[dp-tf] Quadlogy of person proposals

On Fri, 15 Jun 2007, Leo Vegoda wrote:

> Denis,
>
> On 15 Jun 2007, at 12:44pm, Denis Walker wrote:
>
> [...]
>
> > So before we go too far down the road on issues of authentication,
> > authorisation, permissions and contracts, maybe we need to answer
> > these
> > basic questions:
> >
> >    * what personal data do we need
> >    * who needs access to it and by what means
> >    * what do we need it for
>
> Surely this last question should be considered before the other two.
> Depending on the answer to it the other two many not apply at all.
> For instance, if the main purpose is to provide contact information
> to third parties who many need it for network troubleshooting
> purposes, role information may be sufficient and personal data is not
> needed at all. That would eliminate the need for the first question.

Right,
the Directive states the same thing:

... personal data must be:
(b) collected for specified, explicit and legitimate purposes and not further processed
in a way incompatible with those purposes.

there also is a next point:
(c) adequate, relevant and not excessive in relation to the purposes for which they are
collected and/or further processed;

Please note, "not excessive".
Don't you think that person object exactly falls under "excessive" category?


>
> Regards,
>
> --
> Leo Vegoda
> IANA Numbers Liaison
>
>


With respect,
Larisa Yurkina
---
RIPN Registry center
-----