<div dir="ltr">I fail to see anything appealing in this future scenario. Was this meant to be appealing?<div><br></div><div>Sharing whois info is also a vital part of legitimate use of whois. Not only the company's whois info, but even the owners' personal sites and their whois info.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 27, 2017 at 3:16 PM, theo geurts <span dir="ltr"><<a href="mailto:gtheo@xs4all.nl" target="_blank">gtheo@xs4all.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi John,<br>
<br>
Let's use this solution to explore and let me put you on the spot in this exercise ;)<br>
<br>
Now I am going to modify your example and focus on RDS with gated access.<br>
In this scenario, all info is available worldwide with the exception of EU Registrants that are not a company. This access is restricted and requires gated access.<br>
<br>
The first thing that will happen is a rise of EU registrants with Rogue Pharmacies how will enjoy the protection of gated access for the wrong reasons in my opinion.<br>
<br>
What is the solution?<br>
LegitScript, and I suggest others will have a good look at Article 40 (code of conduct) of the GDPR.<br>
After you and others went through this process, you almost have gated access.<br>
<br>
The only barrier left is Privacy Shield certification and its key requirements.<br>
<a href="https://www.privacyshield.gov/Key-New-Requirements" rel="noreferrer" target="_blank">https://www.privacyshield.gov/<wbr>Key-New-Requirements</a><br>
<br>
Congrats! You are all set and done, welcome to the gated access!<br>
<br>
Sure you have to comply with a set of rules and regulations, but access is there.<br>
<br>
Of course, you will have to stop showing full WHOIS info like for <a href="http://pharmacy-xl.com" rel="noreferrer" target="_blank">pharmacy-xl.com</a> also, and you cannot push the data to other companies without consent from the data subject, after all, you got a subsidiary company located in Dublin and you do not want to end up with a 20 million Euro fine.<br>
<br>
Best regards,<br>
<br>
Theo<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Well, on that note, let me propose a solution to consider.<br>
<br>
Volker and others have pointed out that the EU has some legal requirements<br>
pertaining to privacy. As far as I can tell, these generally don't exist<br>
elsewhere. (That's not to say "nowhere," but it's the exception, not the<br>
rule.) Let's stipulate, for the sake of argument, that registrars in those<br>
countries have to adhere to those laws. However, the purpose of privacy<br>
laws in Germany, France or Sweden are to protect the citizens of those<br>
countries -- not registrants in other countries.<br>
<br>
As a trade-off, it seems reasonable to me to explore a solution where EU<br>
registrars agree to forego accepting domain name registrations from outside<br>
their own jurisdiction. We can then have a bi-furcated system -- this<br>
should only apply to registrants using the domain name for non-commercial<br>
reasons, by the way, since the privacy laws only apply to individuals, not<br>
corporations -- where, say, a German citizen can register with Key-Systems<br>
(for example) and enjoy whatever data protections Key-Systems feels that it<br>
needs to implement. (Volker, I'm not picking on you here, I'm just using<br>
you as an EU-based example.) It's incredibly easy to implement technically:<br>
just restrict the available countries in the drop-down menu during<br>
registration to a single country.<br>
<br>
After all, as a US citizen, why should I -- or a Chinese citizen, or a<br>
Brazilian citizen -- have the right to avail myself of the privacy<br>
protections afforded by the German government to German citizens? Those<br>
aren't meant for me.<br>
<br>
And, after all, why should privacy protections that apply to a minority of<br>
the world's population force a global change everywhere?<br>
<br>
I'd be interested to hear from registrars whether, in exchange for being<br>
able to implement rigorous privacy protections for domain names used for<br>
non-commercial purposes, they would be willing to forego accepting<br>
registrations from outside of their own jurisdiction (or, perhaps, the EU).<br>
This would allow Volker and others to comply with their own laws but in a<br>
minimally disruptive way.<br>
<br>
John Horton<br>
President and CEO, LegitScript<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
______________________________<wbr>_________________<div class="HOEnZb"><div class="h5"><br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>