[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data

Thu Apr 27 21:16:52 UTC 2017

I appreciate that you consider “Sharing whois info [to be] a vital part of legitimate use of whois”, but if sharing such information would not comply with applicable laws, it is not something that this Working Group can condone, in my view. Also, I am not a lawyer, but I believe “vital” interests are separately defined at least within the context of the GDPR and are very limited in scope.

- Ayden

-------- Original Message --------
Subject: Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data
Local Time: 27 April 2017 8:21 PM
UTC Time: 27 April 2017 19:21
From: elsakoo at gmail.com
To: theo geurts <gtheo at xs4all.nl>
RDS PDP WG <gnso-rds-pdp-wg at icann.org>

I fail to see anything appealing in this future scenario. Was this meant to be appealing?

Sharing whois info is also a vital part of legitimate use of whois. Not only the company's whois info, but even the owners' personal sites and their whois info.

On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <gtheo at xs4all.nl> wrote:
Hi John,

Let's use this solution to explore and let me put you on the spot in this exercise ;)

Now I am going to modify your example and focus on RDS with gated access.
In this scenario, all info is available worldwide with the exception of EU Registrants that are not a company. This access is restricted and requires gated access.

The first thing that will happen is a rise of EU registrants with Rogue Pharmacies how will enjoy the protection of gated access for the wrong reasons in my opinion.

What is the solution?
LegitScript, and I suggest others will have a good look at Article 40 (code of conduct) of the GDPR.
After you and others went through this process, you almost have gated access.

The only barrier left is Privacy Shield certification and its key requirements.
https://www.privacyshield.gov/Key-New-Requirements

Congrats! You are all set and done, welcome to the gated access!

Sure you have to comply with a set of rules and regulations, but access is there.

Of course, you will have to stop showing full WHOIS info like for pharmacy-xl.com also, and you cannot push the data to other companies without consent from the data subject, after all, you got a subsidiary company located in Dublin and you do not want to end up with a 20 million Euro fine.

Best regards,

Theo

Well, on that note, let me propose a solution to consider.

Volker and others have pointed out that the EU has some legal requirements
pertaining to privacy. As far as I can tell, these generally don't exist
elsewhere. (That's not to say "nowhere," but it's the exception, not the
rule.) Let's stipulate, for the sake of argument, that registrars in those
countries have to adhere to those laws. However, the purpose of privacy
laws in Germany, France or Sweden are to protect the citizens of those
countries -- not registrants in other countries.

As a trade-off, it seems reasonable to me to explore a solution where EU
registrars agree to forego accepting domain name registrations from outside
their own jurisdiction. We can then have a bi-furcated system -- this
should only apply to registrants using the domain name for non-commercial
reasons, by the way, since the privacy laws only apply to individuals, not
corporations -- where, say, a German citizen can register with Key-Systems
(for example) and enjoy whatever data protections Key-Systems feels that it
needs to implement. (Volker, I'm not picking on you here, I'm just using
you as an EU-based example.) It's incredibly easy to implement technically:
just restrict the available countries in the drop-down menu during
registration to a single country.

After all, as a US citizen, why should I -- or a Chinese citizen, or a
Brazilian citizen -- have the right to avail myself of the privacy
protections afforded by the German government to German citizens? Those
aren't meant for me.

And, after all, why should privacy protections that apply to a minority of
the world's population force a global change everywhere?

I'd be interested to hear from registrars whether, in exchange for being
able to implement rigorous privacy protections for domain names used for
non-commercial purposes, they would be willing to forego accepting
registrations from outside of their own jurisdiction (or, perhaps, the EU).
This would allow Volker and others to comply with their own laws but in a
minimally disruptive way.

John Horton
President and CEO, LegitScript

_______________________________________________

gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

--

_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/304afacc/attachment.html>