About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

[dp-tf] Authorization to publish personal data in the DB (was Re: [dp-tf]Quadlogy of person proposals)

  • To: "Larisa A. Yurkina" <
    >
  • From: Janos Zsako <
    >
  • Date: Thu, 14 Jun 2007 17:23:29 +0200
  • Cc: Denis Walker <
    >, 
Dear Larisa,

Let me understand correctly what you say.

You are saying that we may not invent new authorization rules,
as these are laid down by the law already (and may not be changed).

I think this (inventing new rules) is not what Manfredo (or I) suggested.

What I said is that by some contract/agreement with the data maintainer
(from RIPE DB point of view) we can make sure that personal data is not
entered in the RIPE database without proper authorization (i.e. without
the authorization required by the law, whatever that may be).

Should a problem occur (e.g. the person complains, or the authorities
ask for evidence of the authorization) then the RIPE NCC, based on the
abovementioned contract can ask the maintainer to provide such evidence.
If this is not available, based on the contract terms, the RIPE NCC
may delete the illegal data (and may take further steps, like withdrawing
the right of that particular maintainer to put data in the database, if
such a clause exists in the contract).

This is why it is important to have this contract/agreement in place
with the data maintainer.

I hope this clarifies the situation.

Best regards,
Janos



So we've to return back in the task. Until we can get the appropriate
authorization, we cannot publish any personal data. We need not to stop
people to write into the database, even if this is not safe, but we
do_need to stop people to read from the database what (any data) not
properly authorized.



I wonder what authorization is from the point of view of the law.

In Russian DP act it is said, any personal data cannot be published without written
consent of the data subject. The 'written consent' consists of 6 points
including (besides name-address-tel etc) passport No with date of issue,  aim of
processing data, list of data which can be processed, list of operations the data
should undergo, terms of the consent given.

Had it been said that written consent could be replaced by authorization scheme,
it would be OK. But it had not.






Correct. This is what may eventually happen in the worst case, if DP
people (authorities) ask us to do that.

However, I do not think we should target to have this kind of behaviour,
as this would render the RIPE DB useless, like a Write Only memory. :)

Best regards,
Janos







With respect,
Larisa Yurkina
---
RIPN Registry center
-----





















Post To The List:

		



Replies




Message References






<<<
Chronological
>>>


Author
  
Subject


<<<
Threads
>>>







        		
      

    




        
        
        



      

         
    

    

  




 


  
 
    Next Section
    

  

  
 
     
        About RIPE | 
      Site Map | LIR Portal | 
       About the RIPE NCC 
      | Contact
| 
Copyright Statement

  





RIPE.NET Homepage
LIR Portal
RIPE Community