Hello, sorry for late response ;-) No the question in fact is that there should be no difference weather it is a Swedish law or e.g a Polish law that has the "restriction" of putting personal contact data in the RIPE db, I think that all counties have or will make some kind of laws agains data protection. I would like us to come up with a templates (-s) that could be useful in these cases. This template should clearly point out that there is a customer that is only documented at the actual ISP and not in the db. I understand that several isp:s allready have had these kind of issues over the years and due to data protection laws only have internal records over the customers, but I believe that the templates that have been created differ a lot. Is there a way to take out information about how many objects there is in the db that is only personal contact data without no referrence to a company name? Maybe we then could see which areas (countries) this concerns the most. (+ get a good clean up done in the db) Regards Katri that could be used in these cases. At 22:19 2003-08-19 +0200, you wrote:
Shane,
In France there is such a thing as unlisted phone numbers which remain private and unknown. Further, the RIPE DB is becoming the best spam list in the world. So yes, responsability lays with LIR, yes let's clean the DB, yes respect privacy.
I think there are two sides to this issue.
One is what the RIPE NCC can and has done to increase the privacy of people who have contact information in the Database. We have been trying to increase the privacy protections in the Database over time:
- person/role objects removed from public FTP site - DB automatically rate limits access to person/role objects - mntner/irt objects removed from public FTP site - .DE person object deletion - automatic cleanup of unreferenced person/role objects
The Allocation Editor on the LIR Portal should allow LIRs to keep their contact data up-to-date.
We have talked with the Dutch Data Protection Authority about the Database as well, to make sure that we don't run afoul of the EU privacy directives.
I think that issue is somewhat more problematic than that. I guess that what Katri is actually asking for is the Swedish data protection law. I am no expert on this law but from what I know / remember, the law requires the direct consent of the registered party as well as certain guarantees that the data is not passed on (within some limits). This means that the Swedish ISPs in order to register these customers actually needs written consent from the customer, as well as to solve the issue on passing that data on further by registering the data in the RIPE DB.
Perhaps someone that knows the issue better could comment?
Best regards,
- kurtis -