Jim, in general - you know the situation with Data Protection laws deployment around the world (as minimum, partly). There are still a lot of undresolved issues as even perfect law sometimes tell nothing about how deploy in real life. Dima On 20.10.2010 15:50, Jim Reid wrote:
On 20 Oct 2010, at 12:31, Sergey Myasoedov wrote:
in my opinion providing personal IDs of european citizens (CEOs) violates EC/EU law too.
I think you may be mistaken. But since I'm not a lawyer, I don't know what I'm talking about either. :-) I seriously doubt that the NCC would have a policy that violated EU or Dutch law. Or that all the NCC's membership, board and management would have failed to spot that if it was the case.
BTW, I complained to the UK authorities when the electricity company's call centre demanded my date of birth before they'd talk to me about a billing problem. They wanted that info for authentication. The Information Commissioner's Office dismissed my complaint that this was an unreasonable and disproportionate use of my Personal Data by the power company. So their behaviour was legal even though in my non-expert opinion they had violated the third principle of the EU directive.
And yes, I clearly have far too much spare time on my hands if I spend it on things like formal complaints to the ICO. :-)