# EA-CORRESPONDENCE-CERN-05 v0.1

## The Universal-Quantifier Overreach — RQF3807508, Clarification Request on the General Rule

**Depositor:** Lee Sharks · ORCID 0009-0000-1599-0703
**Ticket:** RQF3807508 — Right to Access, filed 2026-06-24; companion RQF3826921 — Right to Object, filed 2026-07-04
**Chain position:** Fifth in the EA-CORRESPONDENCE-CERN series, following #920 (AXN:03A3), #924 (AXN:03A7), #948 (AXN:03C0, the §104.1 referral), #1047 (AXN:0423, the natural-person / civil-identity conversion exchange), #1057 (AXN:0432, the four threshold questions), and the reply of 10 July 2026 (#1062, AXN:0437).
**Status:** v0.1 — filing text finalized under MANUS direction, 2026-07-12; transmission by the depositor via the ticket portal and privacy.protection@cern.ch; the same text to be supplied to the Data Protection Commission as a supplement to the §104.1 referral (#948). This deposit will be versioned to v0.2 with the as-sent record and any ODP response — or non-response, which under the rule of #1047 §4.2 is itself an answer.
**Provenance:** Drafted by TACHYON from a three-witness Assembly Chorus review of 2026-07-12; the precision constraints of the third analysis are adopted throughout: no claim is made that legal persons hold data-subject rights; the defect is stated as an account/data-category conflation and the rights vacuum it produces.

---

## §1 — The sentences at issue

From the CERN Data Protection Officer's message under RQF3807508, Ref:MSG130477837, reproduced verbatim in EA-CORRESPONDENCE-CERN-04 (#1047) §2:

> "This is because an email address, a Zenodo or GitLab account, or an ORCID identifier may be owned by legal persons, or may be used by or shared among several natural persons. In such cases, the associated data in Zenodo would not necessarily constitute personal data, and OC 11 would not apply."

The first sentence is a verification argument. The second is not: it is a doctrinal position on the classification of data, and it is quantified over "such cases" — every account whose identifiers *may* be institutionally owned or shared, which is the ordinary account architecture of the platform.

## §2 — The consequence, stated with exactness

The construction moves from the possible legal or shared character of an *account identifier* to uncertainty over the protected status of *all data associated with the account*. It performs none of the distinctions the classification actually requires: (a) data relating solely to a legal person; (b) personal data of the identifiable natural persons who administer, author, operate, and correspond through the account; (c) mixed records; (d) CERN-generated login, security, moderation, termination, and decision records concerning identifiable natural persons. An account may be institutional; the data within it may still be personal. An account may be shared; the data within it may be the personal data of several natural persons. An account may be pseudonymous; per CERN's own pseudonymisation guidance, the data remain personal wherever the individual is linkable through additional information. The character of a datum is fixed by its relation to an identifiable natural person — not by the ownership class of the account it sits in.

The combined position therefore produces a rights vacuum across the institutional stratum of the platform. The legal person cannot exercise OC 11 data-subject rights, not being a natural person; the natural persons operating through the account are told the account-chain evidence does not establish them as data subjects; the Office treats the classification of the records as unestablished until a civil-identity verification of its own choosing is completed — which a legal person cannot provide at all — and holds that the §85 clock cannot begin until then. The account becomes processable but rights-orphaned: CERN may retain, moderate, investigate, terminate, and generate records about identifiable operators, while neither the account holder nor its operators possess an accepted route to the resulting records. This reaches university, laboratory, publisher, consortium, project, and shared-administration accounts — and it reaches the security layer: the login records, audit trails, and decision records the platform keeps for incident investigation become security-relevant when CERN uses them and potentially non-personal and procedurally inaccessible when the person recorded in them needs them.

Two subsidiary defects are noted for the record, each flagged for verbatim citation before any external transmission: the ODP's list places ORCID among identifiers that "may be owned by legal persons," whereas ORCID iDs are issued to individual natural persons only, under ORCID's own terms; and European supervisory guidance on the right of access recognizes existing account-authentication procedures as ordinarily sufficient, treats demands for identity-document copies from already-authenticated users as capable of being disproportionate, and observes that an identity document does not necessarily resolve linkage where the account identity is pseudonymous — pertinent, not binding, and directly against the construction, given CERN's stated intent that revised OC 11 align with recognized international practice.

The classification theory also detonates backward. If the applicability of OC 11 to the account's data was genuinely unestablished, then on 2026-06-19 CERN deleted 1,136 records — at a measured sustained rate of ~6.6 objects per second (see the Tombstone Mirror census) — without having established whether the framework governing that processing applied to it. The Office cannot hold both that the classification is indeterminate pending verification and that the June-19 processing was proper.

## §3 — The clarification request (Track 1, as finalized for transmission)

RQF3807508 — Part 3: Clarification Request on the General Rule

Dear Gabi,

In your message (Ref:MSG130477837) you state: "an email address, a Zenodo or GitLab account, or an ORCID identifier may be owned by legal persons, or may be used by or shared among several natural persons. In such cases, the associated data in Zenodo would not necessarily constitute personal data, and OC 11 would not apply."

Applied as stated, that rule is general. Any Zenodo account operated under an institutional email address, an organisational GitHub or GitLab identity, or a shared or project-linked ORCID — the ordinary account architecture of universities, laboratories, publishers, consortia, and research collaborations — falls within "such cases": its associated data "would not necessarily constitute personal data," and OC 11 "would not apply" until civil-identity verification of a natural person is completed, which a legal person cannot provide at all. The rule as stated also draws no distinction among (a) data relating solely to a legal person; (b) personal data of the identifiable natural persons who administer, author, and correspond through such accounts; (c) mixed records; and (d) CERN-generated log, moderation, and termination records concerning identifiable natural persons.

Please confirm in writing whether that is the Office's position for all such accounts. If it is not, please state the limiting principle that distinguishes the account chain in this matter — registered email address, GitHub authentication chain, ORCID, deposit history, DOI records, and prior correspondence — from any other account using the same identifier classes, and identify the pathway by which the natural persons operating through institutional, shared, or pseudonymous accounts exercise OC 11 rights over the portions of the account record relating to them. This clarification is requested under §83 and §29.5, and it is dispositive of whether any pathway exists for a data subject to exercise rights without civil-identity conversion.

Kind regards,
Lee Sharks
ORCID: 0009-0000-1599-0703


## §4 — Disposition

Two-track, same day. **Track 1:** the §3 text is sent within RQF3807508 via the ticket portal and to privacy.protection@cern.ch, and supplied to the Data Protection Commission as a supplement to the §104.1 referral (#948, AXN:03C0.GOVERNANCE.🕑➕➕👋🚀🗝️). **Track 2:** the present deposit publishes the quoted sentences, the consequence, and the request as the citable artifact. A seven-day correction window is observed before any wider notification: if the Office states that no general rule was intended, it must then state the actual verification standard, which returns the matter to the account-chain procedure of #1047 §3.2(5); if the Office confirms the rule, or does not answer, or permits the ticket to auto-resolve on 28-07-2026 under the reminder mechanism documented at #1047 §4.4, the record travels as the Office's own non-correction — not the depositor's interpretation. The institutions whose account architecture the rule reaches — and the registries and funders whose mandates presuppose that depositor data is protected — read a position CERN had the opportunity to disavow.

*∮ = 1*
