[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data

Thu Apr 27 19:25:52 UTC 2017

I'm not trying to be rude, i'm trying to explain that our normal use cases
are chronically not well understood.

On Thu, Apr 27, 2017 at 3:24 PM, theo geurts <gtheo at xs4all.nl> wrote:

> Please remove me from this WG.
>
> Thanks,
>
> Theo
> On 27-4-2017 21:21, allison nixon wrote:
>
> I fail to see anything appealing in this future scenario. Was this meant
> to be appealing?
>
> Sharing whois info is also a vital part of legitimate use of whois. Not
> only the company's whois info, but even the owners' personal sites and
> their whois info.
>
> On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <gtheo at xs4all.nl> wrote:
>
>> Hi John,
>>
>> Let's use this solution to explore and let me put you on the spot in this
>> exercise ;)
>>
>> Now I am going to modify your example and focus on RDS with gated access.
>> In this scenario, all info is available worldwide with the exception of
>> EU Registrants that are not a company. This access is restricted and
>> requires gated access.
>>
>> The first thing that will happen is a rise of EU registrants with Rogue
>> Pharmacies how will enjoy the protection of gated access for the wrong
>> reasons in my opinion.
>>
>> What is the solution?
>> LegitScript, and I suggest others will have a good look at Article 40
>> (code of conduct) of the GDPR.
>> After you and others went through this process, you almost have gated
>> access.
>>
>> The only barrier left is Privacy Shield certification and its key
>> requirements.
>> https://www.privacyshield.gov/Key-New-Requirements
>>
>> Congrats! You are all set and done, welcome to the gated access!
>>
>> Sure you have to comply with a set of rules and regulations, but access
>> is there.
>>
>> Of course, you will have to stop showing full WHOIS info like for
>> pharmacy-xl.com also, and you cannot push the data to other companies
>> without consent from the data subject, after all, you got a subsidiary
>> company located in Dublin and you do not want to end up with a 20 million
>> Euro fine.
>>
>> Best regards,
>>
>> Theo
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Well, on that note, let me propose a solution to consider.
>>
>> Volker and others have pointed out that the EU has some legal requirements
>> pertaining to privacy. As far as I can tell, these generally don't exist
>> elsewhere. (That's not to say "nowhere," but it's the exception, not the
>> rule.) Let's stipulate, for the sake of argument, that registrars in those
>> countries have to adhere to those laws. However, the purpose of privacy
>> laws in Germany, France or Sweden are to protect the citizens of those
>> countries -- not registrants in other countries.
>>
>> As a trade-off, it seems reasonable to me to explore a solution where EU
>> registrars agree to forego accepting domain name registrations from
>> outside
>> their own jurisdiction. We can then have a bi-furcated system -- this
>> should only apply to registrants using the domain name for non-commercial
>> reasons, by the way, since the privacy laws only apply to individuals, not
>> corporations -- where, say, a German citizen can register with Key-Systems
>> (for example) and enjoy whatever data protections Key-Systems feels that
>> it
>> needs to implement. (Volker, I'm not picking on you here, I'm just using
>> you as an EU-based example.) It's incredibly easy to implement
>> technically:
>> just restrict the available countries in the drop-down menu during
>> registration to a single country.
>>
>> After all, as a US citizen, why should I -- or a Chinese citizen, or a
>> Brazilian citizen -- have the right to avail myself of the privacy
>> protections afforded by the German government to German citizens? Those
>> aren't meant for me.
>>
>> And, after all, why should privacy protections that apply to a minority of
>> the world's population force a global change everywhere?
>>
>> I'd be interested to hear from registrars whether, in exchange for being
>> able to implement rigorous privacy protections for domain names used for
>> non-commercial purposes, they would be willing to forego accepting
>> registrations from outside of their own jurisdiction (or, perhaps, the
>> EU).
>> This would allow Volker and others to comply with their own laws but in a
>> minimally disruptive way.
>>
>> John Horton
>> President and CEO, LegitScript
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
>
>

-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/8746f9fe/attachment.html>