<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Much of that sharing would take place under "threat sharing"
regimes, many of which are still being formulated but that policy
work is explicitly designed to make sure such sharing is legal
everywhere it is being considered.<br>
</p>
<br>
<div class="moz-cite-prefix">On 4/27/2017 4:16 PM, Ayden Férdeline
wrote:<br>
</div>
<blockquote
cite="mid:_3oWnbgEacfTVgG3O0PgP1TtnZpUlAVXx90dXiyZmuQm4_zGmWJhqHvFbXnhb1HfpTst3c23_iKRZDAfpMGs4Ouy6ZzdB9R3YsELImmCElA=@ferdeline.com"
type="cite">
<div>I appreciate that you consider “Sharing whois info [to be] a
vital part of legitimate use of whois”, but if sharing such
information would not comply with applicable laws, it is not
something that this Working Group can condone, in my view. Also,
I am not a lawyer, but I believe “vital” interests are
separately defined at least within the context of the GDPR and
are very limited in scope.<br>
</div>
<div><br>
</div>
<div class="protonmail_signature_block ">
<div class="protonmail_signature_block-user ">
<div>- Ayden <br>
</div>
</div>
<div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br>
</div>
</div>
<div><br>
</div>
<blockquote type="cite" class="protonmail_quote">
<div>-------- Original Message --------<br>
</div>
<div>Subject: Re: [gnso-rds-pdp-wg] international law
enforcement association resolution regarding domain
registration data<br>
</div>
<div>Local Time: 27 April 2017 8:21 PM<br>
</div>
<div>UTC Time: 27 April 2017 19:21<br>
</div>
<div>From: <a class="moz-txt-link-abbreviated" href="mailto:elsakoo@gmail.com">elsakoo@gmail.com</a><br>
</div>
<div>To: theo geurts <a class="moz-txt-link-rfc2396E" href="mailto:gtheo@xs4all.nl"><gtheo@xs4all.nl></a><br>
</div>
<div>RDS PDP WG <a class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a><br>
</div>
<div><br>
</div>
<div dir="ltr">
<div>I fail to see anything appealing in this future scenario.
Was this meant to be appealing?<br>
</div>
<div><br>
</div>
<div>Sharing whois info is also a vital part of legitimate use
of whois. Not only the company's whois info, but even the
owners' personal sites and their whois info.<br>
</div>
</div>
<div class="gmail_extra">
<div><br>
</div>
<div class="gmail_quote">
<div>On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <span
dir="ltr"><<a moz-do-not-send="true" rel="noreferrer
nofollow noopener" href="mailto:gtheo@xs4all.nl">gtheo@xs4all.nl</a>></span>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Hi John,<br>
</div>
<div> <br>
</div>
<div> Let's use this solution to explore and let me put
you on the spot in this exercise ;)<br>
</div>
<div> <br>
</div>
<div> Now I am going to modify your example and focus on
RDS with gated access.<br>
</div>
<div> In this scenario, all info is available worldwide
with the exception of EU Registrants that are not a
company. This access is restricted and requires gated
access.<br>
</div>
<div> <br>
</div>
<div> The first thing that will happen is a rise of EU
registrants with Rogue Pharmacies how will enjoy the
protection of gated access for the wrong reasons in my
opinion.<br>
</div>
<div> <br>
</div>
<div> What is the solution?<br>
</div>
<div> LegitScript, and I suggest others will have a good
look at Article 40 (code of conduct) of the GDPR.<br>
</div>
<div> After you and others went through this process, you
almost have gated access.<br>
</div>
<div> <br>
</div>
<div> The only barrier left is Privacy Shield
certification and its key requirements.<br>
</div>
<div> <a moz-do-not-send="true"
href="https://www.privacyshield.gov/Key-New-Requirements"
rel="noreferrer nofollow noopener">https://www.privacyshield.gov/<wbr>Key-New-Requirements</a><br>
</div>
<div> <br>
</div>
<div> Congrats! You are all set and done, welcome to the
gated access!<br>
</div>
<div> <br>
</div>
<div> Sure you have to comply with a set of rules and
regulations, but access is there.<br>
</div>
<div> <br>
</div>
<div> Of course, you will have to stop showing full WHOIS
info like for <a moz-do-not-send="true"
href="http://pharmacy-xl.com" rel="noreferrer nofollow
noopener">pharmacy-xl.com</a> also, and you cannot
push the data to other companies without consent from
the data subject, after all, you got a subsidiary
company located in Dublin and you do not want to end up
with a 20 million Euro fine.<br>
</div>
<div> <br>
</div>
<div> Best regards,<br>
</div>
<div> <br>
</div>
<div> Theo<br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> Well, on that note, let me propose a solution to
consider.<br>
</div>
<div> <br>
</div>
<div> Volker and others have pointed out that the EU has
some legal requirements<br>
</div>
<div> pertaining to privacy. As far as I can tell, these
generally don't exist<br>
</div>
<div> elsewhere. (That's not to say "nowhere," but it's
the exception, not the<br>
</div>
<div> rule.) Let's stipulate, for the sake of argument,
that registrars in those<br>
</div>
<div> countries have to adhere to those laws. However, the
purpose of privacy<br>
</div>
<div> laws in Germany, France or Sweden are to protect the
citizens of those<br>
</div>
<div> countries -- not registrants in other countries.<br>
</div>
<div> <br>
</div>
<div> As a trade-off, it seems reasonable to me to explore
a solution where EU<br>
</div>
<div> registrars agree to forego accepting domain name
registrations from outside<br>
</div>
<div> their own jurisdiction. We can then have a
bi-furcated system -- this<br>
</div>
<div> should only apply to registrants using the domain
name for non-commercial<br>
</div>
<div> reasons, by the way, since the privacy laws only
apply to individuals, not<br>
</div>
<div> corporations -- where, say, a German citizen can
register with Key-Systems<br>
</div>
<div> (for example) and enjoy whatever data protections
Key-Systems feels that it<br>
</div>
<div> needs to implement. (Volker, I'm not picking on you
here, I'm just using<br>
</div>
<div> you as an EU-based example.) It's incredibly easy to
implement technically:<br>
</div>
<div> just restrict the available countries in the
drop-down menu during<br>
</div>
<div> registration to a single country.<br>
</div>
<div> <br>
</div>
<div> After all, as a US citizen, why should I -- or a
Chinese citizen, or a<br>
</div>
<div> Brazilian citizen -- have the right to avail myself
of the privacy<br>
</div>
<div> protections afforded by the German government to
German citizens? Those<br>
</div>
<div> aren't meant for me.<br>
</div>
<div> <br>
</div>
<div> And, after all, why should privacy protections that
apply to a minority of<br>
</div>
<div> the world's population force a global change
everywhere?<br>
</div>
<div> <br>
</div>
<div> I'd be interested to hear from registrars whether,
in exchange for being<br>
</div>
<div> able to implement rigorous privacy protections for
domain names used for<br>
</div>
<div> non-commercial purposes, they would be willing to
forego accepting<br>
</div>
<div> registrations from outside of their own jurisdiction
(or, perhaps, the EU).<br>
</div>
<div> This would allow Volker and others to comply with
their own laws but in a<br>
</div>
<div> minimally disruptive way.<br>
</div>
<div> <br>
</div>
<div> John Horton<br>
</div>
<div> President and CEO, LegitScript<br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> <br>
</div>
<div> ______________________________<wbr>_________________<br>
</div>
<div class="HOEnZb">
<div class="h5">
<div><br>
</div>
<div>gnso-rds-pdp-wg mailing list<br>
</div>
<div> <a moz-do-not-send="true" rel="noreferrer
nofollow noopener"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
</div>
<div> <a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer nofollow noopener">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</div>
</blockquote>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-- <br>
</div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div>_________________________________<br>
</div>
<div>Note to self: Pillage BEFORE burning.<br>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>