Hi, I’m out of office till 22 August. Any RIPE Labs related queries can be sent to l...@ripe.net and one of my colleagues will get back to you.
Cheers, Alun On 22 Aug 2022, at 07:47, Alun Davies via db-wg <db-wg@ripe.net> wrote: > Hi, > > I’m out of office till 22 August. Any RIPE Labs related queries can be sent > to l...@ripe.net and one of my colleagues will get back to you. > > Cheers, > Alun > > On 29 Jul 2022, at 22:28, Ángel González Berdasco via db-wg <db-wg@ripe.net> > wrote: > > On 29-07-2022 17:24 +0200, denis walker wrote: > The field is not PII. The contents of the geofeed file, which is > NOT > in the RIPE NCC service might or might not be, but this is at > worst, > an indirect pointer. The field is about addresses, it contains no > necessary PII in abstract. if I publish > http://some.where/~ggm/geofeed.csv then the URL has PII, Is that > really held to be a problem? Remember, I consented to posting the > URL, > I had to hold the maintainer password, the NCC didn't make me do > it. > > > The legal team will have to answer this question but is facilitating > a service that leads to the identification of an individual the same > (in law) as providing the PII directly? > > I think this is murky. > GDPR still considers pointers to information to be Personal data. If > you have some personal data (let's say the customer Name) on a tablem > you can't "remove" if by creating a table of Names and storing in the > customer table the id of the name instead of the value. If the url was > hosted by RIPE, I would consider its contents to be part of the > database as well, and covered by it. > However, here the url (which may or may not contain PII) is handled by > the user (ti simplify, as it's unlikely they will not be hosting it > themselves). The RIPE db would contain a pointer, inserted by the user > (if so he wants, as it's optional), to a different database whose > contents and access are handled by the user itself. I think it can be > considered a different db whose controller is the person it might be > identifying. To further complicate things, a person that would already > be identifiable without the geofeed attribute. > > So while I completely agree with not requiring any natural person to > reveal where they live (in an accurate way), the process of > implementing restrictions at RIPE whois fo allowing or not this > optional attribute, itself based on some fragile heuristics, seems > overkill. I think we would be better off adding a general purpose of > * Providing a structural way in which to share additional > optional information that the Registrant may wish to make available > to third parties about their entries. > > > That's extremely broad, but as long as it on optional attributes (that > can be based on user consent) I think it should be fine, and it would > be in line with the actual expectations of the community. > If a group of network operators wanted to make their lyrical tastes in > their person objects, we (the community) should be able to focus on the > merits of the requested feature (how many people want it, how would > that impact the operation of the database, what would be the cost of > implementing it on the server, is this an appropriate place for the > information to be included…), without worrying if a preference for limericks > could be considered personal identifying information that -despite the user > opting-in to publish that- has not a legal basis that allows RIPE to host it. > > > Best regards > > > -- > INCIBE-CERT - Spanish National CSIRT > https://www.incibe-cert.es/ > > PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys > > ==================================================================== > > INCIBE-CERT is the Spanish National CSIRT designated for citizens, > private law entities, other entities not included in the subjective > scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen > Jurídico del Sector Público", as well as digital service providers, > operators of essential services and critical operators under the terms > of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de > las redes y sistemas de información" that transposes the Directive (EU) > 2016/1148 of the European Parliament and of the Council of 6 July 2016 > concerning measures for a high common level of security of network and > information systems across the Union. > > ==================================================================== > > In compliance with the General Data Protection Regulation of the EU > (Regulation EU 2016/679, of 27 April 2016) we inform you that your > personal and corporate data (as well as those included in attached > documents); and e-mail address, may be included in our records > for the purpose derived from legal, contractual or pre-contractual > obligations or in order to respond to your queries. You may exercise > your rights of access, correction, cancellation, portability, > limitationof processing and opposition under the terms established by > current legislation and free of charge by sending an e-mail to > d...@incibe.es. The Data Controller is S.M.E. Instituto Nacional de > Ciberseguridad de España, M.P., S.A. More information is available > on our website: https://www.incibe.es/proteccion-datos-personales > and https://www.incibe.es/registro-actividad. > > ==================================================================== > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/db-wg > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/db-wg
-- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg