[gnso-rds-pdp-wg] ICANN Meetings/Conversations with Data Protection and Privacy Commissioners

theo geurts gtheo at xs4all.nl
Thu Sep 28 18:06:55 UTC 2017 

Hello Andrew,

1 I agree you need to be specific, but also you should ask, would a DPA 
accept it? Regardless if that is a DPA in Europe or China or Jamaica. 
Setting the baseline to the GDPR would be a mistake, these data 
protection laws are always in motion. As such you need to implement data 
protection principles when you define purpose. Did we really do that?

2 I am not sure if there is a misapprehension. I do think we did not go 
out of the box far enough. We somehow keep circling back to the WHOIS, 
and that is somewhat strange given the composition of the WG.
We did put a ton of work into looking at the current data elements and 
all that, but we never into the concept of no WHOIS/RDS and come up with 
a solution in such a scenario.

If we want to convince these policymakers of what we are facing abuse 
wise, we must do better.

Theo


On 28-9-2017 19:11, Andrew Sullivan wrote:
> On Thu, Sep 28, 2017 at 06:46:29PM +0200, theo geurts wrote:
>> I think it is meant that IP addresses will be considered personal
>> information under the GDPR, that concept might be new to folks in this WG.
> I _know_ that.  But there are two issues here:
>
>      1.  It appears entirely clear, both from previous discussions and
>      from the legal analysis that was just delivered, that collection
>      of certain data (and we're still talking about collection,
>      remember) is permitted if you have legitimate purposes.
>      Therefore, we should be paying attention to those purposes, and be
>      specific about it.
>
>      2.  It is possible that any law, or any interpretation of the law,
>      is being made with a misapprehension of how the Internet actually
>      works.  Quite frankly, it is apparent to me that an alarming
>      number of policymakers have a deeply mistaken model for the way
>      the Internet works, mostly aligned with a picture that looks like
>      the way the phone system used to work.  But we have to make policy
>      for the actual Internet, rather than for some system that does not
>      actually exist.  This is why I sent that note the other day about
>      figuring out what we want and then asking lawyers how that can be
>      made to comport with such legal regimes as we know, rather than
>      doing it the other way.
>
> Best regards,
>
> A
>

More information about the gnso-rds-pdp-wg mailing list