This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/members-discuss@ripe.net/
[members-discuss] is the RIPE NCC GDPR compliant ?
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lutz Donnerhacke
L.Donnerhacke at iks-service.de
Fri Feb 22 11:37:33 CET 2019
Please to not misuse the term GDPR. First, the GDPR does not prohibit any handling of personal data. It does instead insist in writing down: - which personal data is acquired, handled, stored, and deleted. - who is involved in those steps. - why do you use this data for what. - who is responsible for the step. If a given data handling is necessary due to a lot of predefined reasons, it's sufficient to name them. Otherwise describe the reasoning. Necessary data handling does not require active consent, but only information. If you ask for consent for a special data handling, this implies, that the data handling is optional. If the consent is not given from the other party, you have to skip those data handling steps while fulfil your other obligations. So if you can't provide the service without dealing with this specific data, do not ask for consent! Some comments on Whois at ICANN. ICANN missed to describe use cases for Whois, but centralized the database (ThickWhois). Therefore they run into problems with the GDPR, got sued, and established the EPDP for temporary changes to long term contracts. There are two options for ICANN (AFAIS): a Provide a privacy-proxy framework and make registrant data optional. b Switch to a ultra thin whois by publishing the chain of contracts in the whois together with a reference to the whois server of the contractual partner. (see whois.iana.org) Option a is favoured, but renders whois useless and will result in shutting whois services down, despite the LEA, IP lawyers, and anti-abuse still crying. Option b would allow to respect the local law for each contract, but disclose the reseller chains. The registries, registrars, and resellers will cry. Summary for RIPE: If the RIPE community has use cases for Whois, describe it according to the GDPR and keep it running.
- Previous message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
- Next message (by thread): [members-discuss] is the RIPE NCC GDPR compliant ?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]