[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data

theo geurts gtheo at xs4all.nl
Thu Apr 27 19:24:41 UTC 2017 

Please remove me from this WG.

Thanks,

Theo

On 27-4-2017 21:21, allison nixon wrote:
> I fail to see anything appealing in this future scenario. Was this 
> meant to be appealing?
>
> Sharing whois info is also a vital part of legitimate use of whois. 
> Not only the company's whois info, but even the owners' personal sites 
> and their whois info.
>
> On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <gtheo at xs4all.nl 
> <mailto:gtheo at xs4all.nl>> wrote:
>
>     Hi John,
>
>     Let's use this solution to explore and let me put you on the spot
>     in this exercise ;)
>
>     Now I am going to modify your example and focus on RDS with gated
>     access.
>     In this scenario, all info is available worldwide with the
>     exception of EU Registrants that are not a company. This access is
>     restricted and requires gated access.
>
>     The first thing that will happen is a rise of EU registrants with
>     Rogue Pharmacies how will enjoy the protection of gated access for
>     the wrong reasons in my opinion.
>
>     What is the solution?
>     LegitScript, and I suggest others will have a good look at Article
>     40 (code of conduct) of the GDPR.
>     After you and others went through this process, you almost have
>     gated access.
>
>     The only barrier left is Privacy Shield certification and its key
>     requirements.
>     https://www.privacyshield.gov/Key-New-Requirements
>     <https://www.privacyshield.gov/Key-New-Requirements>
>
>     Congrats! You are all set and done, welcome to the gated access!
>
>     Sure you have to comply with a set of rules and regulations, but
>     access is there.
>
>     Of course, you will have to stop showing full WHOIS info like for
>     pharmacy-xl.com <http://pharmacy-xl.com> also, and you cannot push
>     the data to other companies without consent from the data subject,
>     after all, you got a subsidiary company located in Dublin and you
>     do not want to end up with a 20 million Euro fine.
>
>     Best regards,
>
>     Theo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>     Well, on that note, let me propose a solution to consider.
>
>     Volker and others have pointed out that the EU has some legal
>     requirements
>     pertaining to privacy. As far as I can tell, these generally don't
>     exist
>     elsewhere. (That's not to say "nowhere," but it's the exception,
>     not the
>     rule.) Let's stipulate, for the sake of argument, that registrars
>     in those
>     countries have to adhere to those laws. However, the purpose of
>     privacy
>     laws in Germany, France or Sweden are to protect the citizens of those
>     countries -- not registrants in other countries.
>
>     As a trade-off, it seems reasonable to me to explore a solution
>     where EU
>     registrars agree to forego accepting domain name registrations
>     from outside
>     their own jurisdiction. We can then have a bi-furcated system -- this
>     should only apply to registrants using the domain name for
>     non-commercial
>     reasons, by the way, since the privacy laws only apply to
>     individuals, not
>     corporations -- where, say, a German citizen can register with
>     Key-Systems
>     (for example) and enjoy whatever data protections Key-Systems
>     feels that it
>     needs to implement. (Volker, I'm not picking on you here, I'm just
>     using
>     you as an EU-based example.) It's incredibly easy to implement
>     technically:
>     just restrict the available countries in the drop-down menu during
>     registration to a single country.
>
>     After all, as a US citizen, why should I -- or a Chinese citizen, or a
>     Brazilian citizen -- have the right to avail myself of the privacy
>     protections afforded by the German government to German citizens?
>     Those
>     aren't meant for me.
>
>     And, after all, why should privacy protections that apply to a
>     minority of
>     the world's population force a global change everywhere?
>
>     I'd be interested to hear from registrars whether, in exchange for
>     being
>     able to implement rigorous privacy protections for domain names
>     used for
>     non-commercial purposes, they would be willing to forego accepting
>     registrations from outside of their own jurisdiction (or, perhaps,
>     the EU).
>     This would allow Volker and others to comply with their own laws
>     but in a
>     minimally disruptive way.
>
>     John Horton
>     President and CEO, LegitScript
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>     _______________________________________________
>
>     gnso-rds-pdp-wg mailing list
>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>     <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
> -- 
> _________________________________
> Note to self: Pillage BEFORE burning.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/9c87fa32/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list