[anti-abuse-wg] [ncc-services-wg] EU Data Protection
- Previous message (by thread): [anti-abuse-wg] EU Data Protection
- Next message (by thread): [anti-abuse-wg] RIPE Autonomous System Numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Wed Nov 5 17:48:03 CET 2014
On 5 Nov 2014, at 16:20, Sascha Luck <lists-ripe at c4inet.net> wrote: > how does the uncontrolled publishing of that data possibly comply > with the EU Data Protection Directive and imminent General Data Protection Regulation, > > especially considering the entirely uncontrolled transfer of such > data to non-EU countries (whois lookups!)? > > IANAL, but to me it looks like a breach of said regulations. Sacha, what matters here is how Dutch law enacts the EU directive and regulation and how the Dutch Data Protection Authority enforces that law(s). I would presume/expect the NCC's legal staff have already checked this or got expert advice. The NCC is already publishing Personal Data -- eg names and addresses for Contact Objects -- without violating Dutch/EU Data Protection and/or Privacy legislation. So I would assume that publishing Person Objects will be equally acceptable. My understanding is the issues around export of Personal Data apply to cases where the data are processed/controlled in a country that does not have a Data Protection regime or Safe Harbour provisions equivalent to the EU Directives and Regulations. Publishing whois data probably does not fall into that. IANAL either. Though I have dealt with whois issues, ICANN, Data Protection and far too many lawyers in a previous life. The scars have nearly healed.
- Previous message (by thread): [anti-abuse-wg] EU Data Protection
- Next message (by thread): [anti-abuse-wg] RIPE Autonomous System Numbers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]