[gnso-rds-pdp-wg] CIRCL - Luxembourg CERT Statement on WHOIS

[Rubens Kuhl]

> Em 13 de abr de 2018, à(s) 20:23:000, John Bambenek <jcb at bambenekconsulting.com> escreveu:
> 
> They are talking about the practical negative impact to privacy and security caused by a myopic and one-sided of whois (that everything everywhere needs to be shut off).

The impact part is well known and I don't see anyone saying it won't happen. And we are not even trying to balance that impact to the privacy impact, because the law already did that. If that is to be revisited, EU lawmakers have to be involved.

> It should be noted that the DPAs have not specified specific courses of action nor have specific courses of action be presented to them for analysis.

They already ruled out any scenario I saw security practitioners and IP interests ever suggesting. But there could indeed be others still not evaluated.

> For instance a fully free and consent driven system for GDPR impacted constituents has yet to be considered.
> 

GDPR does not apply only to constituents; if a contracted party is in EU jurisdiction and provides services outside the EU, they have to follow GDPR as well, even if all their customers are in Tuvalu. Both the data subject and processing party are relevant to GDPR.

And regarding the "free" part, ICANN has no authority to mandate services to be free of charge or to cost a million bucks. So whatever solution we find, needs to not rely on that service being free as in costing nothing.



Rubens

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180413/5e4db6d6/signature.asc>