<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Please remove me from this WG. <br>
</p>
<p>Thanks, <br>
</p>
<p>Theo <br>
</p>
<div class="moz-cite-prefix">On 27-4-2017 21:21, allison nixon
wrote:<br>
</div>
<blockquote
cite="mid:CACLR7wJGqR3gxjgWJ0BycOq-Z5eB1wHnh5rABMkWmao3BTjaeQ@mail.gmail.com"
type="cite">
<div dir="ltr">I fail to see anything appealing in this future
scenario. Was this meant to be appealing?
<div><br>
</div>
<div>Sharing whois info is also a vital part of legitimate use
of whois. Not only the company's whois info, but even the
owners' personal sites and their whois info.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Apr 27, 2017 at 3:16 PM, theo
geurts <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:gtheo@xs4all.nl" target="_blank">gtheo@xs4all.nl</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi John,<br>
<br>
Let's use this solution to explore and let me put you on the
spot in this exercise ;)<br>
<br>
Now I am going to modify your example and focus on RDS with
gated access.<br>
In this scenario, all info is available worldwide with the
exception of EU Registrants that are not a company. This
access is restricted and requires gated access.<br>
<br>
The first thing that will happen is a rise of EU registrants
with Rogue Pharmacies how will enjoy the protection of gated
access for the wrong reasons in my opinion.<br>
<br>
What is the solution?<br>
LegitScript, and I suggest others will have a good look at
Article 40 (code of conduct) of the GDPR.<br>
After you and others went through this process, you almost
have gated access.<br>
<br>
The only barrier left is Privacy Shield certification and
its key requirements.<br>
<a moz-do-not-send="true"
href="https://www.privacyshield.gov/Key-New-Requirements"
rel="noreferrer" target="_blank">https://www.privacyshield.gov/<wbr>Key-New-Requirements</a><br>
<br>
Congrats! You are all set and done, welcome to the gated
access!<br>
<br>
Sure you have to comply with a set of rules and regulations,
but access is there.<br>
<br>
Of course, you will have to stop showing full WHOIS info
like for <a moz-do-not-send="true"
href="http://pharmacy-xl.com" rel="noreferrer"
target="_blank">pharmacy-xl.com</a> also, and you cannot
push the data to other companies without consent from the
data subject, after all, you got a subsidiary company
located in Dublin and you do not want to end up with a 20
million Euro fine.<br>
<br>
Best regards,<br>
<br>
Theo<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Well, on that note, let me propose a solution to consider.<br>
<br>
Volker and others have pointed out that the EU has some
legal requirements<br>
pertaining to privacy. As far as I can tell, these generally
don't exist<br>
elsewhere. (That's not to say "nowhere," but it's the
exception, not the<br>
rule.) Let's stipulate, for the sake of argument, that
registrars in those<br>
countries have to adhere to those laws. However, the purpose
of privacy<br>
laws in Germany, France or Sweden are to protect the
citizens of those<br>
countries -- not registrants in other countries.<br>
<br>
As a trade-off, it seems reasonable to me to explore a
solution where EU<br>
registrars agree to forego accepting domain name
registrations from outside<br>
their own jurisdiction. We can then have a bi-furcated
system -- this<br>
should only apply to registrants using the domain name for
non-commercial<br>
reasons, by the way, since the privacy laws only apply to
individuals, not<br>
corporations -- where, say, a German citizen can register
with Key-Systems<br>
(for example) and enjoy whatever data protections
Key-Systems feels that it<br>
needs to implement. (Volker, I'm not picking on you here,
I'm just using<br>
you as an EU-based example.) It's incredibly easy to
implement technically:<br>
just restrict the available countries in the drop-down menu
during<br>
registration to a single country.<br>
<br>
After all, as a US citizen, why should I -- or a Chinese
citizen, or a<br>
Brazilian citizen -- have the right to avail myself of the
privacy<br>
protections afforded by the German government to German
citizens? Those<br>
aren't meant for me.<br>
<br>
And, after all, why should privacy protections that apply to
a minority of<br>
the world's population force a global change everywhere?<br>
<br>
I'd be interested to hear from registrars whether, in
exchange for being<br>
able to implement rigorous privacy protections for domain
names used for<br>
non-commercial purposes, they would be willing to forego
accepting<br>
registrations from outside of their own jurisdiction (or,
perhaps, the EU).<br>
This would allow Volker and others to comply with their own
laws but in a<br>
minimally disruptive way.<br>
<br>
John Horton<br>
President and CEO, LegitScript<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
______________________________<wbr>_________________
<div class="HOEnZb">
<div class="h5"><br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>
Note to self: Pillage BEFORE burning.</div>
</div>
</blockquote>
<br>
</body>
</html>