PERSON objects in the RIPE Database
On 20/09/2018 15:04, denis walker via db-wg wrote:
Colleagues,
I will start with a blunt question, then give some arguments for my concern. In May the RIPE NCC told me there are?more than 2 million PERSON objects in the RIPE Database. That is almost 25% of the objects in the database. Who are these people and why do we hold so much personal data?
Hello, I suspect that many of these objects are old (pre-API) and/or duplicates. Before RIPE had a REST API (and I can't tell how many ISPs still use emails to create their resources) automatically fetching, linking, and updating a RIPE object was a pain (as is the current situation with APNIC) and likely involved someone to create the email personally. Hence going the easy route--making new entries every time. Regards, Alexander Stranzky -- velia.net Internetdienste GmbH * Hessen-Homburg-Platz 1 * 63452 Hanau Geschäftsführer: Franz G. Köhler, Arek Akilli * AG Hanau * HRB 7588 Tel: +49 6181 1898119 * http://www.velia.net
Hi Alexander You may well be right but duplicated personal data in a public database for 'convenience' is probably not acceptable. cheersdenisco-chair DB-WG From: Alexander Stranzky via db-wg <db-wg@ripe.net> To: db-wg@ripe.net Sent: Thursday, 20 September 2018, 14:57 Subject: [db-wg] PERSON objects in the RIPE Database On 20/09/2018 15:04, denis walker via db-wg wrote:
Colleagues,
I will start with a blunt question, then give some arguments for my concern. In May the RIPE NCC told me there are?more than 2 million PERSON objects in the RIPE Database. That is almost 25% of the objects in the database. Who are these people and why do we hold so much personal data?
Hello, I suspect that many of these objects are old (pre-API) and/or duplicates. Before RIPE had a REST API (and I can't tell how many ISPs still use emails to create their resources) automatically fetching, linking, and updating a RIPE object was a pain (as is the current situation with APNIC) and likely involved someone to create the email personally. Hence going the easy route--making new entries every time. Regards, Alexander Stranzky -- velia.net Internetdienste GmbH * Hessen-Homburg-Platz 1 * 63452 Hanau Geschäftsführer: Franz G. Köhler, Arek Akilli * AG Hanau * HRB 7588 Tel: +49 6181 1898119 * http://www.velia.net
Am 20.09.18 um 15:40 schrieb denis walker:
Hi Alexander
You may well be right but duplicated personal data in a public database for 'convenience' is probably not acceptable.
Hi Dennis, I totally agree with you. But unfortunately it's difficult to force ISPs to clean up their data. Regards, Alexander Stranzky -- velia.net Internetdienste GmbH * Hessen-Homburg-Platz 1 * 63452 Hanau Geschäftsführer: Franz G. Köhler, Arek Akilli * AG Hanau * HRB 7588 Tel: +49 6181 1898119 * http://www.velia.net
Hi Alexander GDPR is the necessary 'force'. If there is personal data in the database that cannot be justified according to the defined purpose of the database and governing policies then it should be removed. cheersdenisco-chair DB-WG From: Alexander Stranzky via db-wg <db-wg@ripe.net> To: ripedenis@yahoo.co.uk; "db-wg@ripe.net" <db-wg@ripe.net> Sent: Thursday, 20 September 2018, 15:45 Subject: [db-wg] PERSON objects in the RIPE Database Am 20.09.18 um 15:40 schrieb denis walker:
Hi Alexander
You may well be right but duplicated personal data in a public database for 'convenience' is probably not acceptable.
Hi Dennis, I totally agree with you. But unfortunately it's difficult to force ISPs to clean up their data. Regards, Alexander Stranzky -- velia.net Internetdienste GmbH * Hessen-Homburg-Platz 1 * 63452 Hanau Geschäftsführer: Franz G. Köhler, Arek Akilli * AG Hanau * HRB 7588 Tel: +49 6181 1898119 * http://www.velia.net
Good point -- actually there is no need to have any person objects in the database, except for: - the owner of internet resource is in fact a natural person; - voluntarily offering personal data, e.g. if admins willingly want to share their details by referencing person objects from a role object. Agoston On Thu, Sep 20, 2018 at 3:52 PM denis walker via db-wg <db-wg@ripe.net> wrote:
Hi Alexander
GDPR is the necessary 'force'. If there is personal data in the database that cannot be justified according to the defined purpose of the database and governing policies then it should be removed.
cheers denis co-chair DB-WG
________________________________ From: Alexander Stranzky via db-wg <db-wg@ripe.net> To: ripedenis@yahoo.co.uk; "db-wg@ripe.net" <db-wg@ripe.net> Sent: Thursday, 20 September 2018, 15:45 Subject: [db-wg] PERSON objects in the RIPE Database
Am 20.09.18 um 15:40 schrieb denis walker:
Hi Alexander
You may well be right but duplicated personal data in a public database for 'convenience' is probably not acceptable.
Hi Dennis,
I totally agree with you. But unfortunately it's difficult to force ISPs to clean up their data.
Regards, Alexander Stranzky -- velia.net Internetdienste GmbH * Hessen-Homburg-Platz 1 * 63452 Hanau Geschäftsführer: Franz G. Köhler, Arek Akilli * AG Hanau * HRB 7588 Tel: +49 6181 1898119 * http://www.velia.net
Hello, I do agree somewhat at least, I do think it is reasonable that there would not have to be person objects since if the internet resource owner is a natural person, they will still have an organisation object. This really made me consider it, and I can't really see a valid reason to require person objects to create a maintainer for example. Kind regards, Cynthia Revström On 2018-09-21 15:52, Agoston Horvath via db-wg wrote:
Good point -- actually there is no need to have any person objects in the database, except for: - the owner of internet resource is in fact a natural person; - voluntarily offering personal data, e.g. if admins willingly want to share their details by referencing person objects from a role object.
Agoston On Thu, Sep 20, 2018 at 3:52 PM denis walker via db-wg <db-wg@ripe.net> wrote:
Hi Alexander
GDPR is the necessary 'force'. If there is personal data in the database that cannot be justified according to the defined purpose of the database and governing policies then it should be removed.
cheers denis co-chair DB-WG
________________________________ From: Alexander Stranzky via db-wg <db-wg@ripe.net> To: ripedenis@yahoo.co.uk; "db-wg@ripe.net" <db-wg@ripe.net> Sent: Thursday, 20 September 2018, 15:45 Subject: [db-wg] PERSON objects in the RIPE Database
Am 20.09.18 um 15:40 schrieb denis walker:
Hi Alexander
You may well be right but duplicated personal data in a public database for 'convenience' is probably not acceptable. Hi Dennis,
I totally agree with you. But unfortunately it's difficult to force ISPs to clean up their data.
Regards, Alexander Stranzky -- velia.net Internetdienste GmbH * Hessen-Homburg-Platz 1 * 63452 Hanau Geschäftsführer: Franz G. Köhler, Arek Akilli * AG Hanau * HRB 7588 Tel: +49 6181 1898119 * http://www.velia.net
Hello, On 9/21/18 5:00 PM, Cynthia Revström via db-wg wrote:
This really made me consider it, and I can't really see a valid reason to require person objects to create a maintainer for example.
You can use ROLE object instead of PERSON for maintaner creation (and of course for every object, where you can reference person object). Person is *not* required. Well, currently is not possible to create role-maintainer pair like person-maintainer with webuptates, but this isn't hard to implement I think. But you can easily workaround this by creating person-maintainer pair, then creating role, update maintainer and deleting (temporary) person object. With regards, Daniel
Hello, My point was with the maintainer pair creation as I don't see a reason to give up personal information in the first place. Kind Regards, Cynthia Revström On 2018-09-21 18:38, Daniel Suchy via db-wg wrote:
Hello,
On 9/21/18 5:00 PM, Cynthia Revström via db-wg wrote:
This really made me consider it, and I can't really see a valid reason to require person objects to create a maintainer for example. You can use ROLE object instead of PERSON for maintaner creation (and of course for every object, where you can reference person object). Person is *not* required.
Well, currently is not possible to create role-maintainer pair like person-maintainer with webuptates, but this isn't hard to implement I think. But you can easily workaround this by creating person-maintainer pair, then creating role, update maintainer and deleting (temporary) person object.
With regards, Daniel
participants (5)
-
Alexander Stranzky -
Cynthia Revström -
Daniel Suchy -
denis walker -
horvath.agoston@gmail.com