[address-policy-wg] Personal Data and 2012-05

Jim,

thanks for your clarifications, I better understand your concerns.

However, business related ID should be accessible publicly. If I know well,
all public procurement require the correct ownership data, etc in Europe,
and not just hidden, disguised ones.


Best,

Géza

On Wed, Sep 5, 2012 at 11:00 AM, Jim Reid <jim at rfc1035.com> wrote:

> On 5 Sep 2012, at 07:16, Turchanyi Geza wrote:
>
>  I share Milton's view that a name (etc) of a person acting in business is
>> not personal  only, however, a business ID, what is public information.
>> This is the rule in my country which is not in the US and won't be.
>>
>
> There are many views on what is and isn't Personal Data, even amongst
> European Data Protection Authorities who are working off the same EU
> Directives. Don't make the mistake of assuming everyone shares your view or
> that of your local DPA. Or that those views might or might not change
> tomorrow.
>
> Strictly speaking any data which identifies a living person constitutes
> Personal Data. Therefore that data falls within scope of the EU Directives
> and the prevailing national laws which enacted them. However some, but by
> no means all, European DPAs take a pragmatic view and consider end user
> expectations and/or the intent behind publishing Personal Data when
> deciding what is and isn't acceptable. Other DPAs may take a much more
> literal approach to what's in the Directive and local law. So what's
> "legal" in one jurisdiction may well be "illegal" in another even though
> both positions are based on the same EU Directives. This situation might
> well apply in non-EU countries which have Data Protection legislation too.
>
> Things can get even murkier if you go into greater detail. For instance my
> former ISP added contact details for me to the RIPE database when they gave
> me a /29. This was OK from the DPA's perspective since the intent was
> reasonable: maintaining an accurate, public database of who was using
> address space. However it was also not OK because the entries were added
> without my consent and I had no clear way to update them. Those entries
> were still in the database several months after the space had been handed
> back. That wasn't OK either.
>
> Schrodinger's cat has/had a very happy home in Data Protection. :-)
>
> Anyway, this latest rat-holing is somewhat irrelevant. If contact
> information for IP address resources need to be obscured for whatever
> reason -- commercial confidentiality, data protection/privacy, preventing
> spam, etc -- methods for that already exist and could be applied. In some
> cases, they already are in use. Others may well be invented. Just look at
> the "imaginitive" solutions found in the domain name world for obfuscating
> whois data. If we look in the real world, the public registers of physical
> assets such as shares and property regularly contain entries for things
> like lawyers's offices, nominee accounts, offshore companies/trusts and so
> on so that the details of the real owner remain hidden.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/address-policy-wg/attachments/20120905/63c1f17e/attachment.html>