About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dp-tf] Authorization to publish personal data in the DB (wasRe: [dp-tf] Quadlogy of person proposals)

  • From: "Wilfried Woeber, UniVie/ACOnet" <
    >
  • Date: Tue, 17 Jul 2007 11:39:46 +0000
  • Organization: UniVie - ACOnet
  • Reply-to: 
Janos, team,

after listening to some "important" consumers of data kept in the RIPE DB,
I am feeling strongly that e) does apply as well.

And on the item of who's data (whatever set) to register as the repsonsible
contact for a unique global resource: In principle the policy and procedure
machinery does already provide for *not* involving the end user at all.

ISPs are allowed to do self-assignments and still allow their customers to use
those (potentially dynamilcally assigned) addresses. But, for the end user,
it is a matter of either/or! You cannot keep your lunch and eat it at the same
time. You cannot reasonably be expect to be listed as legitimate holder of a
resource and remain anonymous at the same time. this is where "e)" comes in to
the picture, imho.

The only thing that *might* get us into trouble is the monopoly situation that
trickles down from IANA to the RIRs and the LIRs. the last thing I'd want to
suggest is portable addresses like in the phone world ;-)

Wilfried.

PS: when we designed the irt: object we already had the vision to cater for
breaking the one-to-one relationship between holding resources and providing
authoritative contact information for operational and abuse situations :-)

Janos Zsako wrote:

> Dear Larisa,
> 
>> Let's look if the RIPE Database rules comly with it.
>> For example, Section II, "CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE"
>>
>> 1. Member States shall provide that personal data may be processed
>> only if:
>> (a) the data subject has unambiguously given his consent; or
>>
>> No. admin-c and tech-c are mandatory, without any personal consent
> 
> 
> I am not sure this is the right way of putting it.
> Yes, admin-c and tech-c _are_ mandatory, however, nobody
> says you may (or even worse: you should) publish such data
> without the given person's consent. In fact we never did so,
> and I am sure many other people did not do so either.
> The idea is that you have to find a person who consents to
> this, and only publish his/her data.
> 
>> So, WHAT MAKES PERSONAL DATA PROCESSING IN THE RIPE DB LEGITIMATE?
> 
> 
> I think you are right, the only paragraph that may apply is
> (a) above. What we have to make sure is that people act in
> accordance with it.
> 
> Best regards,
> Janos
> 
>
Post To The List:

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community