[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data

John Bambenek jcb at bambenekconsulting.com
Thu Apr 27 21:18:59 UTC 2017 

Much of that sharing would take place under "threat sharing" regimes,
many of which are still being formulated but that policy work is
explicitly designed to make sure such sharing is legal everywhere it is
being considered.


On 4/27/2017 4:16 PM, Ayden Férdeline wrote:
> I appreciate that you consider “Sharing whois info [to be] a vital
> part of legitimate use of whois”, but if sharing such information
> would not comply with applicable laws, it is not something that this
> Working Group can condone, in my view. Also, I am not a lawyer, but I
> believe “vital” interests are separately defined at least within the
> context of the GDPR and are very limited in scope.
>
> - Ayden 
>
>
>> -------- Original Message --------
>> Subject: Re: [gnso-rds-pdp-wg] international law enforcement
>> association resolution regarding domain registration data
>> Local Time: 27 April 2017 8:21 PM
>> UTC Time: 27 April 2017 19:21
>> From: elsakoo at gmail.com
>> To: theo geurts <gtheo at xs4all.nl>
>> RDS PDP WG <gnso-rds-pdp-wg at icann.org>
>>
>> I fail to see anything appealing in this future scenario. Was this
>> meant to be appealing?
>>
>> Sharing whois info is also a vital part of legitimate use of whois.
>> Not only the company's whois info, but even the owners' personal
>> sites and their whois info.
>>
>> On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <gtheo at xs4all.nl
>> <mailto:gtheo at xs4all.nl>> wrote:
>>
>>     Hi John,
>>
>>     Let's use this solution to explore and let me put you on the spot
>>     in this exercise ;)
>>
>>     Now I am going to modify your example and focus on RDS with gated
>>     access.
>>     In this scenario, all info is available worldwide with the
>>     exception of EU Registrants that are not a company. This access
>>     is restricted and requires gated access.
>>
>>     The first thing that will happen is a rise of EU registrants with
>>     Rogue Pharmacies how will enjoy the protection of gated access
>>     for the wrong reasons in my opinion.
>>
>>     What is the solution?
>>     LegitScript, and I suggest others will have a good look at
>>     Article 40 (code of conduct) of the GDPR.
>>     After you and others went through this process, you almost have
>>     gated access.
>>
>>     The only barrier left is Privacy Shield certification and its key
>>     requirements.
>>     https://www.privacyshield.gov/Key-New-Requirements
>>     <https://www.privacyshield.gov/Key-New-Requirements>
>>
>>     Congrats! You are all set and done, welcome to the gated access!
>>
>>     Sure you have to comply with a set of rules and regulations, but
>>     access is there.
>>
>>     Of course, you will have to stop showing full WHOIS info like for
>>     pharmacy-xl.com <http://pharmacy-xl.com> also, and you cannot
>>     push the data to other companies without consent from the data
>>     subject, after all, you got a subsidiary company located in
>>     Dublin and you do not want to end up with a 20 million Euro fine.
>>
>>     Best regards,
>>
>>     Theo
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>     Well, on that note, let me propose a solution to consider.
>>
>>     Volker and others have pointed out that the EU has some legal
>>     requirements
>>     pertaining to privacy. As far as I can tell, these generally
>>     don't exist
>>     elsewhere. (That's not to say "nowhere," but it's the exception,
>>     not the
>>     rule.) Let's stipulate, for the sake of argument, that registrars
>>     in those
>>     countries have to adhere to those laws. However, the purpose of
>>     privacy
>>     laws in Germany, France or Sweden are to protect the citizens of
>>     those
>>     countries -- not registrants in other countries.
>>
>>     As a trade-off, it seems reasonable to me to explore a solution
>>     where EU
>>     registrars agree to forego accepting domain name registrations
>>     from outside
>>     their own jurisdiction. We can then have a bi-furcated system -- this
>>     should only apply to registrants using the domain name for
>>     non-commercial
>>     reasons, by the way, since the privacy laws only apply to
>>     individuals, not
>>     corporations -- where, say, a German citizen can register with
>>     Key-Systems
>>     (for example) and enjoy whatever data protections Key-Systems
>>     feels that it
>>     needs to implement. (Volker, I'm not picking on you here, I'm
>>     just using
>>     you as an EU-based example.) It's incredibly easy to implement
>>     technically:
>>     just restrict the available countries in the drop-down menu during
>>     registration to a single country.
>>
>>     After all, as a US citizen, why should I -- or a Chinese citizen,
>>     or a
>>     Brazilian citizen -- have the right to avail myself of the privacy
>>     protections afforded by the German government to German citizens?
>>     Those
>>     aren't meant for me.
>>
>>     And, after all, why should privacy protections that apply to a
>>     minority of
>>     the world's population force a global change everywhere?
>>
>>     I'd be interested to hear from registrars whether, in exchange
>>     for being
>>     able to implement rigorous privacy protections for domain names
>>     used for
>>     non-commercial purposes, they would be willing to forego accepting
>>     registrations from outside of their own jurisdiction (or,
>>     perhaps, the EU).
>>     This would allow Volker and others to comply with their own laws
>>     but in a
>>     minimally disruptive way.
>>
>>     John Horton
>>     President and CEO, LegitScript
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>     _______________________________________________
>>
>>     gnso-rds-pdp-wg mailing list
>>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>     <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>>
>>
>> -- 
>> _________________________________
>> Note to self: Pillage BEFORE burning.
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170427/6ee8fda3/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list