Jim,

thanks for your clarifications, I better understand your concerns.

However, business related ID should be accessible publicly. If I know well, all public procurement require the correct ownership data, etc in Europe, and not just hidden, disguised ones.


Best,

Géza

On Wed, Sep 5, 2012 at 11:00 AM, Jim Reid <jim@rfc1035.com> wrote:
On 5 Sep 2012, at 07:16, Turchanyi Geza wrote:

I share Milton's view that a name (etc) of a person acting in business is
not personal  only, however, a business ID, what is public information.
This is the rule in my country which is not in the US and won't be.

There are many views on what is and isn't Personal Data, even amongst European Data Protection Authorities who are working off the same EU Directives. Don't make the mistake of assuming everyone shares your view or that of your local DPA. Or that those views might or might not change tomorrow.

Strictly speaking any data which identifies a living person constitutes Personal Data. Therefore that data falls within scope of the EU Directives and the prevailing national laws which enacted them. However some, but by no means all, European DPAs take a pragmatic view and consider end user expectations and/or the intent behind publishing Personal Data when deciding what is and isn't acceptable. Other DPAs may take a much more literal approach to what's in the Directive and local law. So what's "legal" in one jurisdiction may well be "illegal" in another even though both positions are based on the same EU Directives. This situation might well apply in non-EU countries which have Data Protection legislation too.

Things can get even murkier if you go into greater detail. For instance my former ISP added contact details for me to the RIPE database when they gave me a /29. This was OK from the DPA's perspective since the intent was reasonable: maintaining an accurate, public database of who was using address space. However it was also not OK because the entries were added without my consent and I had no clear way to update them. Those entries were still in the database several months after the space had been handed back. That wasn't OK either.

Schrodinger's cat has/had a very happy home in Data Protection. :-)

Anyway, this latest rat-holing is somewhat irrelevant. If contact information for IP address resources need to be obscured for whatever reason -- commercial confidentiality, data protection/privacy, preventing spam, etc -- methods for that already exist and could be applied. In some cases, they already are in use. Others may well be invented. Just look at the "imaginitive" solutions found in the domain name world for obfuscating whois data. If we look in the real world, the public registers of physical assets such as shares and property regularly contain entries for things like lawyers's offices, nominee accounts, offshore companies/trusts and so on so that the details of the real owner remain hidden.