[Gnso-impl-thickwhois-rt] Additional triggers and privacy law
Chris Pelling
chris at netearth.net
Sun Jan 22 20:07:14 UTC 2017
Good evening all,
I tend to stand with Theo here - forcing (which this is) a registrar to break potential laws is unacceptable and will lead to prosecution of registrar, or worse, ICANN suspension and termination of the registrar - namely throwing the registrar under a bus.
The "you have to complete migration by X date", has so many "what if's" between now and that "X" date because law keeps changing. I do not see how we as an IRT can jeopardise a registrants rights.
I think Theo had a very good idea, Verisign running a Thin and Thick whois. Its not hard for them to achieve as simply if contacts exist show them at the whois.verisign-grs.com layer, if not, like now, they simply push it onto the registrars (in our case) whois.netearthone.com.
Yes Theo is completely correct in that the registrar has operating costs here, which they already have, and should/when RDAP comes into play potentially more costs, but these costs are easier to swallow than the cost of a lawsuit and fine from a local DPA which could run in $100,000's or millions of dollars.
ICANN also needs to consider their side of the table, should a registrar be terminated through this policy for not providing data to Verisign, will ICANN indemnify the gaining registrar of the data against any legal action from a DPA because of the migration of data to THICK - or - should ICANN simply indemnify the registrar now as it is forcing registrars through policy to break their local laws ?
Kind regards,
Chris
From: "theo geurts" <gtheo at xs4all.nl>
To: gnso-impl-thickwhois-rt at icann.org
Sent: Saturday, 21 January, 2017 19:30:06
Subject: [Gnso-impl-thickwhois-rt] Additional triggers and privacy law
Hello all,
I am not in favor in creating a "trigger" based on the data retention
waiver. First of all, that process was horrible and costly, and I can
only conclude that there still Registrars out there that started in
2013, still not have obtained a waiver in 2017.
We as an IRT concluded that it is up to the Registrars own due diligence
to determine if there is an issue with privacy laws.
The rationale behind that is/was simple:
2011, 76 countries having data privacy laws.
2016, 109 countries having privacy laws.
2017, 35 more countries are currently drafting privacy laws.
As mentioned before this is a moving target and not up to us to address.
That being said, the current solution when it comes to the migration and
issues with privacy law is not a solution. I appreciate the fact that
Verisign noted it during the comment period, but as several Registrars
has mentioned in the past, it is not a good solution.
After the latest GNSO meeting I hoped to see some progress on the WHOIS
IAG matter, but frankly, with the current speed, I am afraid that the
WHOIS IAG will be overtaken by stationary objects.
That either means there is a problem or there is not, and I would like
to get some input from the IRT on it.
If there is no problem, please provide me with some info on why it is
not an issue.
If it is an issue then how do we address it? We can't tell Registrars
you must migrate WHOIS data before X date and if there is a problem then
just break the law.
We also cannot create a situation that if a Registrar can not migrate
the data, run into compliance issues that might end up in
de-accreditation of that Registrar, I think we all agree that is just
plain silly and the wrong message.
My solution here would be, and it is not great, to be honest, that until
the matter can be resolved the Registry operator supports both thin and
thick whois registrations and shall carry the burden for both systems.
The Registrar might also carry a burden here. As they might come into a
situation, they are forced to implement RDAP at some point as the rest
of the world moves to RDAP. I already see ccTLDs Registries announce
RDAP, go figure ;)
Would the above solve the issue? And yes I am aware that the above
language cannot be added to the draft in its current state, but I am
sure staff can come up with something workable here.
If the whole idea is plain silly, feel free to kick me under the table
here.
Theo
_______________________________________________
Gnso-impl-thickwhois-rt mailing list
Gnso-impl-thickwhois-rt at icann.org
https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20170122/b1945f01/attachment.html>
More information about the Gnso-impl-thickwhois-rt
mailing list