[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access
Sam Lanfranco
sam at lanfranco.net
Wed May 31 15:34:40 UTC 2017
All,
Are we mixing up several issues here? One is the content of and terms of
access to “thin data”. Another is the evolving sovereign national and
regional rulings on personal data privacy. Another is abuses of the
available date to essentially harass domain name holders. Yet another is
general privacy on the part of the domain name holder. Consider these
issues in reverse order.
For a domain name holder “thin data” is but one piece of “bread crumb
data” (traces found online) associated with that holder within the
Internet ecosystem. Depending on one’s online presence, modest due
diligence will produce substantial data about that holder, even though
no one piece of bread crumb data violates privacy laws. It is impossible
to prevent such due diligence but there may be scope for policies to
restrict uses that amount to harassment.
That is the nature of online reality. The three components of accessible
thin data, privacy legislation, and (equally important) a holder’s
online presence determine how much of one’s individual persona is
accessible by online due diligence. There is no way to reduce that
exposure to zero, short of no engagement in the Internet ecosystem. At
most there could be warnings much like those for people with peanut
allergies. Typical wording is: “Warning: this produce may contain
peanuts”, or “Produced in a facility that also processes peanuts”.
Possible wording here could read like the warnings in browsers with
regard to others tracking one’s online behavior.
The issue of abuses, from access and due diligence, should probably be
treated as a separate issue. There are technical solutions to massive
data harvesting, and privacy/proxy solutions for individual thin data.
It is probably wiser to work from treating the catalogue of abuses as a
policy challenge in its own right.
With respect to the moving target of compliance with national and
regional privacy laws, the Internet ecosystem is not unlike the natural
ecosystem. Environmental policies evolve, both as a function of
perceived environmental problems, and the interplay between the various
stakeholders. This involves ongoing agency and adjustment by
environmental stakeholders. Such will be the ongoing situation for
stakeholders in the DNS system. Recognizing this prevents us from trying
(and failing) to cast in stone, at any one in time, a definitive
solution to consistency between practice (ICANN’s and others) and
evolving national and regional (e.g. EU) privacy policy.
Lastly, the content of and terms of access to thin data remain the core
of this working groups task here. The working group is probably 98%
along that path with purposeful thin data and unrestricted access. Doing
that well, while cognizant of these other issues, is the task at hand.
Some of these other issues are, by their nature ongoing, and the thin
data task is to do it in a way that minimizes the complications of
separately addressing the ongoing challenges of abuse and privacy
compliance issues.
We are almost there, in terms of our actual remit. Are we overly
muddying the road we are on with the ongoing challenges of abuse and
privacy compliance?
Sam Lanfranco (NCSG/NOPC)
More information about the gnso-rds-pdp-wg
mailing list