[gnso-rds-pdp-wg] What we want redux (was Re: ICANN Meetings/Conversations with Data Protection and Privacy Commissioners)
Andrew Sullivan
ajs at anvilwalrusden.com
Thu Sep 28 18:16:17 UTC 2017
On Thu, Sep 28, 2017 at 08:06:55PM +0200, theo geurts wrote:
> 1 I agree you need to be specific, but also you should ask, would a DPA
> accept it? Regardless if that is a DPA in Europe or China or Jamaica.
> Setting the baseline to the GDPR would be a mistake, these data protection
> laws are always in motion. As such you need to implement data protection
> principles when you define purpose. Did we really do that?
What I am trying to say is that we ought to work out what we need to
solve. I think we have only half-done that. I would like for us to
complete that, and in particular to look carefully at what data needs
to be exposed to whom under what conditions in order to move something
ahead. I believe that it is not helpful for people to bang shoes on
the table and say "whois privacy" or "DPA won't accept it". We ought
instead to figure out what our problem is and what we want to do to
solve it, and then ask legal permission _after_ that.
I think Allison elsewhere just today pointed out that the legal
analysis currently focusses too much on direct contractual
relationships and misses the voluntary, no-contract nature of Internet
operations. We need to design an answer for that, and then figure out
how to make the laws as we undertand them to work with that answer.
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the gnso-rds-pdp-wg
mailing list