[dp-tf] Authorization to publish personal data in the DB (was Re: [dp-tf] Quadlogy of person proposals)

Dear all,

> As long as there is no unified european law governing this, the RIPE
> NCC and all contracts it makes are by default governed by dutch law.

This is my understanding as well. If we look at the problem from
the RIPE NCC's point of view (and this is what we are doing now,
and should be doing), then we have to make sure the RIPE NCC complies
with the Dutch data protection law.

If we look at the problem from the maintainer's point of view
(e.g. a LIR), then they have to make sure they act in accordance with
any contract/agreement they have with the RIPE NCC, AND in accordance
with all legal requirements of the country they act in.
In other words, if Russian law requires a _written_ consent to
publish personal data, the Russian LIR will have to make sure
they have such a document from their client, but it is not
RIPE NCC's task to enforce this.

> So, in order to follow Larissa's argument, the RIPE NCC would have to
> create special/different contracts for contractors from different
> countries, if the parties need the contract to be governed by that
> country's laws.

I do not think this should be done, for the reason above.

> I'm quite humble in legal matters

:)) The same with me. :)) I am not a lawyer either.

Best regards,
Janos