[Gnso-impl-thickwhois-rt] Additional triggers and privacy law

theo geurts gtheo at xs4all.nl
Sat Jan 21 19:30:06 UTC 2017 

Hello all,

I am not in favor in creating a "trigger" based on the data retention 
waiver. First of all, that process was horrible and costly, and I can 
only conclude that there still Registrars out there that started in 
2013, still not have obtained a waiver in 2017.

We as an IRT concluded that it is up to the Registrars own due diligence 
to determine if there is an issue with privacy laws.
The rationale behind that is/was simple:
2011, 76 countries having data privacy laws.
2016, 109 countries having privacy laws.
2017, 35 more countries are currently drafting privacy laws.

As mentioned before this is a moving target and not up to us to address.

That being said, the current solution when it comes to the migration and 
issues with privacy law is not a solution. I appreciate the fact that 
Verisign noted it during the comment period, but as several Registrars 
has mentioned in the past, it is not a good solution.

After the latest GNSO meeting I hoped to see some progress on the WHOIS 
IAG matter, but frankly, with the current speed, I am afraid that the 
WHOIS IAG will be overtaken by stationary objects.

That either means there is a problem or there is not, and I would like 
to get some input from the IRT on it.

If there is no problem, please provide me with some info on why it is 
not an issue.

If it is an issue then how do we address it? We can't tell Registrars 
you must migrate WHOIS data before X date and if there is a problem then 
just break the law.
We also cannot create a situation that if a Registrar can not migrate 
the data, run into compliance issues that might end up in 
de-accreditation of that Registrar, I think we all agree that is just 
plain silly and the wrong message.

My solution here would be, and it is not great, to be honest, that until 
the matter can be resolved the  Registry operator supports both thin and 
thick whois registrations and shall carry the burden for both systems.
The Registrar might also carry a burden here. As they might come into a 
situation, they are forced to implement RDAP at some point as the rest 
of the world moves to RDAP. I already see ccTLDs Registries announce 
RDAP, go figure ;)

Would the above solve the issue? And yes I am aware that the above 
language cannot be added to the draft in its current state, but I am 
sure staff can come up with something workable here.

If the whole idea is plain silly, feel free to kick me under the table 
here.

Theo

More information about the Gnso-impl-thickwhois-rt mailing list