[ncc-services-wg] Personal Data and Database Proxy services

On 3 Jan 2013, at 14:51, Andrey Semenchuk <andrey at trifle.net> wrote:

>> If you want to discuss that, take it elsewhere. 
> Ouch, you're not friendly

Apologies. I was just saying a discussion about the contextual significance of phone numbers was not appropriate for this list. No unfriendliness was stated or implied.

>> It's not that simple. It depends on what the third party wants the data for. As an example, you might think it's a no-brainer to provide that third party access to law enforcement. We all want to prevent crime and help the police catch bad guys. But suppose the cops are hunting whoever's hosting Wikileaks this week or Mugabe's goons want to arrest human rights campaigners. What then? OK, Zimbabwe's not in our service region but you get the general idea.
> Jim, do you listen yourself?

Of course. I only do what the voices inside my head tell me. :-) Well, maybe just the ones who shout loudest for longest. :-)

> Third parties will decide instead of person how his/her personal data should be processed and for what?

I didn't imply anything like that at all.

So let me spell it out for you. A Data Controller has certain responsibilities to discharge before they pass Personal Data to a third party. These include, but are not limited to, considering what that third party may do with that Personal Data, whether that Data Processor can be trusted (or not), if the Data Processor's data protection regime is acceptable, etc.

> I may agree with you that the picture is too big to estimate it's size but you watching the picture from the wrong side. The goal of personal data protection is to protect data. But not the third-parties.

Nobody ever said it was about protecting third parties AFAICT.

> And just for your information: law enforcements already has access to databases that they should has. If they hasn't - they use authorized procedures in their investigation to gain access to the required data. Assistance for the law enforcements is not the question of this discussion

You still seem to be missing the point and focusing on detail instead of the big picture. I was using law enforcement as an obvious example of a case where third party access to registry data isn't as clear-cut as may be first thought.

And just for your information, I am very familiar with the authorised procedures that are used here and what would happen when overseas law enforcement knocked on the door.