Hi, On Thu, Jul 28, 2022 at 01:33:07PM +0200, Maria Stafyla via db-wg wrote:
As mentioned in the Legal Review Impact Analysis, if the geofeed attribute is inserted for registrations of assignments that are reasonably assumed to be related to one individual user, then the attribute will be considered as containing personal data and GDPR will apply. This is why we have proposed to implement restrictions.
I maintain that this part of the analysis is fundamentally flawed. The size of an assignment does not have any correlation to the entity that the prefix is assigned to - we can assign IPv4 /32s to corporate customers, and we can assign IPv4 /28s to private end users, and this is perfectly within the scope of the relevant RIPE policies. Inventing restrictions based on "but it looks like!!" guesswork is not what we are paying the RIPE NCC for. *Especially* as the information entered is not PII itself, but a pointer to a URL which could, as has been stated, contain anything from "ZZ" to very detailed addresses, fully under control and fully in the responsibility of the entity maintaining that list. I have the nagging suspicion that people are not listening here, because all this was already said months ago, and we're still running in circles. Gert Doering -- totally not interested in geofeed:, but annoyed by arbitrary restrictions not in line with RIPE policies -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279