Dear all,
Very good point. I think the best approach is to have the responsibilty reside with the maintainer. It would be good to have this in the service contract (i.e. the service contract should say that by putting a person object in the RIPE database, you acknowledge that you did get the approval of the person to publish his/her data). This is what we have in the .hu registration rules.
Don't forget that not everyone who enters data into the RIPE Database is a member. So this statement may be better in the Database Terms and Conditions.
You are right, I did not think about all these "exceptions". A good approach can be to have a clear statement in the contract with the LIRs that they are responsible for obtaining the permission to publish any personal data they maintain OR that are maintained by maintainers they created. This solves a large part of the problem. As we will require all objects to be maintained in the future, it seems enough for me to make sure we have the above principle accepted by the _maintainers_. We may have to think over the process of creating a new maintainer. We may have to have it created by an existing maintainer or by some otherwise authenticated person (who can then assume the responsibility for the data they maintain in the future). How does this sound? Best regards, Janos