Dear members, GDPR is quite specific about personal data: ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; If the geofeed doesn't contain the above mentioned means to directly or indirectly identify a natural person then GDPR don't apply, especially if the geofeed refers only to a country or province. In general anonymization is assumed with K > 5, e.g. geographic information covering more than 5 natural persons. RIPE should be on the safe side if such geographic information refers to a province, region or country. (This is a brief summary of a discussion with Dr. Jur. Christoph Tschohl about this topic) Much more critical are the 100k or maybe even millions of RIPE-db entries, containing name and street address of natural persons which are under the sole control of RIPE. Best regards, MiKa On 2021-01-07 15:59, denis walker via db-wg wrote:
HI Hank, colleagues
[... ...]
Perhaps another question, to the RIPE NCC legal team, if I have a fixed IP address or block of addresses, is this geofeed location data personal data under the terms of GDPR?
cheers denis co-chair DB-WG