[anti-abuse-wg] EU Data Protection

On Wed, Nov 05, 2014 at 04:00:42AM -0800, Ronald F. Guilmette wrote:
>I do however draw a distinction... as it seems you Europeans do...
>between gathering intelligence about individual natural persons for
>whom there is -zero- basis for any clearly articulatable suspicion,
>and gathering intelligence about relationships between -corporations-
>and more specifically about ones for which there _is_ a clearly
>articulatable basis for suspicion.  Also and separately, I believe
>that there should be complete transparancy in the operations of,
>and relationships with any and all `public interest'' organizations,
>and I personally would categorize RIPE, and all other RiRs, under
>that banner, even if a majority of the dues paying members would
>prefer it to be viewed strictly as a private commercial consortium,
>with no external or public responsibilities whatsoever.


I think this is a fundamental (if very common) misunderstanding
that often happens with people from the US.

For personal data:

in the US, data belongs to whomever holds it.

in the EU at least, data belongs to the subject of this data
regardless of who holds it. And the owner of the data
still determines how it is used (usually by agreement to T&C,
outside of which propagation is forbidden). 

I've asked my lawyer and he is of the opinion that this does
*not* apply to data regarding corporations. 

So, in theory, the NCC could publish the company registration
number in whois, for what *that* is worth (it's public
information anyway in most countries) 

rgds,
Sascha Luck