Florian, On Wednesday, 2011-12-28 14:40:02 +0000, Florian Weimer <fweimer@bfk.de> wrote:
Just make it opt-in, so that people can decide whether they want to publish their abuse contact point or not.
I thought is already is "opt-in" as the contact enters the information with the knowledge it will be published.
If it is opt-in the EU data protection laws do not come into play since there is an exemption for those that opt-in to their info being published.
I was surprised when this was announced and I believe RIPE NCC's legal counsel was and is wrong. It would have been better to advise its members that they need to make sure that they have consent from the folks whose data they've submitted to the RIPE NCC for publication. This is what DENIC did when it was discovered that the WHOIS for 9.4.e164.arpa, despite being nominally opt-in, was populated by default with personally identifiable information by several DENIC members.
Perhaps it makes sense to create an explicitly privacy-free form of contact information in the database? While we could re-use the ROLE object type for this, maybe we should be explicit, and make a NON-PERSON-CONTACT-INFORMATION-THAT-THE-WHOLE-INTERNET-CAN-READ object type? ;) -- Shane