This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] is the RIPE NCC GDPR compliant ?
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Thu Feb 21 10:37:57 CET 2019
Greetings, Just a small note about "the law of a given country from where the LIR is from": In case someone didn't notice, this is really any country/economy in the world -- i.e. it is *not* restricted to the NCC's Service Region. Best Regards, Carlos Friaças On Thu, 21 Feb 2019, lir at unitelmedia.pl wrote: > > Hello > > You ask when they will start to comply with the law or rather adapt it to the requirements GDPR > > I will add a question when will they start treating all LIRs the same? > > The second question is when they start to respect the law of a given country from where the LIR is from ? > > Promises of RIPE employees that they will improve procedures etc. are worth as much as rubbish thrown into the waste bin > > So much on the subject I can add more but does it make any sense at all? > > > > -- > > Grzegorz Dacka > > > > > > From: members-discuss <members-discuss-bounces at ripe.net> On Behalf Of Elvis Daniel Velea > Sent: Thursday, February 21, 2019 1:33 AM > To: members-discuss at ripe.net > Subject: [members-discuss] is the RIPE NCC GDPR compliant ? > > > > Hi everyone, > > this e-mail is addressed to the RIPE NCC, but because they have continuously ignored the issues raised at the RIPE Meeting in > Amsterdam, I am going to formally ask them to fix these things which, I believe, are not GDPR compliant. > > 1. Ticketing system > > - when someone wants to open a ticket with the RIPE NCC, the only way to do that is by sending an e-mail. It would be stupid > to ask users to send e-mail without attachments (in order to open the ticket) and then go to the LIR Portal and upload > documents to that ticket but it seems the RIPE NCC is asking exactly that from the members. > > - when someone sends an e-mail to the RIPE NCC and includes documents (RIPE NCC often requests company registration documents > and - sometimes - copies of passports/IDs) the links to those documents hosted on zendesk are returned to the sender and > (sometimes) all the LIR contacts. If that e-mail is forwarded to anyone, it includes the zendesk links and therefore anyone > that receives the RIPE NCC e-mail or a forward of that e-mail will receive links to company registration documents and IDs of > people. > > I doubt this is GDPR compliant and I would like a response from the RIPE NCC on why they have not fixed this issue even if it > was reported 4 months ago. > > Several ways to fix this: > > - e-mails sent by zendesk should not include any link > > - allow users to create tickets and communicate to the RIPE NCC via the LIR Portal and stop e-mail communication with members > > 2. RIPE DB > > The RIPE NCC Customer Services Department forcefully (*) creates person objects in the RIPE Database _MAINTAINED BY THE > MAINTAINER OF THE LIR!!!_ for the people that sign a contract with the RIPE NCC. It also forces companies that use role > objects associated with their resources to actually have a person object referenced in the role object (so no circular > reference or a reference to an other role object). Why is the RIPE NCC using the LIR's maintainer to create users without even > requesting the LIR's acceptance? What else is the RIPE NCC creating with the LIR's maintainer? > > I was under the impression that creating and publishing thousands of person objects in the RIPE Database may not be GDPR > compliant. Actually, there was a discussion in Amsterdam about this and the general understanding is that companies that do > this will be contacted by the RIPE NCC to stop doing it and clean up their data. Well, who will listen to an organization that > does exactly what they should not be doing? > > Why would you need to use a person object in the RIPE DB if a role object is an option? > > Oh, to make things worse, every time someone registers an additional LIR, the RIPE NCC keeps creating duplicate objects > instead of re-using the ones already created *by them*. > > > > Dear RIPE NCC, when will you update your procedures to be GDPR compliant? > > > > (*) We have created the following objects in the RIPE Database for <LIR>'s public profile: > > [...] > > ORGANISATION: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<ORG>&type=organisation > MNTNER: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<MNT>&type=mntner > ROLE: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<ROLE>&type=role > > ADMIN-C: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<PERSON>&type=person > TECH-C: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=<PERSON>&type=person > > Kind regards, > > Elvis > > -- > > Elvis Daniel Velea > > V4Escrow LLC > > Chief Executive Officer > > E-mail: elvis at v4escrow.net > > Mobile: +1 (702) 970 0921 > >
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]