[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data
Rob Golding
rob.golding at astutium.com
Fri Apr 28 02:47:17 UTC 2017
As to the "twitter" comparison ...
A business/individual _chooses_ what information to be shown on their
twitter profile (and presumably does so in order for it to be "public"),
can update it at any time, is able to use parody details should they so
choose, and can remove/revoke it at any point that they choose to do so
- whilst there are some similarities, it's not equivalent to whois
> And if someone spent time digitizing every edition of a specific phone
> book, we very easily could have history of phone numbers of those
> listed there.
Use of the UK telephone directory is subject to contract, which
specifically precludes the storage/distribution of the data, doing
anything with it in bulk, any use of the data for marketing, etc
Companies that had transcribed it all and were selling it on CDs over 20
years ago were being fined and in some cases the directors personally
fined
In more recent times, there are regular and significant fines charged to
organisations who cold-call numbers in the "phone book" (or however
obtained) where the owner of that number has not given consent for
commercial use (or more specifically registered to opt-out)
Selling "harvested" data in the UK can get you a fine of upto 500k.
Hundreds of such fines are handed out every year.
Commercially using harvested data can also get you fined by the ICO, as
well as by the regulator for that specific industry, involve the forced
closure of the business concerned, and lead to prosecution of the
directors.
For example
https://www.claimsregulation.gov.uk/details.aspx/11168/Zahier_Hussain/
licence revoked, director fined 850k, company banned from access to the
uk telephone networks
- for "PPI claims marketing" to people who had not given consent to be
called, on numbers harvested/bought
Organisations are being fined for sending text messages _to their
existing clients_ if consent has not previously been explicitly obtained
(and just giving a company your mobile number is NOT consent).
It is illegal to make a sales call to a person on the TPS or a company
on the CTPS
It is illegal to send sales literature if they're on the MPS
It is illegal to send an unsolicited fax if they're on the FPS
So it's not just use of "personal data", it's "use of data for a purpose
the data-subject does not approve, prior to it's use"
>> Likewise, I cannot go to a website, enter a
>> vehicle’s license plate, and see the owner’s name, address, and
>> phone number.
In the UK you can get the keepers' name and some basic details about the
vehicle, but it's a chargeable service. There are a number of 'gateways'
that provide access to the data, and the use is logged, and the owner
can get the details of the search.
Access to the address information (phone no is not collected and so not
available) is restricted to specific law-enforcement departments,
related industries like vehicle insurance (who pay for access), the
courts etc
So it's multi-level gated access, the costs of access/use is charged to
the requester (not the data-collector and certainly not the
data-subject), all queries are logged, and those logs can and are made
available.
Perhaps something we can use as a model ?
I'd have less objections to my data being in an RDS if I got paid
everytime it was looked at, and I could obtain the details of those
looking at it - equality in transparancy !
Rob
More information about the gnso-rds-pdp-wg
mailing list