Colleagues My vacation is almost over and I have a lot of emails to reply to so I will start with the topic of the day, geofeed. We have to think out of the box here. You are all approaching this issue from the same wrong angle. There is no point criticizing the legal team for doing their job. The answer was actually in that review..."If the purposes of the RIPE Database have changed". So the answer is simple, we add a new purpose to the RIPE Database. The only problem is we have never done this before in any formal way. We have no precedent, no process or procedure for doing this. I am hoping someone at the RIPE NCC can help us with establishing a process for doing this, maybe the legal team, senior management team, Daniel, the Executive Board if we need a resolution to be put to a GM... So let's first take a step back. The purposes of the RIPE Database have become the elephant in the room, no one wants to talk about them. The Database Task Force (DB-TF) completely sidestepped the issue. I did warn them several times that this must be addressed, but they ignored me (sorry guys). I tried to raise the issue at RIPE 83 but I was heavily criticized for doing so. I could see 2 or 3 years ago that this was a problem that would have to be addressed soon. Now we can no longer ignore the issue. What are the purposes now? We had the original purposes defined in the mid 1990s. These are the ones the DB-TF worked with. But they were reviewed in 2010 by the Data Protection Task Force (DPTF). As a member of the DPTF I wrote the initial draft of the RIPE Database Terms & Conditions (T&C). This included a list of purposes in Article 3. These extended the original set of purposes. The wording was tweaked by the DPTF and the community and consensus was reached on this set of purposes. But there wasn't a lot of discussion about the actual purposes, just the wording. So the first question to answer is, do we take the set of purposes listed in Article 3 of the T&C as the definitive list of current purposes, regardless of what the DB-TF considered? The next question is, what new purpose would we add to cover geofeed? Again I did make a recommendation to the DB-TF about this. I suggested something like: "The RIPE Database may contain data that an agreed set of external services may use, require or rely on." This purpose would cover: -"geofeed:" -"geoloc:" -"language:" -"abuse-c:" -IRT object -use of ROLE objects for contacts for external services like RIPE Atlas None of the above list are covered by any of the purposes currently defined in the T&C. We would then have to define somewhere the 'agreed set of external services'. If we want to add a new purpose we then need to establish a procedure for doing this with community consent. There is no policy on the purposes of the RIPE Database so the PDP would not work here. As the RIPE Database is a service provided by the RIPE NCC and covered by a set of legally binding T&C, it may need a resolution by the GM to change the T&C. There is also the issue of how any new purpose may (legally) impact on the existing data contained within the database and any consent that has been given for the use of that data. Daniel said in Iceland that it is "time to stop tinkering around the edges of the RIPE Database and address some of the fundamental issues". I think this is an appropriate moment to add a new purpose and work through the whole process of doing so. Maybe we can sort it out by RIPE 85 in case we do need to involve the GM. I suspect we may do this again once we establish the process. cheers denis co-chair DB-WG On Thu, 28 Jul 2022 at 13:33, Maria Stafyla via db-wg <db-wg@ripe.net> wrote:
Dear colleagues,
Following the legal update we provided on NWI-13: Geofeed at the DB WG session at RIPE 84, here is our analysis in case further discussion on this topic is needed.
Executive Summary:
- The RIPE Database is meant to contain specific information for its documented purposes.
- Information inserted in the geofeed attribute could in some cases qualify as personal data.
- The current purposes could explain geolocation information to be inserted only for ‘scientific research into network operations and topology’.
- This purpose does not justify the processing of personal data; therefore restrictions had to be put in place to avoid the processing of unnecessary personal data.
- The restrictions are now implemented based on the status of the registration.
- If the purposes of the RIPE Database have changed in the meantime, this should be established via the community processes and documented. In that case we will re-evaluate the situation and the need for restrictions. Until then, the restrictions remain necessary.
Legal Analysis:
The RIPE Database is meant to contain specific information for the purposes that are defined in the RIPE Database Terms and Conditions.
In terms of the _personal data_ inserted in there, the purpose that justifies its publication is to facilitate the coordination of network operations for the smooth and uninterrupted operation of Internet; this purpose explains why contact details of resource holders or their appointed contact persons are required.
Before any new type of personal data is permitted to be inserted in the RIPE Database, we must evaluate if their processing is required for the purposes already defined and their processing can be considered in line with the basic personal data processing principles.
Although it is the responsibility of the party inserting personal data to ensure that they have the appropriate legal grounds before doing so, the RIPE NCC has also shared responsibilities with regards to the personal data in the RIPE Database. This is because the RIPE NCC is the party that is making the RIPE Database available and implements the instructions given by the RIPE community.
As mentioned in the Legal Review Impact Analysis, if the geofeed attribute is inserted for registrations of assignments that are reasonably assumed to be related to one individual user, then the attribute will be considered as containing personal data and GDPR will apply. This is why we have proposed to implement restrictions.
These restrictions are essential to avoid any processing of personal data that is not required or necessary for the currently defined purposes of the RIPE Database and to limit the RIPE NCC's liability as a party with shared responsibilities in relation to the personal data inserted in the RIPE Database.
Regarding the _(non-personal) data _inserted in the RIPE Database, it is also paramount that only data that is needed for the defined purposes of the RIPE Database is inserted.
According to the RIPE Database Terms and Conditions, introducing the geofeed attribute (with restrictions) would be considered in line and acceptable to be used only for scientific research into network operations and topology (see Art. 3).
We also understand that the purposes the RIPE Database must fulfil are not static but evolve over time.
The RIPE Database Requirements Task Force has recently concluded its work and, with regard to geolocation, it has established that, although there is an active user group for geolocation data, geolocation itself is not an objective that the RIPE Database should fulfil.
If the community's interests have changed since then and it is now agreed that geolocation is one of the purposes the RIPE Database must fulfil, this should be decided via the community's processes and reflected in the RIPE Database Terms and Conditions.
In line with the data management principles proposed by the RIPE Database Requirements Task Force, it would be prudent to approach this issue holistically, taking into account that other geolocation information is already provided in the RIPE Database (i.e. geoloc, country code attributes in ORG and resource objects).
On the basis of a new purpose for the geolocation information, we could then reassess the situation to understand whether the restrictions on the geofeed attribute are still necessary or whether it is justified to process personal data for this purpose.
Kind regards,
Maria Stafyla Senior Legal Counsel RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg