MR> Maybe we need RDPCs (Region Data Privacy Coordinator). But I bet that MR> nobody would like to do that job :)
I certainly don't want it and I think we should do everything we can to avoid having to appoint someone like that. My POV is that we should maintain we do not need such an official.
MR> I found another tidbit. To transfer personal data to a non-EU country MR> legally the destination country has to be on a white-list of countries MR> with similar data privacy laws. The USA aren't on that list but MR> there's the Privacy Shield. If you want to transfer personal data to MR> the US, like the Z2 part of the nodelist, the organization in the USA MR> receiving the data has to be certified for being compliant with the MR> Privacy Shield. In our case Z1 would need that certification.
I fail to see how this can apply to data that is made publically available. Does it apply to telephone books?
MR> Oh my, it's becoming a nightmare.
If it is too bad to be true, it probably isn't. ;-)