Following Denis’s presentation at the last database working group meeting and Elvis’s messages to the RIPE NCC members list I think it is time to have a new discussion on the need for personal objects in the RIPE Database.
https://ripe77.ripe.net/presentations/63-PERSONobjects.pdf https://ripe77.ripe.net/archives/video/2298/ https://www.ripe.net/ripe/mail/archives/members-discuss/2019-February/003295.html
This is not questioning previous legal assessments of GDPR compliance, but taking a step back and looking at how would we do this if we were to design the RIPE Database with today's privacy requirements in mind.
The ccTLD for .NO, Norid made an update to their service last year to completely remove person objects from their database. https://www.norid.no/uploads/2017/12/Datamodell-revidert-en-v2.pdf
In terms of the RIPE Database, that would mean that resources would refer to organisational objects and roles, not to personal objects.
Perhaps Denis and/or Elvis would propose a policy change in this respect?
Hans Petter