasons why the service needs each attribute (if known)
- An explanation of what the user can do if there are any mistakes in this list, for example if the name is spelt incorrectly.
- (Optionally) An extra warning message from the institution, including a link to, for example, the institution’s fair use policy.
- A link to the SURFconext profile page, where the user can see more information about SURFconext and the services they use through SURFconext
- The option to abort logging in (for example if you do not want the service supplier to receive your attributes)
(text continues after visuals)
For what can institutions use the extra warning?
Institutions have the option to add an additional warning message for each service to their users (option 6). This message can be used to emphasise something, for example that the user is about to log in to a service that is not supported by the institution. By means of this message, the institution might, for example, make clear that: “You can log in here, but we do not provide any support for this service. Take particular care with which data you store using this service.” For maximum impact, institutions are advised to use the message sparingly.
We opted for this, in agreement with the institutions, because they are often hesitant to link new services. Users regularly ask for access to new services and linking to them may be technically feasible, but the institutions are sometimes concerned that this could, for example, create an extra workload for the help desk.
Agreement or information?
Alert readers will have noticed by now that a similar screen already exists. That is true. On the old screen, SURFconext asked the user to explicitly agree to their attributes being provided to the service. The new screen informs the user, but does not explicitly request their agreement. There is a legal reason for this. The agreement screen could create the impression that the user is giving their consent as per the GDPR. Consent under the GDPR implies, among other things, that the user can just as easily withdraw their consent later on. This is a challenge for SURFconext – to withdraw consent, you as the user would need to approach the service provider directly.
So what happens to the old screen?
Institutions can still opt to use the “old” screen (the variant that explicitly asks for the user’s agreement). It is also possibly to display no information screen at all. By default, the new information screen is displayed.
Administrators at the institutions (who have the role of SURFconext administrator) can use the SURFconext Dashboard to select for each service which variant is to be shown to their users. They can also configure an optional extra message there.
Webinar
SURFnet will shortly organise a webinar about the information screen (in Dutch). Keep an eye on the newsletter for more information.
0 Praat mee