[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data
theo geurts
gtheo at xs4all.nl
Thu Apr 27 19:24:41 UTC 2017
Please remove me from this WG.
Thanks,
Theo
On 27-4-2017 21:21, allison nixon wrote:
> I fail to see anything appealing in this future scenario. Was this
> meant to be appealing?
>
> Sharing whois info is also a vital part of legitimate use of whois.
> Not only the company's whois info, but even the owners' personal sites
> and their whois info.
>
> On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <gtheo at xs4all.nl
> <mailto:gtheo at xs4all.nl>> wrote:
>
> Hi John,
>
> Let's use this solution to explore and let me put you on the spot
> in this exercise ;)
>
> Now I am going to modify your example and focus on RDS with gated
> access.
> In this scenario, all info is available worldwide with the
> exception of EU Registrants that are not a company. This access is
> restricted and requires gated access.
>
> The first thing that will happen is a rise of EU registrants with
> Rogue Pharmacies how will enjoy the protection of gated access for
> the wrong reasons in my opinion.
>
> What is the solution?
> LegitScript, and I suggest others will have a good look at Article
> 40 (code of conduct) of the GDPR.
> After you and others went through this process, you almost have
> gated access.
>
> The only barrier left is Privacy Shield certification and its key
> requirements.
> https://www.privacyshield.gov/Key-New-Requirements
> <https://www.privacyshield.gov/Key-New-Requirements>
>
> Congrats! You are all set and done, welcome to the gated access!
>
> Sure you have to comply with a set of rules and regulations, but
> access is there.
>
> Of course, you will have to stop showing full WHOIS info like for
> pharmacy-xl.com <http://pharmacy-xl.com> also, and you cannot push
> the data to other companies without consent from the data subject,
> after all, you got a subsidiary company located in Dublin and you
> do not want to end up with a 20 million Euro fine.
>
> Best regards,
>
> Theo
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Well, on that note, let me propose a solution to consider.
>
> Volker and others have pointed out that the EU has some legal
> requirements
> pertaining to privacy. As far as I can tell, these generally don't
> exist
> elsewhere. (That's not to say "nowhere," but it's the exception,
> not the
> rule.) Let's stipulate, for the sake of argument, that registrars
> in those
> countries have to adhere to those laws. However, the purpose of
> privacy
> laws in Germany, France or Sweden are to protect the citizens of those
> countries -- not registrants in other countries.
>
> As a trade-off, it seems reasonable to me to explore a solution
> where EU
> registrars agree to forego accepting domain name registrations
> from outside
> their own jurisdiction. We can then have a bi-furcated system -- this
> should only apply to registrants using the domain name for
> non-commercial
> reasons, by the way, since the privacy laws only apply to
> individuals, not
> corporations -- where, say, a German citizen can register with
> Key-Systems
> (for example) and enjoy whatever data protections Key-Systems
> feels that it
> needs to implement. (Volker, I'm not picking on you here, I'm just
> using
> you as an EU-based example.) It's incredibly easy to implement
> technically:
> just restrict the available countries in the drop-down menu during
> registration to a single country.
>
> After all, as a US citizen, why should I -- or a Chinese citizen, or a
> Brazilian citizen -- have the right to avail myself of the privacy
> protections afforded by the German government to German citizens?
> Those
> aren't meant for me.
>
> And, after all, why should privacy protections that apply to a
> minority of
> the world's population force a global change everywhere?
>
> I'd be interested to hear from registrars whether, in exchange for
> being
> able to implement rigorous privacy protections for domain names
> used for
> non-commercial purposes, they would be willing to forego accepting
> registrations from outside of their own jurisdiction (or, perhaps,
> the EU).
> This would allow Volker and others to comply with their own laws
> but in a
> minimally disruptive way.
>
> John Horton
> President and CEO, LegitScript
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/9c87fa32/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list