Re: [dp-tf] Authorization to publish personal data in the DB (was Re: [dp-tf] Quadlogy of person proposals)

[Leo Vegoda <]

Larisa,

On 15 Jun 2007, at 1:16pm, Larisa A. Yurkina wrote:

[...]

> Right. EU Directive will be also OK.
> Let's look if the RIPE Database rules comly with it.
> For example, Section II, "CRITERIA FOR MAKING DATA PROCESSING  
> LEGITIMATE"
>
> 1. Member States shall provide that personal data may be processed  
> only if:
> (a) the data subject has unambiguously given his consent; or
>
> No. admin-c and tech-c are mandatory, without any personal consent
It is possible to provide useful contact information without  
providing personal information. A self referential role object like  
this could be used and filled with non-personal data that allows  
contact from third parties when necessary:

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

role:           Test Role Object
address:        Anywhere
e-mail:         example@localhost
admin-c:        TRO5-RIPE
tech-c:         TRO5-RIPE
nic-hdl:        TRO5-RIPE
changed:        example@localhost 20070615
source:         RIPE

A person object could also be used, I suppose, although it might be  
confusing to have a person object that shows a role's name.

I think the important thing is to carefully select the data that is  
published.

Regards,

--
Leo Vegoda
IANA Numbers Liaison