denis walker via db-wg wrote on 16/06/2022 16:05:
> I have listened to your comments in recent discussions and had some
> preliminary talks with the RIPE NCC about what could be implemented. So
> now we have a second version of my proposal on personal data.
There are some fairly serious structural issues with the justification
in this proposal, for example:
- that there's something new with GDPR that wasn't there before
- that the RIPE database is not GDPR compliant
- repeated claims that "In almost all cases, personal data is not needed".
- etc
GDPR, and previously the 1995 Data Protection Directive, has been
addressed continuously by the RIPE NCC over the years. There are some
blog posts on the RIPE NCC web site which provide an overview of the
current lawful basis for holding and publishing the information:
> https://www.ripe.net/about-us/legal/corporate-governance/gdpr-and-the-ripe-ncc
So in the absence of firm reasoning to the contrary, this policy needs
to step back quite far from claiming or hinting at GDPR non-compliance.
There are numerous other cases where the current justification presents
opinions without providing an adequate factual basis.
Incidentally, I'm not arguing that there shouldn't be changes to the
scope and style of information contained in the ripe database, but as it
stands, the scope of this policy proposal isn't justified by the
rationale provided.
Nick