Publishing Deleted Objects - Legal Analysis
Dear colleagues, In response to the question raised on the Database WG mailing list, “…whether there would be legal restrictions or considerations with regards to publishing information about deleted objects or the deleted objects themselves”, please find below a preliminary analysis from a legal perspective. The RIPE Database contains a variety of types of data. A distinction should be made between database objects that contain personal data (i.e. person and role objects) and those that do not (i.e. inetnum, inet6num, autnum, etc.). For database objects containing personal data, the Personal Data Protection Act in the Netherlands applies. More specifically, according to the Act personal data may be collected for specific, explicitly defined and legitimate purposes. Once collected, this data must not be kept for any longer than is necessary to achieve the purpose for which it has been collected. In consultation with the RIPE community, the RIPE Data Protection Task Force identified the reason why personal data should be inserted into, and made publicly available through, the RIPE Database. The reason the Internet community initially requested that this data be made publicly available was for Internet operation purposes. Internet network operators should have each other’s contact details (which is considered to be personal data by the Act) in order to facilitate communication among the individuals responsible for networks in case of operational problems in the network (troubleshooting, abuse, etc.). Accordingly, the RIPE Database contains the contact details of individuals that are responsible for resolving operational problems in a network. However, if an individual no longer has this responsibility, this individual’s contact details must be deleted from the RIPE Database. If the RIPE community wishes to have access to contact details of individuals that were responsible for resolving operational problems in the past, then the RIPE community must have a specific, explicitly defined and legitimate purpose for it. If such a purpose is defined, the RIPE NCC will proceed with investigating the conditions under which this feature can be implemented in compliance with the Act. Implementation of this feature may include prior consent of these individuals. For more information about the implementation of this legislation in the RIPE Database and related services, please see the RIPE NCC Data Protection Report [1]. For database objects that do not contain personal data, there are no restrictions in terms of personal data protection. If the RIPE Community wishes the RIPE NCC to include the feature for publishing the history of deleted objects in the RIPE Database, the RIPE NCC will proceed with the implementation of this feature. As part of this process the RIPE NCC will need to investigate and possibly update its procedures and governance documents to ensure compliance with its legal obligations. Updating the relevant governance documents is subject to the RIPE NCC procedural document “Adoption Process for RIPE NCC Corporate Documents” [2]. Kind regards, Athina Fragkouli Legal Counsel RIPE NCC [1] https://www.ripe.net/about-us/legal/ripe-ncc-data-protection-report [2] https://www.ripe.net/about-us/corporate-governance/adoption-process-for-ripe...
On Tue, 02 Jun 2015 14:36:21 +0100, Athina Fragkouli wrote:
If the RIPE community wishes to have access to contact details of individuals that were responsible for resolving operational problems in the past, then the RIPE community must have a specific, explicitly defined and legitimate purpose for it. If such a purpose is defined, the RIPE NCC will proceed with investigating the conditions under which this feature can be implemented in compliance with the Act. Implementation of this feature may include prior consent of these individuals.
Thanks, Athina. IIUC, if such a purpose as "maintaining a historical record" were defined, the relevant data subjects would have to opt in before their details could be included. Is that it? ATB Niall
Hi Niall On 02/06/2015 16:49, Niall O'Reilly wrote:
On Tue, 02 Jun 2015 14:36:21 +0100, Athina Fragkouli wrote:
If the RIPE community wishes to have access to contact details of individuals that were responsible for resolving operational problems in the past, then the RIPE community must have a specific, explicitly defined and legitimate purpose for it. If such a purpose is defined, the RIPE NCC will proceed with investigating the conditions under which this feature can be implemented in compliance with the Act. Implementation of this feature may include prior consent of these individuals. Thanks, Athina.
IIUC, if such a purpose as "maintaining a historical record" were defined, the relevant data subjects would have to opt in before their details could be included. Is that it?
Two of the existing purposes partially cover this: - Providing information about the Registrant and Maintainer of Internet number resources when the resources are suspected of being used for unlawful activities, to parties who are authorised under the law to receive such information. - Providing information to parties involved in disputes over Internet number resource registrations to parties who are authorised under the law to receive such information. These allow for the NCC to retain this information (maintain a historical record) for investigations or disputes that may arise in the future over historical resources. But neither allow for this historical information to be made publicly available in respect of personal data or (referring to my previous email) data used purely for the management of operational data. cheers denis
ATB Niall
On Tue, 02 Jun 2015 16:10:56 +0100, denis wrote:
Two of the existing purposes partially cover this:
[detail omitted] Thanks for explaining this detail, Denis. ATB Niall
Den 2015-06-02 15:36, Athina Fragkouli skrev:
Dear colleagues, Hi Athina,
Thank you for the legal clarification i this matter.
In response to the question raised on the Database WG mailing list, “…whether there would be legal restrictions or considerations with regards to publishing information about deleted objects or the deleted objects themselves”, please find below a preliminary analysis from a legal perspective.
The RIPE Database contains a variety of types of data. A distinction should be made between database objects that contain personal data (i.e. person and role objects) and those that do not (i.e. inetnum, inet6num, autnum, etc.).
For database objects containing personal data, the Personal Data Protection Act in the Netherlands applies. More specifically, according to the Act personal data may be collected for specific, explicitly defined and legitimate purposes. Once collected, this data must not be kept for any longer than is necessary to achieve the purpose for which it has been collected.
In consultation with the RIPE community, the RIPE Data Protection Task Force identified the reason why personal data should be inserted into, and made publicly available through, the RIPE Database. The reason the Internet community initially requested that this data be made publicly available was for Internet operation purposes. Internet network operators should have each other’s contact details (which is considered to be personal data by the Act) in order to facilitate communication among the individuals responsible for networks in case of operational problems in the network (troubleshooting, abuse, etc.).
Accordingly, the RIPE Database contains the contact details of individuals that are responsible for resolving operational problems in a network. However, if an individual no longer has this responsibility, this individual’s contact details must be deleted from the RIPE Database.
If the RIPE community wishes to have access to contact details of individuals that were responsible for resolving operational problems in the past, then the RIPE community must have a specific, explicitly defined and legitimate purpose for it. If such a purpose is defined, the RIPE NCC will proceed with investigating the conditions under which this feature can be implemented in compliance with the Act. Implementation of this feature may include prior consent of these individuals.
For more information about the implementation of this legislation in the RIPE Database and related services, please see the RIPE NCC Data Protection Report [1].
For database objects that do not contain personal data, there are no restrictions in terms of personal data protection. If the RIPE Community wishes the RIPE NCC to include the feature for publishing the history of deleted objects in the RIPE Database, the RIPE NCC will proceed with the implementation of this feature. As part of this process the RIPE NCC will need to investigate and possibly update its procedures and governance documents to ensure compliance with its legal obligations. Updating the relevant governance documents is subject to the RIPE NCC procedural document “Adoption Process for RIPE NCC Corporate Documents” [2].
If we can start out with inetnum, inet6num, aut-num, route, route6 and organisation it's good so far. I have a question about the word "purposes" of the text. Denis also mentions "purposes" in his e-mail. Are these "purposes" defined somewhere in a RIPE document or is it a legal definition that must be applied to what we believe is the "purpose" of an object? regards, -- Bengt Gördén Resilans AB
participants (4)
-
Athina Fragkouli
-
Bengt Gördén
-
denis
-
Niall O'Reilly