About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [address-policy-wg] IP Addressing policy on personal contactinfo (kf)

  • To: Kurt Erik Lindqvist < >
  • From: Andrei Robachevsky < >
  • Date: Wed, 20 Aug 2003 14:14:39 +0200
  • Cc: Shane Kerr < >
    Pascal Julienne < >
Kurt Erik Lindqvist wrote:
[...]
We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives.


I think that issue is somewhat more problematic than that. I guess
that what Katri is actually asking for is the Swedish data protection
law. I am no expert on this law but from what I know / remember, the
law requires the direct consent of the registered party as well as
certain guarantees that the data is not passed on (within some
limits). This means that the Swedish ISPs in order to register these
customers actually needs written consent from the customer, as well
as to solve the issue on passing that data on further by registering
the data in the RIPE DB.

Perhaps someone that knows the issue better could comment?

The lawyers told us that these registrations need to comply with the
Dutch Data Protection Act which is derived from the EU Data Protection
Directive.

According to this Directive and the Dutch Data Protection Act storage
and publication of personal data in a database is possible only (Article
7 EU Directive):

a) with the data subject’s unambiguous consent, or

b) if necessary for the performance of a contract to which the data
subject is party or in order to take steps at the request of the data
subject prior to entering into a contract, or

c) if necessary for compliance with a legal obligation to which the
controller is subject (controller is the party responsible for
determining the purpose and means of the processing of personal data), or

d) if processing is necessary in order to protect vital interests of the
data subject, or

e) if necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in a controller
or in a third party to whom the data are disclosed, or

f) if necessary for the purposes of the legitimate interests pursued by
the controller or by the third party or parties to whom the data are
disclosed, except where such interests are overridden by the interests
for fundamental rights and interests and freedoms of the data subject
which require protection under the EU Directive.

They though that e) and f) may apply.

Also, after discussing the case with the Dutch Data Protection Authority (and their main concern was .de unreferenced data at that moment), the conclusion was that though there are some issues, the problem should be significantly reduced after removal of .de contact data and other stale information that has no direct relationship to the NCC's business.

Best regards,

- kurtis -

Best regards,

Andrei Robachevsky
RIPE NCC
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community