|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Monitoring, Flow Stats (Re: spam whore, norcal-systems)
On Wed, 3 Feb 1999, Roeland M.J. Meyer wrote: > Here is something germane to this thread. > > >Date: Tue, 02 Feb 1999 19:42:43 -0500 > >From: "vinton g. cerf" <[email protected]> > >Subject: EC Directive on IP Addresses and Privacy ... [Cerf quoting someone not named:] > >"Yesterday, I learned from a very well-placed U.S. Government source that > >European law enforcement officials have told their American counterparts > >that they interpret the E.C. Data Protection Directive as prohibiting > >Internet service providers from maintaining records of users' IP > >addresses unless necessary for service or billing. This position indicates > >that E.C. officials consider both dynamic and static IP addresses to be > >subject to the Directive as "personal data'...relating to an...identifiable > >natural person" under Article 2(a) of the Directive. Therefore, it is > >being interpreted that the European Directive prohibits the retention of > >dynamic IP addresses even by an ISP unless it is used for billing purposes > >(which is rarely the case). > > > >If shared by others in the E.C., the position could have significant > >implications for Internet business models." While it isn't clear exactly what a "European law enforcement official" is or why they would be concerned with the Data Protection Directive, I can assure you that not only do European ISPs maintain Radius logs that tie dynamic IP addresses to user accounts but they are also strongly encouraged to do this by their national governments in most or all member states of the European Union. In the UK, for example, the London Internet Exchange (the LINX) and ISPA UK, the trade association, have formally endorsed a Traceability BCP that includes as a recommended practice the archiving of Radius logs to allow spam and illegal content to be traced back to the responsible individual. I understand that in France ISPs are *required* to archive their Radius logs. EuroISPA, the European ISP trade association, checked with officials at DG XV, the relevant directorate of the European Commission, for their opinion regarding the statements quoted above. So far their opinion appears to be that maintenance of such logs is OK so long as customers are aware that logs are being kept and the logs are not kept for too long. We talked to DG XV this morning. We will continue to pursue this matter both with the European Commission and with the UK government until we have a good understanding of what our position is. Incidentally, to the best of my knowledge non-compliance with the Data Protection Act is not a criminal matter. If you don't comply, you get sued. -- Jim Dixon VBCnet GB Ltd http://www.vbc.net tel +44 117 929 1316 fax +44 117 927 2015
|