<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">I think this is an
important point which Theo is raising. The DPAs have been of
course saying this for years, check the Article 29 opinions
for early evidence....one of the first big fights over this I
think was back in the Microsoft Passport days.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Stephanie</font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-09-28 12:46, theo geurts wrote:<br>
</div>
<blockquote type="cite"
cite="mid:04705171-3691-6cf3-1ab3-e7ad8a77770a@xs4all.nl">
<br>
Andrew,
<br>
<br>
I think it is meant that IP addresses will be considered personal
information under the GDPR, that concept might be new to folks in
this WG.
<br>
<br>
Yes we do require IP addresses to make a domain name work, that is
not the issue.
<br>
<br>
Something we mailed our resellers a few weeks ago:
<br>
1. Your activities are much more likely to be covered by EU
privacy legislation
<br>
If your organization processes personal data of a person who is in
the EU, you must comply with the GDPR. It does not matter if your
organization is not established in the EU or if the processing
does not take place within the EU. And if there was any doubt
before: the definition of personal data now explicitly includes
online identifiers, such as IP and MAC addresses or a cookie-ID.
<br>
<br>
Theo
<br>
<br>
On 28-9-2017 18:34, Andrew Sullivan wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
On Thu, Sep 28, 2017 at 06:18:57PM +0200, Volker Greimann wrote:
<br>
<blockquote type="cite">As even IP addresses have been held to
be sensitive personal data that may
<br>
not be stored without need, the same goes doubly for contact
details.
<br>
</blockquote>
We appear to have entered, once again, the hall of mirrors where
we
<br>
talk about collecting $thing in the abstract, instead of paying
<br>
attention to the specific purposes that we have already debated
at
<br>
length. Couldn't we concentrate on whether this or that bit of
<br>
collection is needed in order to support the needs of the
Internet we
<br>
have already discussed?
<br>
<br>
As near as I can tell, we have quite clearly articulated reasons
why
<br>
both IP addresses and contact details need to be collected for
domain
<br>
name registrations. Is that even controversial now?
<br>
<br>
Best regards,
<br>
<br>
A
<br>
<br>
<blockquote type="cite">_______________________________________________
<br>
gnso-rds-pdp-wg mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
_______________________________________________
<br>
gnso-rds-pdp-wg mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
<br>
</blockquote>
<br>
</body>
</html>