<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">Le 30 oct. 2018 à 14:49, Alan Greenberg <<a href="mailto:alan.greenberg@mcgill.ca" class="">alan.greenberg@mcgill.ca</a>> a écrit :</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252" class="">
<div class="">
GDPR, in the context of WHOIS/RDS and ICANN applies only to gTLD Registrants' personal data and not all users.<br class=""></div></div></blockquote>Yes sure. But if a good practice for once is coming from the g world I am sure that some of the cc can do the same.<br class=""><blockquote type="cite" class=""><div class=""><div class="">
<br class="">
The wider we allow redaction, the less access there is for cybersecurity and consumer protection/fraud issues.<br class=""></div></div></blockquote>I guess here we have a question between collecting the data (and the need for law enforcement and consumer protection must be take into account) and displaying the data publicly with WHOIS/RDS.</div><div>Allowing collection is different from public availability.</div><div>SeB<br class=""><blockquote type="cite" class=""><div class=""><div class="">
<br class="">
Alan<br class="">
<br class="">
At 30/10/2018 08:07 AM, Sebastien Bachollet wrote:<br class="">
<blockquote type="cite" class="cite" cite="">Hello,<br class="">
I have questions:<br class="">
If and when other GDPR like policies are developed in other part of the World do ICANN will need to enforce a policy for each « regime »?<br class="">
Or as At-Large can’t we ask for a protection for all the (individual) (end) users?<br class="">
And if we consider GDPR as a good step to protect (individual) (end) users privacy in Europe, why not for the others?<br class="">
<br class="">
If we have to support distinction, it must be on the basis of the residence (the address in the Whois) and not the citizenship.<br class="">
<br class="">
It must be also allow and possible if one want to publish their personal data to do so.<br class="">
<br class="">
One world, one Internet, one privacy protection for all Internet individual end users ;)<br class="">
<br class="">
All the best<br class="">
SeB<br class="">
<br class="">
<blockquote type="cite" class="cite" cite="">Le 30 oct. 2018 à 07:43, Bastiaan Goslings <<a href="mailto:bastiaan.goslings@ams-ix.net" class=""> bastiaan.goslings@ams-ix.net</a>> a écrit :<br class="">
<br class="">
Just a quick comment, also related to a comment Maureen made earlier ('with EU citizens working and living all over the world for various reasons and varying lengths of time, what is the actual definition for "resident of the EUâ€):<br class="">
<br class="">
I’m not aware of the GDPR referring to either EU ‘citizens’ or ‘residents’.
<br class="">
<br class="">
See art 3 of the GDPR <a href="https://gdpr-info.eu/art-3-gdpr/" class="">https://gdpr-info.eu/art-3-gdpr/</a> which sets the territorial scope.<br class="">
<br class="">
So the GDPR is applicable to controllers and processors in the Union, regardless of whether the processing takes place in the Union (and regardless of whether the data subjects affected are in the Union), and to the processing of personal data of data subjects
who are in the Union by controllers and processors not established in the Union.<br class="">
<br class="">
(see also recitals 2 and 14 <a href="https://gdpr-info.eu/recitals/" class="">https://gdpr-info.eu/recitals/</a> )<br class="">
<br class="">
Anyway, looking at the example mentioned below, any citizen living in the US, not just those from the EU, 'would get the benefit of GDPR when the Controller or Processor with their data is “established†in the EU'.<br class="">
<br class="">
-Bastiaan<br class="">
<br class="">
<br class="">
<br class="">
<br class="">
<blockquote type="cite" class="cite" cite="">On 30 Oct 2018, at 05:52, Greg Shatan <<a href="mailto:greg@isoc-ny.org" class="">greg@isoc-ny.org</a>> wrote:<br class="">
<br class="">
Alan,<br class="">
<br class="">
One slight caveat: an EU Citizen living in the US would still get the benefit of GDPR when the Controller or Processor with their data is “established†in the EU. But they get that benefit only because the Controller or Processor’s covered by GDPR.<br class="">
<br class="">
Greg<br class="">
On Tue, Oct 30, 2018 at 12:40 AM Greg Shatan <<a href="mailto:greg@isoc-ny.org" class="">greg@isoc-ny.org</a>> wrote:<br class="">
I also think it should be restricted to what GDPR requires. Anything beyond that essentially puts ICANN into the business of making privacy policy without a basis in law, which is beyond the remit of the EPDP.
<br class="">
<br class="">
There may be an interesting discussion to be had about whether ICANN should change WHOIS for policy reasons, but the EPDP is not the place for that conversation.
<br class="">
<br class="">
Greg <br class="">
On Mon, Oct 29, 2018 at 11:12 PM Jonathan Zuck <<a href="mailto:JZuck@innovatorsnetwork.org" class=""> JZuck@innovatorsnetwork.org</a>> wrote:<br class="">
I'm inclined to say restricted if for no other reason than we'll eventually have a bunch of GDPRs that are slightly different.<br class="">
<br class="">
On 10/29/18, 9:36 PM, "GTLD-WG on behalf of Alan Greenberg" <<a href="mailto:gtld-wg-bounces@atlarge-lists.icann.org" class=""> gtld-wg-bounces@atlarge-lists.icann.org</a> on behalf of
<a href="mailto:alan.greenberg@mcgill.ca" class="">alan.greenberg@mcgill.ca</a> > wrote:<br class="">
<br class="">
GDPR is applicable to residents of the EU by companies resident there <br class="">
and worldwide.<br class="">
<br class="">
One of the issues is whether contracted parties should be allowed or <br class="">
required to distinguish between those who are resident there and elsewhere.<br class="">
<br class="">
There is agreement that such distinction should be allowed, but EPDP <br class="">
is divided on whether it should be required. The GAC/BC/IPC want to <br class="">
see the distinction made, and at least one very large contracted <br class="">
party does already make the distinction. Other contracted parties are <br class="">
pushing back VERY strongly saying that there is virtually no way that <br class="">
the can or are willing to make the distinction.<br class="">
<br class="">
The current (confusing) state of the working document is attached.<br class="">
<br class="">
Which side should ALAC come down on?<br class="">
<br class="">
- Restrict application to those to whom GDPR applies?<br class="">
- Apply universally ignoring residence?<br class="">
<br class="">
As usual, quick replies requested.<br class="">
<br class="">
Alan<br class="">
<br class="">
_______________________________________________<br class="">
CPWG mailing list<br class="">
<a href="mailto:CPWG@icann.org" class="">CPWG@icann.org</a><br class="">
<a href="https://mm.icann.org/mailman/listinfo/cpwg" eudora="autourl" class="">https://mm.icann.org/mailman/listinfo/cpwg</a><br class="">
_______________________________________________<br class="">
GTLD-WG mailing list<br class="">
<a href="mailto:GTLD-WG@atlarge-lists.icann.org" class="">GTLD-WG@atlarge-lists.icann.org</a><br class="">
<a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" eudora="autourl" class="">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br class="">
<br class="">
Working Group direct URL: <a href="https://community.icann.org/display/atlarge/New+GTLDs" eudora="autourl" class="">
https://community.icann.org/display/atlarge/New+GTLDs</a><br class="">
_______________________________________________<br class="">
CPWG mailing list<br class="">
<a href="mailto:CPWG@icann.org" class="">CPWG@icann.org</a><br class="">
<a href="https://mm.icann.org/mailman/listinfo/cpwg" eudora="autourl" class="">https://mm.icann.org/mailman/listinfo/cpwg</a></blockquote>
<br class="">
_______________________________________________<br class="">
CPWG mailing list<br class="">
<a href="mailto:CPWG@icann.org" class="">CPWG@icann.org</a><br class="">
<a href="https://mm.icann.org/mailman/listinfo/cpwg" eudora="autourl" class="">https://mm.icann.org/mailman/listinfo/cpwg</a><br class="">
_______________________________________________<br class="">
GTLD-WG mailing list<br class="">
<a href="mailto:GTLD-WG@atlarge-lists.icann.org" class="">GTLD-WG@atlarge-lists.icann.org</a><br class="">
<a href="https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg" eudora="autourl" class="">https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg</a><br class="">
<br class="">
Working Group direct URL: <a href="https://community.icann.org/display/atlarge/New+GTLDs" class="">
https://community.icann.org/display/atlarge/New+GTLDs</a></blockquote>
</blockquote>
</div>
</div></blockquote></div><br class=""></body></html>