Legal Framework and Procedures Proposed by the Data Protection Task Force
The DPTF proposed a legal framework for the operation of the RIPE Database and procedures for access to and use of personal data, in compliance with Dutch data protection regulations. In particular, the DPTF proposed that the RIPE NCC:
- Create the RIPE Database Terms and Conditions
- Restrict unlimited access to the RIPE Database by creating the RIPE Database Acceptable Use Policy and by modifying the various RIPE Database-related services (such as the Near Real Time Mirroring (NRTM) and the bulk access service) so that these services would be offered without personal data
- Introduce a procedure for the removal of personal data from the RIPE Database
- Make the “mnt-by:” attribute mandatory for all objects
- Clean up any unreferenced personal data from the RIPE Database
The DPTF proposed these documents and procedures to the RIPE community, in particular the RIPE Database Working Group and the RIPE NCC Services Working Group, and the RIPE community approved them by consensus.
In the interests of transparency, this report explains the reasons behind the DPTF’s creation of this legal framework and other procedures.
The RIPE Database Terms and Conditions
The RIPE Database is a publicly available database that contains a range of data, including personal data. The Data Protection legislation passed by the Dutch government (in line with the European Union Directive, 95/46/EC) provides that personal data must be collected and processed for specific purposes consented to by the data subject, and this data must not be further processed in a way incompatible with these purposes.
All data in the RIPE Database is collected for specific, legitimate purposes. These purposes had to be explicitly stated in order for data subjects to give their consent on the use of their personal data. It was also necessary to ensure that RIPE Database users only use this personal data for the stated purposes.
The DPTF collected all of the purposes and all terms and conditions according to which the RIPE Database and the data it contains are made available, and drafted the RIPE Database Terms and Conditions.
Anyone wishing to use the RIPE Database must agree to these Terms and Conditions and in particular to the condition that the personal data contained in the RIPE Database is only used for the purposes specified in the Terms and Conditions. Use of this data for any other purpose is strictly forbidden.
Unlimited access restrictions
The RIPE Database Acceptable Use Policy
The RIPE Database has historically been a publicly available service to which anyone might have unlimited access. The DPTF considered that this unlimited access could lead to abuse of the personal data in the RIPE Database. Moreover, unlimited access to the personal data contained in the Database cannot be justified by any of the purposes under which that personal data is provided. Mining personal data is not a purpose of the RIPE Database. The DPTF estimated the maximum number of possible times a network operator would need to obtain personal data from the RIPE Database (for example for the purposes of reporting abuse or troubleshooting) and, based on this, drafted the Acceptable Use Policy (AUP), which clearly defines access limits to the personal data in the RIPE Database. Users exceeding these limits would have their access blocked.
The AUP also took account of queries made to the RIPE Database through web interfaces hosted by third parties (proxies). In such cases, the access limits are higher as such interfaces are intended to be used by more than one user.
NRTM and Bulk Access Service
The DPTF reviewed the RIPE Database-related services offered by the RIPE NCC and determined whether those services complied with Dutch Data Protection legislation.
The NRTM and Bulk Access services offer the possibility for network operators to have access to all the data contained in the RIPE Database in bulk. While this can be justified for most of the data contained in the RIPE Database, bulk access to personal data cannot be justified under any of the RIPE Database’s stated purposes. Therefore the DPTF proposed that NRTM and Bulk Access should be offered without personal data that includes identifiable information (note that according to the Dutch legislation personal data is any information relating to an identified or identifiable natural person).
Removal of Personal Data Procedure
According to the Dutch Data Protection legislation, the data subject has the right to ask for their personal data to be removed from any database in which it is stored. Accordingly, the DPTF created a procedure whereby anyone whose personal data is contained in the RIPE Database may request that this data be removed.
Some of the personal data contained in the RIPE Database is added by the data subjects themselves, while some is added by others (generally those responsible for the specific Internet number resources). To comply with Dutch Data Protection legislation, it must be clear who is responsible for maintaining specific personal data in the RIPE Database. Therefore the DPTF proposed that the database attribute of “Maintainer” (mnt-by) be made mandatory for all objects. This is to be used to indicate who is responsible for specific personal data in the RIPE Database.
Clean Up of Unreferenced Personal Data
The RIPE Database contained personal data that could not be referred to any other object (record) in the database. No one appeared to be responsible for this data and its existence in the RIPE Database could not be justified.
The DPTF proposed cleaning up this unreferenced data from the RIPE Database. The DPTF also created a “white pages” mechanism for those wishing to have their personal data publicly available in the RIPE Database without having their objects refer to any other objects in the database.