[db-wg] 2022-01 Resource holders identity

Hi Angel

On Tue, 31 May 2022 at 15:31, Ángel González Berdasco via db-wg
<db-wg at ripe.net> wrote:
>
> 30-05-2022 a las 13:17 +0200, denis walker writes:
> > If no one is able to present the public interest case for publishing
> > the name and address of natural persons holding resources then the
> > privacy case takes priority. If we cannot justify publishing this
> > personal information based on the purposes, then the GDPR says very
> > clearly that we must not publish it. All personal details of natural
> > persons holding resources will have to be removed from the database
> > or hidden from public view. This will also apply to assignments as
> > well.
> > There are many assignments with name and full address details of
> > natural persons in the "descr:" attributes. We will have to remove
> > the "descr:" attributes where the assignee is a natural person or
> > hide them from public view.
>
> Please note that GDPR has the concept of processing based on consent.
> It might not be necessary to remove them. And some of those affected,
> may want them to stay published.

Yes GDPR does allow for consent. However in a database with widely
distributed data entry, knowing that consent has been given, and not
withdrawn, by each data subject is very difficult to confirm by the
data controller. Also it would be necessary for each data subject to
be fully informed of the potential consequences of publishing their
personal data in an open, public database. Even if some natural
persons want their details published in the RIPE Database, for
whatever reasons, unless there is a purpose that clearly states the
'need' to do this, it is not a good idea to do it. There are too many
unknowns between the data controller and some of the data subjects to
be able to allow this with any degree of certainty for the data
controller.

cheers
denis
proposal author

>
> I agree, however, that *not* publishing the home address of those that
> hold a resource as a natural person is probably a good idea.
>
> Regards
>
> --
> INCIBE-CERT - Spanish National CSIRT
> https://www.incibe-cert.es/
>
> PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys
>
> ====================================================================
>
> INCIBE-CERT is the Spanish National CSIRT designated for citizens,
> private law entities, other entities not included in the subjective
> scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen
> Jurídico del Sector Público", as well as digital service providers,
> operators of essential services and critical operators under the terms
> of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de
> las redes y sistemas de información" that transposes the Directive (EU)
> 2016/1148 of the European Parliament and of the Council of 6 July 2016
> concerning measures for a high common level of security of network and
> information systems across the Union.
>
> ====================================================================
>
> In compliance with the General Data Protection Regulation of the EU
> (Regulation EU 2016/679, of 27 April 2016) we inform you that your
> personal and corporate data (as well as those included in attached
> documents); and e-mail address, may be included in our records
> for the purpose derived from legal, contractual or pre-contractual
> obligations or in order to respond to your queries. You may exercise
> your rights of access, correction, cancellation, portability,
> limitationof processing and opposition under the terms established by
> current legislation and free of charge by sending an e-mail to
> dpd at incibe.es. The Data Controller is S.M.E. Instituto Nacional de
> Ciberseguridad de España, M.P., S.A. More information is available
> on our website: https://www.incibe.es/proteccion-datos-personales
> and https://www.incibe.es/registro-actividad.
>
> ====================================================================
>
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/