Policy-Discussion

[Rasika Dayarathna <dayarathna AT gmail.com>]

     / I would like to draw your attention to Article 6 of the EU
     directive on processing personal data/. “/Article 6

1. Member States shall provide that personal data must be:
(a) processed fairly and lawfully;
(b) collected for specified, explicit and legitimate purposes and not 
further processed in a way incompatible with those purposes. Further 
processing of data for historical, statistical or scientific purposes 
shall not be considered as incompatible provided that Member States 
provide appropriate safeguards;
(c) adequate, relevant and not excessive in relation to the purposes for 
which they are collected and/or further processed;
(d) accurate and, where necessary, kept up to date; every reasonable 
step must be taken to ensure that data which are inaccurate or 
incomplete, having regard to the purposes for which they were collected 
or for which they are further processed, are erased or rectified;
(e) kept in a form which permits identification of data subjects for no 
longer than is necessary for the purposes for which the data were 
collected or for which they are further processed. Member States shall 
lay down appropriate safeguards for personal data stored for longer 
periods for historical, statistical or scientific use.

/“/

/I think we should strict to something similar to this, if we want to go 
to EU countries. Can we make everything private? I f anyone want to make 
his data public, he can do it himself?/

/ /

/ /



Sven Anderson wrote:

> Jac Kersing, 12.01.2007 17:42:
>  
>
> > On Fri, 12 Jan 2007, Sven Anderson wrote:
> >
> >    
> >
> > > So here's my proposal: Why not make CAcert to a public space? All
> > > information in the CAcert databases is declared as public, who wants to be
> > > part of it, has to agree with that.
> > >      
> > As there are already several thousands users that did not get to choose 
> > when signing up, this should never happen. You could of course create a 
> > new certificate authority with this model.
> >    
>
> Of course you cannot just switch to it. But you could ask every user to
> klick on "make my data public".
>
>  
>
> > > I mean, what information does CAcert have about me anyway? My real name, 
> > > my email-address (both in my certificates and therefor public anyway), 
> > > and whom I gave and from whom I got how many assurance points and where.
> > >      
> > And your birthdate. Name and birthdate are very interesting for social 
> > engineers given that some companies use the combination for quick id
> > verification purposes on the phone (not wise, but that's another issue)
> >    
>
> Good point, why does CAcert collect the birthdate? As it doesn't apprear
> in the certificates, it is just an hidden feature for investigators? If it
> is not neccessary for the issued certificates, I would not store it, or do
> I miss something?
>
>
> Cheers,
>
> Sven
>
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Have you subscribed to our RSS News Feed yet?
>
> CAcert-Policy mailing list
> CAcert-Policy AT lists.cacert.org
> http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy
>