This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] 2022-01 V2 Resource Holders Address
- Previous message (by thread): [db-wg] 2022-01 V2 Resource Holders Address
- Next message (by thread): [db-wg] 2022-01 V2 Resource Holders Address
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
denis walker
ripedenis at gmail.com
Fri Jun 24 04:15:37 CEST 2022
On Fri, 24 Jun 2022, 01:40 Ronald F. Guilmette via db-wg, <db-wg at ripe.net> wrote: > In message <e7ddcc2c-3d1a-2fbc-8d3e-5472679ad842 at foobar.org>, > Nick Hilliard <nick at foobar.org> wrote: > > >denis walker via db-wg wrote on 22/06/2022 23:54: > >> Perhaps the RIPE NCC can publish the top entries from a new set of > these > >> stats. If anyone then wishes to contest the numbers they can take it up > >> directly with the RIPE NCC. > > > >fwiw, the ripe ncc has consistently been clear that there is a handful > >of organisations who export very large quantities of registration > >information to the ripedb, so this issue is not particularly in question. > > There are multiple obvious problems with this line of > argument/reasoning/logic. > > First and foremost, if in fact there exist such telecom companies, then > -somebody- should be able to give us their names. I'm still waiting. > I haven't seen -any- names of any such supposed telecom companies yet. > AFAIK the names of these organisations is not public information, only anonymous statistics have been published. If you have an issue with this I suggest you discuss it directly with the RIPE NCC legal team. > Second as was previously discussed, responsiblity, both legal and > otherwise, > for any unnecessary "leakage" of PII under GDPR belongs to the party that > first leaked the data. So if some telecom company is carelessly shoveling > their customer PII into the RIPE data base in a way that is not consistant > with GDPR then the entire legal responsibility for that belongs to the > telecom > companies involved... *not* to RIPE. It is therefore quite obviously false > to continue to insist that RIPE needs to take some action because of these > specific companies or these specific WHOIS records. It doesn't. > This policy proposal is not about managing the legal responsibilities or liabilities of the RIPE NCC. It is about establishing a set of principles by which those who enter data into this database will manage personal data. > Third and lastly, underlying these arguments is a sort-of implicit and > unspoken assumption that simply is not true and that can quite easily > disproven, i.e. the obviously flawed assumption that the RIPE region is > synomymous with the EU and/or the EEA and that thus, GDPR applies > throughout the RIPE region. It doesn't. > The RIPE NCC is the data controller and is a Dutch organisation based in the EU. The RIPE Database is operated from servers within the EU. GDPR therefore applies to all data subjects within this database regardless of where they are located. Article 3.1 of the GDPR states: "This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not." > In addition to such notable and significant countries as Russia, Ukraine, > and Turkey, it appears that there exist a whole raft of other > countries also that are -in- RIPE but -outside- of EU/EEA, for example > Aland Islands, Albania, Andorra, Armenia, Azerbaijan... and that's just > the As! I'm sure that there are plenty more also. Companies and natural > persons in these countries are not bound by GDPR, despite the fact that > some would wish it to be so. Thus companies and persons outside of EU/EEA > remain free to put whatever they like into the RIPE WHOIS data base, and > RIPE is free to publish whatever they do put in there, as has already been > discussed and agreed here. (Note that the Personally Identifiable > Information > involved in many of these cases will pertain to natural persons who > themselves > reside -outside- of the EU/EEA area, and GDPR is simply not applicable to > the PII of any such persons.) > There are Russian lirs who provide address space and services to end users based in the Netherlands. Internet operations and business are not bound by geographical, political or legal jurisdictions. Cheers denis Proposal author > I understand the desire of some in Europe to impose GDPR upon the entire > rest of the world, and onto all persons and companies from Alaska to > Zanzibar, but wishing does not make it so. RIPE is free, morally, > ethically, > and legally to publish *my* phone number any time it wishes, as I am an > American, and thus not a subject of the GDPR regime, and also not least > because I myself have, in the first instance, made my own phone number > public in my own domain WHOIS records, thus relieving any and all parties > of any legal responsibility, under GDPR, for any mere re-publication of > this Personally Identifiable Information. > > > Regards, > rfg > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://mailman.ripe.net/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20220624/a3f4bc1b/attachment.html>
- Previous message (by thread): [db-wg] 2022-01 V2 Resource Holders Address
- Next message (by thread): [db-wg] 2022-01 V2 Resource Holders Address
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]