On Tue, Oct 25, 2016 at 10:17:52PM +0200, denis wrote: Dear Denis
Have you forgotten about the almost million personal data sets that the RIPE NCC locked and then asked the community to decide what to do next? I wrote a detailed argument on why I believe this is a serious legal issue some time ago, which not even the RIPE NCC answered: https://www.ripe.net/ripe/mail/archives/db-wg/2016-September/005318.html
Bottom line, the RIPE NCC is both responsible for and liable for publishing in a public database the personal details of almost a million people who they have no relationship with, no knowledge of and no contact with. That breaks data protection laws. They cannot hide behind being the 'data controller' or the arguments made by the RIPE Data Protection Task Force many years ago that this responsibility was delegated to the LIRs. If the RIPE NCC's MNTNER object protects these PERSON objects, the RIPE NCC is responsible and liable for this data.
The objects should be reverted back to unmaintained and the operational data that references them should be locked. That will force members to sort the problem out themselves, after ignoring it for many years.
I have not forget about this topic. It is going to be presented by Tim under point D in the agenda. All the best, Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl