[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access
Volker Greimann
vgreimann at key-systems.net
Wed May 31 14:39:14 UTC 2017
+1
Am 31.05.2017 um 16:29 schrieb Michele Neylon - Blacknight:
>
> Paul
>
> You can disagree with me as much as you like, but the courts and DPAs
> have ruled on this multiple times eg.
>
> http://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704
>
> Data is PII whether it’s disclosed or not:
>
> https://www.dataprotection.ie/docs/What-is-Personal-Data/210.htm
>
> Disclosure isn’t the issue, it’s the collection of data that can be
> linked to an individual that is.
>
> In either case I never said IP addresses were always PII, which is why
> I wouldn’t consider nameservers or web server IPs to be PII.
>
> I also never said that I considered anything in thin data to be PII.
>
> Regards
>
> Michele
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/
>
> http://blacknight.blog/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/
>
> Some thoughts: https://ceo.hosting/
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
> *From: *Paul Keating <paul at law.es>
> *Date: *Wednesday 31 May 2017 at 15:16
> *To: *Michele Neylon <michele at blacknight.com>
> *Cc: *John Bambenek <jcb at bambenekconsulting.com>,
> "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
> *Subject: *Re: [gnso-rds-pdp-wg] Principle on Proportionality for
> "Thin Data"access
>
> Michele
>
> I would disagree an up address is a location only. Just like 123
> Starbucks lane. It "could" only become Personally protected data if it
> were disclosed in a manner linking it to you. Absent that it is just
> a number.
>
> However I don't know of any element in thin data that would provide
> such a link.
>
> Sincerely,
>
> Paul Keating, Esq.
>
>
> On May 31, 2017, at 4:08 PM, Michele Neylon - Blacknight
> <michele at blacknight.com <mailto:michele at blacknight.com>> wrote:
>
> The PII is when the IP is for an end user eg. my home broadband IP
> address is PII
>
> A nameserver or web server IP address wouldn’t be PII
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/
>
> http://blacknight.blog/
>
> Intl. +353 (0) 59 9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/
>
> Some thoughts: https://ceo.hosting/
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>
> *From: *<gnso-rds-pdp-wg-bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of John
> Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>>
> *Reply-To: *John Bambenek <jcb at bambenekconsulting.com
> <mailto:jcb at bambenekconsulting.com>>
> *Date: *Wednesday 31 May 2017 at 14:40
> *To: *Paul Keating <paul at law.es <mailto:paul at law.es>>
> *Cc: *"gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>>
> *Subject: *Re: [gnso-rds-pdp-wg] Principle on Proportionality for
> "Thin Data"access
>
> See the link I published earlier. Not IPs generally but IPs in
> certain circumstances can be, yes.
>
> Sent from my iPhone
>
>
> On May 31, 2017, at 08:38, Paul Keating <paul at law.es
> <mailto:paul at law.es>> wrote:
>
> See: recent Europrean court decisions on IP addresses as PII.
>
> Can you please provide the citations? I a-m not aware of any
> court decision issuingsuch a broad ruling.
>
> Thanks,
>
> Paul
>
> Sent from my iPad
>
>
> On 31 May 2017, at 12:20, Volker Greimann
> <vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>>
> wrote:
>
> In some cases the ability to use data set A in combination
> with data set B to enable one to identify an individual
> turns data set A into PII.
>
> See: recent Europrean court decisions on IP addresses as PII.
>
> I am with you in viewing thin data as rather unlikely to
> be defined as PII, but depending on how this data is used
> it is not inconceivable that it may be found to contain
> PII depending on the use. Unlikely, but not impossible.
>
> Volker
>
> Am 30.05.2017 um 23:40 schrieb Paul Keating:
>
> Im sorry but i don't see the logic here (or the legal
> constraint)
>
> Privacy laws protect personal data of INDIVIDUALS.
> They do t protect non-personal data or data from
> non-individuals.
>
> Nothing on the list below is personal data. And no e
> of the principles given by Natalie apply.
>
> The fact that i could use the data to obtain other
> data is irrelevant. I can use a car to rob a bank but
> that itself is not a reason to restrict access to
> automobiles.
>
> Me thinks you are trying to create a scarcity for some
> reason.
>
> Sent from my iPad
>
>
> On 30 May 2017, at 23:22, Chris Pelling
> <chris at netearth.net <mailto:chris at netearth.net>> wrote:
>
> ok - a thought :
>
> Thin data includes nameservers, being able to
> *_mass_* collect thin data gaining NS information
> then allows you to do a DIG of a SOA record on the
> DNS service to gain the email address of the
> hostmaster :
>
> Some examples (radomly picked from the list) :
>
> gmail.com <http://gmail.com> :
>
> SOA ns1.google.com <http://ns1.google.com>.
> dns-admin.google.com
> <http://dns-admin.google.com>. 157458041 900 900
> 1800 60
> netearthone.com <http://netearthone.com>
>
> SOA ns1.netearth.net <http://ns1.netearth.net>.
> root.netearthone.com
> <http://root.netearthone.com>. 2016090201 14400
> 3600 1209600 86400
>
> law.es <http://law.es>
>
> SOA ns1.eurodns.com <http://ns1.eurodns.com>.
> hostmaster.eurodns.com
> <http://hostmaster.eurodns.com>. 2016061402 43200
> 7200 1209600 86400
>
> riskiq.net <http://riskiq.net>
>
> SOA ns-1754.awsdns-27.co.uk
> <http://ns-1754.awsdns-27.co.uk>.
> awsdns-hostmaster.amazon.com
> <http://awsdns-hostmaster.amazon.com>. 1 7200 900
> 1209600 86400
>
> Now as you can see - those above examples allow
> you to get (or build) an email list. Most will
> normally point to the providers service, but, some
> that are DIY'ing their hosting, it might not be.
>
> Kind regards,
>
> Chris
>
> ------------------------------------------------------------------------
>
> *From: *"allison nixon" <elsakoo at gmail.com
> <mailto:elsakoo at gmail.com>>
> *To: *"nathalie coupet" <nathaliecoupet at yahoo.com
> <mailto:nathaliecoupet at yahoo.com>>
> *Cc: *"gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>>
> *Sent: *Tuesday, 30 May, 2017 21:52:32
> *Subject: *Re: [gnso-rds-pdp-wg] Principle on
> Proportionality for "Thin Data"access
>
> so can you name one specific example of how
> someone could abuse thin data?
>
> On Tue, May 30, 2017 at 4:50 PM, nathalie coupet
> via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>
> *Abuse* is the improper usage or treatment of
> an entity
> <https://en.wikipedia.org/wiki/Entity>, often
> to unfairly
> <https://en.wikipedia.org/wiki/Distributive_justice> or
> improperly gain benefit. In our context, abuse
> is the improper usage of WHOIS/RDS to unfairly
> or improperly gain access to information or to
> game the system.
>
> Here are some of the overarching principles
> which should guide us when building RDS:
>
> DATA LIFECYCLE PRIVACY PRINCIPLE
> PROTECTION MEASURE
>
> Collection Proportionality and purpose
> specification Data
> minimisation, Data quality
>
> Storage Accountability, Security measures,
> Sensitive data Confidentiality, Encryption,
> Pseudonomisation
>
> Sharing and processing Lawfulness and
> fairness, Consent, Right of access Data
> access control, Data leakage prevention
>
> Deletion Openness, Right to erasure
> Retention, Archival, Erasure
>
>
>
>
>
>
>
> If such principles are not respected, ICANN
> will be liable. Consumers don't need to have
> all the thin data when making a query. This
> could protect them and enable them to have
> access to the RDS without raising much
> opposition.
>
>
>
>
> Now, we could discuss the possibility for
> broader query types. These principles would
> still apply, but would be contextualized in
> order to take into account new sets of
> parameters for each broader query. By
> increasing granularity as much as possible,
> while applying these aformentioned principles,
> we just might find a way to accomodate everyone.
>
> Nathalie
>
> On Tuesday, May 30, 2017 4:00 PM, John Horton
> <john.horton at legitscript.com
> <mailto:john.horton at legitscript.com>> wrote:
>
>
> I was going to reply to Natalie's email as
> well, but Paul's comments capture my thoughts,
> so: *+1. *
>
>
> John Horton
> President and CEO, LegitScript
>
> *Follow****Legit**Script*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com>
> | Facebook
> <https://www.facebook.com/LegitScript> |
> Twitter <https://twitter.com/legitscript> |
> _Blog <http://blog.legitscript.com/>_ |Google+
> <https://plus.google.com/112436813474708014933/posts>
>
>
>
>
>
>
>
> On Tue, May 30, 2017 at 12:57 PM, Paul Keating
> <paul at law.es <mailto:paul at law.es>> wrote:
>
> Natalie,
>
> Thank you for the email. Im copying the
> list because i see others have replied to
> your comment.
>
> I strenuously object to the concept. We
> are discussing THIN DATA ONLY HERE.
> Unless someone can explain to me why any
> of this data set has privacy concerns this
> is a non-issue. I would certainly
> appreciate someone explaining what, if
> any, privacy issues are perceived to be at
> issue here.
>
> Moreover, while you suggest that the idea
> escapes the need to declare a purpose, it
> does nothing but reinforce a subjective
> criteria based system in which the
> declared purpose is used to somehow limit
> the data being retrieved.
>
> If i am missing something please let me know.
>
>
> Paul
>
>
> Sent from my iPad
>
>
> On 30 May 2017, at 21:08, nathalie coupet
> via gnso-rds-pdp-wg
> <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>
> Hi Paul,
>
> In the context of thin data, in view
> of the opposition of some to allow
> unauthenticated access to all the thin
> data, the principle of proportionality
> serves as an over-arching principle at
> this particular phase in our work in
> order to protect data from abuse while
> not restricting access.
>
> Thin data must be proportionate to the
> query, be useful for that particular
> query. All and any other thin data
> foreign to this query should not be
> shared. This principle potentially
> avoids having to resort to 'legitimate
> purposes' which cannot be verified for
> unauthenticated access.
>
> Nathalie
>
> On Tuesday, May 30, 2017 2:44 PM,
> "Gomes, Chuck via gnso-rds-pdp-wg"
> <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>
>
> Because Nathalie was the originator
> and was unable to speak on the call, I
> encourage her to describe the nature
> of the issue on this thread.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.
> org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
> [mailto:gnso-rds-pdp-wg-
> bounces at icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>]
> *On Behalf Of *Paul Keating
> *Sent:* Tuesday, May 30, 2017 2:17 PM
> *To:* Lisa Phifer <lisa at corecom.com
> <mailto:lisa at corecom.com>>; RDS PDP WG
> <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>>
> *Subject:* [EXTERNAL] Re:
> [gnso-rds-pdp-wg] Principle on
> Proportionality for "Thin Data"access
>
> Im sorry to have missed the call but
> had a client engagement.
>
> Can someone briefly describe the
> nature of the issue?
>
> Thanks
>
> Paul
>
> *From: *<gnso-rds-pdp-wg-bounces@
> icann.org
> <mailto:gnso-rds-pdp-wg-bounces at icann.org>>
> on behalf of Lisa Phifer
> <lisa at corecom.com
> <mailto:lisa at corecom.com>>
> *Date: *Tuesday, May 30, 2017 at 7:52 PM
> *To: *RDS PDP WG
> <gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>>
> *Subject: *[gnso-rds-pdp-wg] Principle
> on Proportionality for "Thin Data"access
>
> All, per today's call action item:
>
> *Action Item: Nathalie Coupet and
> any other WG members who wish to
> do so to propose to the WG list a
> new principle on proportionality
> for "thin data." All WG members to
> comment on that proposed principle
> in advance of next call.
>
> *we are starting a new thread here
> which anyone may reply to if they
> wish to propose (or respond to) a
> new principle on proportionality
> for "thin data" access.
>
> Best, Lisa
>
> ______________________________
> _________________ gnso-rds-pdp-wg
> mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/
> listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> ______________________________
> _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/
> listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> ______________________________
> _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/
> listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
> ______________________________
> _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/
> listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> --
>
> _________________________________
> Note to self: Pillage BEFORE burning.
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org
> <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> --
>
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
>
>
> Mit freundlichen Grüßen,
>
>
>
> Volker A. Greimann
>
> - Rechtsabteilung -
>
>
>
> Key-Systems GmbH
>
> Im Oberen Werk 1
>
> 66386 St. Ingbert
>
> Tel.: +49 (0) 6894 - 9396 901
>
> Fax.: +49 (0) 6894 - 9396 851
>
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
>
>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
>
>
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
>
> www.facebook.com/KeySystems
> <http://www.facebook.com/KeySystems>
>
> www.twitter.com/key_systems
> <http://www.twitter.com/key_systems>
>
>
>
> Geschäftsführer: Alexander Siffrin
>
> Handelsregister Nr.: HR B 18835 - Saarbruecken
>
> Umsatzsteuer ID.: DE211006534
>
>
>
> Member of the KEYDRIVE GROUP
>
> www.keydrive.lu <http://www.keydrive.lu>
>
>
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
>
>
> --------------------------------------------
>
>
>
> Should you have any further questions, please do not hesitate to contact us.
>
>
>
> Best regards,
>
>
>
> Volker A. Greimann
>
> - legal department -
>
>
>
> Key-Systems GmbH
>
> Im Oberen Werk 1
>
> 66386 St. Ingbert
>
> Tel.: +49 (0) 6894 - 9396 901
>
> Fax.: +49 (0) 6894 - 9396 851
>
> Email:vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>
>
>
>
> Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net>
>
> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>
>
>
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:
>
> www.facebook.com/KeySystems
> <http://www.facebook.com/KeySystems>
>
> www.twitter.com/key_systems
> <http://www.twitter.com/key_systems>
>
>
>
> CEO: Alexander Siffrin
>
> Registration No.: HR B 18835 - Saarbruecken
>
> V.A.T. ID.: DE211006534
>
>
>
> Member of the KEYDRIVE GROUP
>
> www.keydrive.lu <http://www.keydrive.lu>
>
>
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170531/fdba9a25/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list