Jim, the issue is not to comply EC laws, but Russian law. I am not a lawyer, but know that exactly now the comparable issues were raised by registrars regarding their relationships with registries and ICANN. Dima On 20.10.2010 14:30, Jim Reid wrote:
On 20 Oct 2010, at 10:25, Sergey Myasoedov wrote:
RIPE NCC should have data protection procedures
It does. This is compulsory for any organisation in the EU that holds Personal Data. The NCC is legally obliged to follow the EU Directives on Privacy and Data Protection (primarily 95/46/EC but also parts of 97/66/EC and 2002/58/EC) and how these are enacted in Dutch law. Although I'm not a lawyer, I expect that the EU and Dutch legislation in this area will be compatible with Russian data protection law.
I tried to find some statements on data protection in the RIPE NCC or on any guarantee of confidentiality, but no such information found in the standard service agreement or any policy documents.
Strange. It should be public somewhere.
BTW, in general it's usually more of a problem exporting Personal Data from the EU than it is to send that Personal Data there