About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dp-tf] Authorization to publish personal data in the DB (wasRe: [dp-tf] Quadlogy of person proposals)

  • To: "Larisa A. Yurkina" <
    >
  • From: Janos Zsako <
    >
  • Date: Fri, 15 Jun 2007 16:03:21 +0200
  • Cc: "Elmar K. Bins" <
    >, 
Dear Larisa,


Let's look if the RIPE Database rules comly with it.
For example, Section II, "CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE"

1. Member States shall provide that personal data may be processed only if:
(a) the data subject has unambiguously given his consent; or

No. admin-c and tech-c are mandatory, without any personal consent

I am not sure this is the right way of putting it.
Yes, admin-c and tech-c _are_ mandatory, however, nobody
says you may (or even worse: you should) publish such data
without the given person's consent. In fact we never did so,
and I am sure many other people did not do so either.


ripe-252 states what contact information is:

"details of people who are responsible for the operation of networks
or routers, and those who are responsible for maintaining information in the RIPE Database."

Or the person responsible for all that either not responsible.
If the person is responsible, he/she must be published.

Again, this is not the proper way to put it.

Nobody can oblige you to breach the law. You have to
publish the data of a person responsible for the
operations/maintenance. If within an organization
somebody does not accept to have his/her data published,
they have to appoint an other person who assumes this
responsibility and accepts to have his/her data
published.


If you have never did so, - very bad! :)

What I said is: we never published personal data without the
given person's consent. I do not think this was bad. :)




The idea is that you have to find a person who consents to
this, and only publish his/her data.



So, WHAT MAKES PERSONAL DATA PROCESSING IN THE RIPE DB LEGITIMATE?

I think you are right, the only paragraph that may apply is
(a) above. What we have to make sure is that people act in
accordance with it.

Best regards,
Janos





With respect,
Larisa Yurkina
---
RIPN Registry center
-----
Post To The List:

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community