<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=windows-1252" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> <blockquote cite="mid:4A52EEBE-8585-408E-A19B-0A495053B38F@rfc1035.com" type="cite"> <pre wrap="">So let me spell it out for you. A Data Controller has certain responsibilities to discharge before they pass Personal Data to a third party. </pre> </blockquote> Jim, I share this point of view and do not object to it. But, it seems to me that this should be the second question in this discussion. This discussion should start from the other questions: Who and when asked every individual who stores personal data in the RIPE database: are they allow to pass personal data to a third party? There were no questions about it. So, why there were no question but silently accepted that everyone accept that the data should be passed? All is discussed is "we will pass personal data to a third party - let's discuss the way we pass them". But who decide that we will pass the data? Why this data should be passed to someone (law enforcements do not take into account) who may (or will ) do what their want? And who from the users who stores personal data in RIPE database authorize RIPE for this operation? Additional initial questions should be: - for what kind of purpose personal data may be passed to a third-party? - in what kind situations personal data should be passed to a third party? <blockquote cite="mid:4A52EEBE-8585-408E-A19B-0A495053B38F@rfc1035.com" type="cite"> <pre wrap="">Nobody ever said it was about protecting third parties AFAICT. </pre> </blockquote> I understand this. But in situation when we do not ask owners of the personal data about their decision but we're discussing about passing of personal data, in fact, we're protecting a third parties and we're breaking rights of the any person who stores his/her personal data in the Data Controller. It's no a charge - it's just a statement of fact: we jump over some significant questions. And the questions we jumped over are the main in personal data protection: nor third-party nor RIPE are not authorized to decide what to do with the personal data. The only one person who can decide this - is the owner of the personal data. But we did not ask him - and there is a problem <pre class="moz-signature" cols="72">-- Best wishes, Andrey Semenchuk Trifle Internet Service Provider (056) 731-99-11 <a class="moz-txt-link-abbreviated" href="http://www.trifle.net">www.trifle.net</a> </pre> </body> </html>