Janos,
Dear all,
As long as there is no unified european law governing this, the RIPE NCC and all contracts it makes are by default governed by dutch law.
This is my understanding as well. If we look at the problem from the RIPE NCC's point of view (and this is what we are doing now, and should be doing),
Agreed then we have to make sure the RIPE NCC complies
with the Dutch data protection law.
Quite Correct. We have to make sure RIPE NCC complies with EU and Dutch data protection law, regarding at the more restrictive one.
If we look at the problem from the maintainer's point of view (e.g. a LIR), then they have to make sure they act in accordance with any contract/agreement they have with the RIPE NCC, AND in accordance with all legal requirements of the country they act in. In other words, if Russian law requires a _written_ consent to publish personal data, the Russian LIR will have to make sure they have such a document from their client, but it is not RIPE NCC's task to enforce this.
Agreed.
So, in order to follow Larissa's argument, the RIPE NCC would have to create special/different contracts for contractors from different countries, if the parties need the contract to be governed by that country's laws.
I do not think this should be done, for the reason above.
Absolutely not. Cheers Manfredo Si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il presente messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo ed a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie. You are hereby informed that this message contains confidential informations intended for the addressee's use only. If yu're not the addressee and have received this message by mistake, please delete it and immediately notify us. You may not copy or disseminate this message to anyone. Thank you.