[gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose

Holly Raiche h.raiche at internode.on.net
Wed Jan 25 20:05:57 UTC 2017 

Both Michele and Stephanie are right.

The EU’s (and EC’s) words concern information ‘that relates to’.  This is broader than the usual phrase in many data protection jurisdictions - 'information about' - the later being data that is clearly about an individual.  But in a world where bits of data variously gathered can form a very complete picture of an individual, the European view is increasingly more relevant.

That said, basic data protection law recognises that the collection of information that is about and relates to individuals is necessary for the vast array of purposes of agencies, corporations, etc. do.  So the principle behind the collection of any data is to ask whether it is necessary to collect that information to accomplish what the agency, corporation etc actually (and legitimately) does. (and that also goes to the point Jim is making) So yes, we do have to ask about the collection of information that relates to individuals - in the context of what agencies/governments/corporations etc actually (and legitimately) do.

But, as Michele keeps pointing out, we are talking about thin data here.  And if you look at the list of data that is collected,it is collected to achieve the purposes of being a registrar or registry. At the end of the day, there will be collection of data that relates to individuals so that the processes of domain name acquisition, handling, transfer etc, etc. can occur.

Holly


On 26 Jan 2017, at 6:40 am, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca> wrote:

> Unfortunately, in a world where the Internet of things is taking off, privacy advocates and authorities have to insist that data generated by or as a result of the actions of an individual or his devices(eg metadata, timestamping, etc) has to be considered as personal information.  If it is used to describe processes pertaining to that information, if it could be used to incriminate that individual, it is important that it be recognized as information for which individuals have rights.  Otherwise, we have a situation where the individual has no right to access information that may impact him, may incriminate him, but to which he may be utterly oblivious.  Sorry it is such a pain in the neck, but there we are.
> 
> Stephanie
> 
> 
> On 2017-01-25 12:32, Michele Neylon - Blacknight wrote:
>> Scott
>>  
>> Sure, but if we go down that route we could make cases for a lot of things J
>> My main problem with this entire debacle is that the data we’re dealing with is pretty much useless and isn’t personally identifiable.
>>  
>> Regards
>>  
>> Michele
>>  
>>  
>> --
>> Mr Michele Neylon
>> Blacknight Solutions
>> Hosting, Colocation & Domains
>> https://www.blacknight.com/
>> http://blacknight.blog/
>> Intl. +353 (0) 59  9183072
>> Direct Dial: +353 (0)59 9183090
>> Social: http://mneylon.social
>> Some thoughts: http://ceo.hosting/
>> -------------------------------
>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>>  
>> From: Scott Hollenbeck <shollenbeck at verisign.com>
>> Date: Wednesday 25 January 2017 at 17:15
>> To: Michele Neylon <michele at blacknight.com>, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>, Sam Lanfranco <sam at lanfranco.net>, "dave at davecake.net" <dave at davecake.net>
>> Cc: "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
>> Subject: RE: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>>  
>> From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Michele Neylon - Blacknight
>> Sent: Wednesday, January 25, 2017 12:09 PM
>> To: Stephanie Perrin; Sam Lanfranco; David Cake
>> Cc: gnso-rds-pdp-wg at icann.org
>> Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>>  
>> Stephanie
>>  
>> Sorry, but policy + the technology go hand in hand. You cannot completely separate them and any policy that this (or any other) group produces needs to be technically possible to implement.
>>  
>> As to the specifics ..
>>  
>> I would argue that generated data is NOT collected, as it’s generated.
>>  
>> If you register stephanieperrin.com with us the only elements we are “collecting” that end up in in the “thin” data are:
>> the domain name string
>> the nameservers you’re using (and if you don’t specify any we’ll use our own)
>> All the other elements are NOT collected by the registrar or even the registry from the registrant, they are generated as part of the process of the domain being registered.
>>  
>> [SAH] Michele, some might argue that the registration period is also collected from the registrant and is then used to generate the expiration date at the registry. A case might also be made for status values like clientTransferProhibited etc. I agree completely that generated data is just that – generated.
>>  
>> Scott
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170126/0a278f67/attachment.html>

More information about the gnso-rds-pdp-wg mailing list