European Commission logo
INSPIRE Community Forum

Example metadata indicating personal data

  • Peter PARSLOW
    Peter PARSLOW

    I know I've left it a long time to comment, but I've just taken a look at this sample. There are things I like about the approach: use of an existing ISO 19115 constraint structure; use of URLs out to controlled lists.

    Setting aside for now that the code list at the end of the URL is behind a log in, there is one aspect that doesn't seem quite right to me: using the ISO 19115 MD_SecurityConstraints class. The current Metadata TG contains the statement "gmd:MD_SecurityConstraints has for many countries only military use". It seems to me that GDPR (& it's predecessors) lead to legal constraints, not security ones, so MD_LegalConstraints would be the appropriate ISO 19115 element to use.

    Of course, we (INSPIRE) already use it for the existing "limitations on public access" element. But actually that is what we are doing here - limiting the public access, due to the presence of personal data. And in fact INSPIRE already allows that access can be restricted for these reasons (

    So isn't it closer to the current metadata guidance to state in the metadata that access to the data is limited for Article 13 1(f) reasons? The fact that a new law has come along doesn't actually affect this, does it?