[members-discuss] is the RIPE NCC GDPR compliant ?
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Thu Feb 21 10:37:57 CET 2019
Greetings, Just a small note about "the law of a given country from where the LIR is from": In case someone didn't notice, this is really any country/economy in the world -- i.e. it is *not* restricted to the NCC's Service Region. Best Regards, Carlos Friaças On Thu, 21 Feb 2019, lir at unitelmedia.pl wrote: > > Hello > > You ask when they will start to comply with the law or rather adapt it to the requirements GDPR > > I will add a question when will they start treating all LIRs the same? > > The second question is when they start to respect the law of a given country from where the LIR is from ? > > Promises of RIPE employees that they will improve procedures etc. are worth as much as rubbish thrown into the waste bin > > So much on the subject I can add more but does it make any sense at all? > > > > -- > > Grzegorz Dacka > > > > > > From: members-discuss <members-discuss-bounces at ripe.net> On Behalf Of Elvis Daniel Velea > Sent: Thursday, February 21, 2019 1:33 AM > To: members-discuss at ripe.net > Subject: [members-discuss] is the RIPE NCC GDPR compliant ? > > > > Hi everyone, > > this e-mail is addressed to the RIPE NCC, but because they have continuously ignored the issues raised at the RIPE Meeting in > Amsterdam, I am going to formally ask them to fix these things which, I believe, are not GDPR compliant. > > 1. Ticketing system > > - when someone wants to open a ticket with the RIPE NCC, the only way to do that is by sending an e-mail. It would be stupid > to ask users to send e-mail without attachments (in order to open the ticket) and then go to the LIR Portal and upload > documents to that ticket but it seems the RIPE NCC is asking exactly that from the members. > > - when someone sends an e-mail to the RIPE NCC and includes documents (RIPE NCC often requests company registration documents > and - sometimes - copies of passports/IDs) the links to those documents hosted on zendesk are returned to the sender and > (sometimes) all the LIR contacts. If that e-mail is forwarded to anyone, it includes the zendesk links and therefore anyone > that receives the RIPE NCC e-mail or a forward of that e-mail will receive links to company registration documents and IDs of > people. > > I doubt this is GDPR compliant and I would like a response from the RIPE NCC on why they have not fixed this issue even if it > was reported 4 months ago. > > Several ways to fix this: > > - e-mails sent by zendesk should not include any link > > - allow users to create tickets and communicate to the RIPE NCC via the LIR Portal and stop e-mail communication with members > > 2. RIPE DB > > The RIPE NCC Customer Services Department forcefully (*) creates person objects in the RIPE Database _MAINTAINED BY THE > MAINTAINER OF THE LIR!!!_ for the people that sign a contract with the RIPE NCC. It also forces companies that use role > objects associated with their resources to actually have a person object referenced in the role object (so no circular > reference or a reference to an other role object). Why is the RIPE NCC using the LIR's maintainer to create users without even > requesting the LIR's acceptance? What else is the RIPE NCC creating with the LIR's maintainer? > > I was under the impression that creating and publishing thousands of person objects in the RIPE Database may not be GDPR > compliant. Actually, there was a discussion in Amsterdam about this and the general understanding is that companies that do > this will be contacted by the RIPE NCC to stop doing it and clean up their data. Well, who will listen to an organization that > does exactly what they should not be doing? > > Why would you need to use a person object in the RIPE DB if a role object is an option? > > Oh, to make things worse, every time someone registers an additional LIR, the RIPE NCC keeps creating duplicate objects > instead of re-using the ones already created *by them*. > > > > Dear RIPE NCC, when will you update your procedures to be GDPR compliant? > > > > (*) We have created the following objects in the RIPE Database for <LIR>'s public profile: > > [...] > > ORGANISATION: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<ORG>&type=organisation > MNTNER: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<MNT>&type=mntner > ROLE: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<ROLE>&type=role > > ADMIN-C: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<PERSON>&type=person > TECH-C: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<PERSON>&type=person > > Kind regards, > > Elvis > > -- > > Elvis Daniel Velea > > V4Escrow LLC > > Chief Executive Officer > > E-mail: elvis at v4escrow.net > > Mobile: +1 (702) 970 0921 > >
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]