Sascha, this is a very good point and the RR is probably very keen on understanding the issues related to your point, so let us chat about it please. If there is a test case about this, it could be taken down to AS level, and then in which case, the 'complainant' may have other issues as well. Anyway, as we now all, mostly, agree and understand: No abuse is possible without an IP number. IP numbers are public resources that belong to society and currently these resources are not sold, licensed or supplied but 'assigned' I would argue that; As far as these public resources are concerned, the public has a right to know to whom public resources has been assigned. The assignee has a right to data privacy - but when using a public resource has can have no expectation of privacy as it is a public resource. As the public resources are also used to inter operate with other public resources, the public therefore has a stronger right to the data than the owner of the data and in order to be assigned public resources the data owner would have to assign the ownership of the public resource data to the RR. Your point though is very valid and if it was not for the fact that public resources are used for inter operation and without this inter operation there would be no network and no data would be able to be transmitted in itself, the rights to the public data is stronger on the side of the public. (public = society) All rights, including privacy, has to be in balance with the responsibility of those same rights and the rights of others, including society. Which is why the GDPR has an exception for law enforcement, courts, etc. At worst an exception may also be required for RR or for public resources at best it will be found that the data in the case of RR is public data to begin with and the public is the owner thereof. Andre On Tue, 29 May 2018 16:54:57 +0100 "Sascha Luck [ml]" <aawg@c4inet.net> wrote:
Hi Carlos,
On Tue, May 29, 2018 at 03:38:08PM +0100, Carlos Friaas wrote:
One can argue that a "real abuse contact" related to a DNS domain is necessary for the contract's performance, no? The same is valid about the contract between RIPE/NCC and LIRs over assigned IP address space, right?
You can argue that - it's the meat of the noyb ./. FB and Google cases, aiui. You can also argue that publishing this data without any access control is *not* necessary to the operation of the registry and therefore access to services can't be made contingent on consent to this. I predict there will be a court case over this very soon.
cheers, Sascha Luck
Cheers, Carlos
On Tue, 29 May 2018, Sascha Luck [ml] wrote:
On Tue, May 29, 2018 at 02:50:09PM +0200, Simon Forster wrote:
Would you be able to point to the section of the GDPR which states this? Admission: I have yet to make it to the end of the 88 pages of the act without falling asleep.
It derives (also the tenor of NOYB's filing, aiui) from Article 7(4):
"4. When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."
http://www.privacy-regulation.eu/en/article-7-conditions-for-consent-GDPR.ht...
cheers, Sascha Luck
The first case regarding this has already been filed: https://www.irishtimes.com/business/technology/max-schrems-files-first-cases... <https://www.irishtimes.com/business/technology/max-schrems-files-first-cases-under-gdpr-against-facebook-and-google-1.3508177> I appreciate a motion has been filed. However, I???d surprised if the case purely revolved around this single point.
It is positive that some of this stuff is going to be tested in court sooner rather than later. Having said that, it may be <sarcasm> a day or two </sarcasm> before we get to see a final judgement with no further appeals.
All the best
Simon