[dp-tf] Authorization to publish personal data in the DB (was Re: [dp-tf] Quadlogy of person proposals)
Wilfried Woeber, UniVie/ACOnet Woeber at CC.UniVie.ac.at
Tue Jul 17 13:39:46 CEST 2007
Janos, team, after listening to some "important" consumers of data kept in the RIPE DB, I am feeling strongly that e) does apply as well. And on the item of who's data (whatever set) to register as the repsonsible contact for a unique global resource: In principle the policy and procedure machinery does already provide for *not* involving the end user at all. ISPs are allowed to do self-assignments and still allow their customers to use those (potentially dynamilcally assigned) addresses. But, for the end user, it is a matter of either/or! You cannot keep your lunch and eat it at the same time. You cannot reasonably be expect to be listed as legitimate holder of a resource and remain anonymous at the same time. this is where "e)" comes in to the picture, imho. The only thing that *might* get us into trouble is the monopoly situation that trickles down from IANA to the RIRs and the LIRs. the last thing I'd want to suggest is portable addresses like in the phone world ;-) Wilfried. PS: when we designed the irt: object we already had the vision to cater for breaking the one-to-one relationship between holding resources and providing authoritative contact information for operational and abuse situations :-) Janos Zsako wrote: > Dear Larisa, > >> Let's look if the RIPE Database rules comly with it. >> For example, Section II, "CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE" >> >> 1. Member States shall provide that personal data may be processed >> only if: >> (a) the data subject has unambiguously given his consent; or >> >> No. admin-c and tech-c are mandatory, without any personal consent > > > I am not sure this is the right way of putting it. > Yes, admin-c and tech-c _are_ mandatory, however, nobody > says you may (or even worse: you should) publish such data > without the given person's consent. In fact we never did so, > and I am sure many other people did not do so either. > The idea is that you have to find a person who consents to > this, and only publish his/her data. > >> So, WHAT MAKES PERSONAL DATA PROCESSING IN THE RIPE DB LEGITIMATE? > > > I think you are right, the only paragraph that may apply is > (a) above. What we have to make sure is that people act in > accordance with it. > > Best regards, > Janos > >
[ dp-tf Archives ]