[gnso-rds-pdp-wg] ICANN Meetings/Conversations with Data Protection and Privacy Commissioners

[theo geurts]

Andrew,

I think it is meant that IP addresses will be considered personal 
information under the GDPR, that concept might be new to folks in this WG.

Yes we do require IP addresses to make a domain name work, that is not 
the issue.

Something we mailed our resellers a few weeks ago:
1. Your activities are much more likely to be covered by EU privacy 
legislation
If your organization processes personal data of a person who is in the 
EU, you must comply with the GDPR. It does not matter if your 
organization is not established in the EU or if the processing does not 
take place within the EU. And if there was any doubt before: the 
definition of personal data now explicitly includes online identifiers, 
such as IP and MAC addresses or a cookie-ID.

Theo

On 28-9-2017 18:34, Andrew Sullivan wrote:
> Hi,
>
> On Thu, Sep 28, 2017 at 06:18:57PM +0200, Volker Greimann wrote:
>> As even IP addresses have been held to be sensitive personal data that may
>> not be stored without need, the same goes doubly for contact details.
> We appear to have entered, once again, the hall of mirrors where we
> talk about collecting $thing in the abstract, instead of paying
> attention to the specific purposes that we have already debated at
> length.  Couldn't we concentrate on whether this or that bit of
> collection is needed in order to support the needs of the Internet we
> have already discussed?
>
> As near as I can tell, we have quite clearly articulated reasons why
> both IP addresses and contact details need to be collected for domain
> name registrations.  Is that even controversial now?
>
> Best regards,
>
> A
>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>