Dima, in my opinion providing personal IDs of european citizens (CEOs) violates EC/EU law too. But as a member of EB you can ask the NCC to investigate the problem. As you are informed on russian specific of data protection, did you already asked the NCC? When? Wednesday, October 20, 2010, 1:23:34 PM, you wrote: DB> Jim, DB> the issue is not to comply EC laws, but Russian law. DB> I am not a lawyer, but know that exactly now the comparable issues were DB> raised by registrars regarding their relationships with registries and DB> ICANN.
RIPE NCC should have data protection procedures
It does. This is compulsory for any organisation in the EU that holds Personal Data. The NCC is legally obliged to follow the EU Directives on Privacy and Data Protection (primarily 95/46/EC but also parts of 97/66/EC and 2002/58/EC) and how these are enacted in Dutch law. Although I'm not a lawyer, I expect that the EU and Dutch legislation in this area will be compatible with Russian data protection law.
I tried to find some statements on data protection in the RIPE NCC or on any guarantee of confidentiality, but no such information found in the standard service agreement or any policy documents.
Strange. It should be public somewhere.
BTW, in general it's usually more of a problem exporting Personal Data from the EU than it is to send that Personal Data there
-- Sergey