[gnso-rds-pdp-wg] ICANN Legal Opinion on GDPR - Part 1

[Rubens Kuhl]

> On Oct 19, 2017, at 12:56 PM, Alan Greenberg <alan.greenberg at mcgill.ca> wrote:
> 
> Indeed Chuck. For those who believed that that we could get away with not making very significant changes, this is a/another wake-up call.
> 
> On a relative level, our job is easy since we are in theory starting with a clean slate. How ICANN addresses TODAY's issue of GDPR and the present system is, in my opinion, far more challenging. And we are almost surely going to impact the ability of those combatting malicious activities.
> 
> We need to quickly proceed with our part where we know we can implement tiered/controlled access and set policy so implementation may begin.


ICANN already allowed for such implementations with the RDAP Pilot program. But it's an optional program, so it's not covered by any reasoning like "ICANN contract says we have to do it" and requires even more legal analysis than a contract obligation...

BTW, in most combat of malicious activities targeting the average user, knowing the actual identity of the perpetrator is not really that useful. Specially because it's likely fake data anyways.
What really cuts it is cross-referencing it with other objects; for me, this suggests some kind of one-way hashing could do the trick and still preserve the privacy of people.


Rubens


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171019/b359f214/signature.asc>