In message <563c8773.7000...@yahoo.co.uk>,
denis <ripede...@yahoo.co.uk> wrote:
>> It may seem like I am quibbling over a minor semantic point here, and
>> perhaps I am, but I think that it is somewhat inaccurate to say that
>> there's no relationship at all between RIPE / RIPE NCC and the entities
>> whose data is in the data base.
>
>It is not a semantic point it is a legal point. (I am sure the RIPE NCC
>legal team will correct me if I am wrong :) ) The RIPE NCC is the Data
>Controller for this database. They manage the service and facilitate its
>use by other parties. Some of the RIPE NCC members in some countries
>satisfy their local laws by documenting every customer in the RIPE
>Database. This results in hundreds of thousands of INETNUM/PERSON object
>pairs created in the RIPE Database.
>
>The RIPE NCC has no relationship of any sort with these people. Their
>personal information is in this database because they consented to it
>being put their by someone they have signed a contract with. The RIPE
>NCC has no knowledge of that contract or it's terms.
Please excuse my feeble attempts to "drill down" as it were, and understand
the facts and nuances of what you've just said. (I'll admit up front
a substantial level of ignorance, if that will help to make clear that
I _am_ attempting to understand, and not just simply being disagreeable.)
On the one hand, you say that all these entities (both people and
businesses) have consented to have RIPE NCC store and distribute
their contact data. On the other hand you say that RIPE NCC has
no knowledge of the terms and conditions of the contracts they have
signed. Given that RIPE NCC is bound by European privacy laws,
wouldn't it be fair to say that RIPE NCC is 100% confident of the
content of at least one part of the contracts that all of these
entities have individually signed, i.e. the part in which they
consent to have RIPE NCC store and distribute their data?
It would seem to be that case that RIPE NCC is a formal, legal,
and an explicitly named third party in all those contracts. Is
that statement innacurate? Haven't each and every one of these
individual entities, in their contracts, granted certain rights
to RIPE NCC as partial compensation for the number resources they
are given? If not, then how can RIPE NCC get away with what appear
to be rather massive and ongoing breaches of European privacy laws?
If so however, then is it at all accurate to say that RIPE NCC
has "no relationship" to all of these individual entities?? (It
would appear that in fact RIPE NCC has direct contractual relation-
ships with each and every one of them.)
>Add to that all the possible language issues...
I admit that the language issues are thorny, but not insurmountable.
Are there no web sites that attempt to sell products throughout the
European Common Market? How have they addressed the problem?
>and I am not sure how you
>will expect the RIPE NCC to validate all this personal contact data with
>people who they have no relationship with and who may have never heard
>of the RIPE NCC or RIPE.
I'm sorry to be repeating myself, but I must again question both of
the premises upon which your question is based, i.e.
1) that RIPE NCC is not, either explicitly or implicitly, a
party to all of the individual end-used entity contract, and
2) that either some or all of those end-user entities have never
even heard of RIPE NCC. (They _must_ have heard of it, because
the name RIPE NCC must be present in all those contracts that
all of them signed. If not, then who exactly did they grant
the right to store and distribute their data to? Some mysterious
unnamed overlord? Santa Claus?)
>Anyone who receives an email from an
>organisation they have never heard of, possibly in a language they don't
>understand, asking to validate personal information...well you know how
>that will be treated these days.
Agreed. But as noted above, I am still having trouble understanding
how you can assert that these end-user entities don't know of and/or
have "no relationship with" RIPE NCC.
I may not be a lawyer, but I still have trouble imagining that the
lawyers at RIPE NCC would allow the technical people there to publish
the data base... as they do... in the absence of a clear contractual
relationship between (a) the end-user entities whose ``personal'' data
it is and (b) RIPE NCC. Logically, it would seem that a contractual
relationship does and must exist. Yet you are insistant that none
does. I am having difficulty squaring this circle.
>Also bear in mind a single data validation is quite pointless. What is
>valid today may not be tomorrow. So you cannot trust data that was
>validated yesterday. To have any benefit this data would have to be
>routinely re-validated.
If it can be done once, it can be done multiple times.
Automation is your friend.
Regards,
rfg
