<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'> All, The Dutch DPA does not, by way of policy, respond to requests to look into policies upfront. No exceptions allowed. This is how the policy was explained to me last year by the DPA. So even if RIPE NCC wants to have a ruling this way, she will not get one. So it's of no use to keep discussing this part here. The DPA may look into complaints though. In this it should not matter where a complaint comes from. Whether or not she does, is at her discretion. So if you've filed a complaint, you need to go through that channel and follow it up with a call, e.g. There's nothing that this WG could do to alter this. Regards, Wout de Natris - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - De Natris Consult Raaphorst 33 Tel: +31 648388813 2352 KJ Leiderdorp Skype: wout.de.natris <a href="mailto:denatrisconsult@hotmail.nl">denatrisconsult@hotmail.nl</a> http://www.denatrisconsult.nl Blog http://woutdenatris.wordpress.com <div> > Message: 1 > Date: Tue, 17 Jan 2012 08:20:06 -0500 > From: "russ@consumer.net" <russ@consumer.net> > Subject: Re: [anti-abuse-wg] What is Personal information? > To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> > Message-ID: <4F157586.5030108@consumer.net> > Content-Type: text/plain; charset=UTF-8; format=flowed > > >In other words, Russ could probably approach the Dutch privacy > regulator with a query, cc RIPE NCC legal, and then accept whatever > ruling applies? I seriously doubt if anybody on this list >other than > the three parties above is qualified to comment definitely on this > issue. So - Russ, please take it offlist, and do come back to let us > know what ruling you get. I personally would be >interested in what you > learn. > > > >Under Dutch (and European) privacy directives, any information that > can uniquely distinguish a natural person (ie. NOT 'a business'...) is > to be considered 'personal information'. So, an IP >address CAN be > personal information, if the data collector can link it to a person > without too much hassle. Think webshops who log your IP at logon, they > can connect that to your account >data, so in *that* case an IP address > is logged by the shop is indeed considered 'personal information' and > must be protected by the shop accordingly. In your case with RIPE, your > IP address is >probably not considered 'personal information'. IANAL. > Check out http://en.wikipedia.org/wiki/Data_Protection_Directive. > > > The same reasoning that says RIPE database information is "personal > information" can be applied to IP addresses (in some cases). > If the IP is registered you would get those contacts by running a whois > (or doing a reverse lookup would identify a domain which > can bee looked up). It seems to me if the RIPE database entries are > "personal information" then so it the IP address associated > with that record. Even if is is personal information the issue is then > whether they gave permission to have it posted in a public database. > > If the RIPE NCC legal department had an answer it would have been put on > the public reports and/or they would answer the inquiries > put forth my me and others. I have sent an inquiry to the Dutch > privacy office but, while these offices sound good in theory, > they are usually a bureaucratic nightmare. Since I dot live within the > region I think it is unlikely I would get an answer. If the process > is legitimate I would have thought RIPE would have gone to the office > for a ruling before they changed the access policy. the fact is > RIPE won't supply their legal department's analysis and they won't > respond to my request to have the Dutch privacy office review the > matter. There would be a much better chance of getting a ruling if RIPE > would ask them ... but they don't seem to want to do that > so I can only speculate why they would not want to do the obvious thing. > > Thank You > > > > </div> </div></body> </html>