[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data

Fri Apr 28 02:54:27 UTC 2017

Aside of fake data, if whois privacy was free it is more analogous than it seems. But the point was more that there are ways to collect and process data available to everyone. 

Sent from my iPhone

> On Apr 27, 2017, at 21:47, Rob Golding <rob.golding at astutium.com> wrote:
> 
> As to the "twitter" comparison ...
> 
> A business/individual _chooses_ what information to be shown on their twitter profile (and presumably does so in order for it to be "public"), can update it at any time, is able to use parody details should they so choose, and can remove/revoke it at any point that they choose to do so - whilst there are some similarities, it's not equivalent to whois
> 
>> And if someone spent time digitizing every edition of a specific phone
>> book, we very easily could have history of phone numbers of those
>> listed there.
> 
> Use of the UK telephone directory is subject to contract, which specifically precludes the storage/distribution of the data, doing anything with it in bulk, any use of the data for marketing, etc
> 
> Companies that had transcribed it all and were selling it on CDs over 20 years ago were being fined and in some cases the directors personally fined
> 
> In more recent times, there are regular and significant fines charged to organisations who cold-call numbers in the "phone book" (or however obtained) where the owner of that number has not given consent for commercial use (or more specifically registered to opt-out)
> 
> Selling "harvested" data in the UK can get you a fine of upto 500k. Hundreds of such fines are handed out every year.
> 
> Commercially using harvested data can also get you fined by the ICO, as well as by the regulator for that specific industry, involve the forced closure of the business concerned, and lead to prosecution of the directors.
> 
> For example
> https://www.claimsregulation.gov.uk/details.aspx/11168/Zahier_Hussain/
> licence revoked, director fined 850k, company banned from access to the uk telephone networks
> - for "PPI claims marketing" to people who had not given consent to be called, on numbers harvested/bought
> 
> Organisations are being fined for sending text messages _to their existing clients_ if consent has not previously been explicitly obtained (and just giving a company your mobile number is NOT consent).
> 
> It is illegal to make a sales call to a person on the TPS or a company on the CTPS
> It is illegal to send sales literature if they're on the MPS
> It is illegal to send an unsolicited fax if they're on the FPS
> 
> So it's not just use of "personal data", it's "use of data for a purpose the data-subject does not approve, prior to it's use"
> 
>>> Likewise, I cannot go to a website, enter a
>>> vehicle’s license plate, and see the owner’s name, address, and
>>> phone number.
> 
> In the UK you can get the keepers' name and some basic details about the vehicle, but it's a chargeable service. There are a number of 'gateways' that provide access to the data, and the use is logged, and the owner can get the details of the search.
> 
> Access to the address information (phone no is not collected and so not available) is restricted to specific law-enforcement departments, related industries like vehicle insurance (who pay for access), the courts etc
> 
> So it's multi-level gated access, the costs of access/use is charged to the requester (not the data-collector and certainly not the data-subject), all queries are logged, and those logs can and are made available.
> 
> Perhaps something we can use as a model ?
> 
> I'd have less objections to my data being in an RDS if I got paid everytime it was looked at, and I could obtain the details of those looking at it - equality in transparancy !
> 
> 
> Rob
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg