<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>Volker,</div><div><br></div><div>The harm is to all those relying on the data to do other work (like security). If the DC limits collection based on the limited GDPR subset (individual EU residents), that means less data available.</div><div><br></div><div>Paul</div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>> on behalf of Volker Greimann <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>><br><span style="font-weight:bold">Date: </span> Thursday, February 15, 2018 at 4:29 PM<br><span style="font-weight:bold">To: </span> <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards<br></div><div><br></div><blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div text="#000000" bgcolor="#FFFFFF">
<p>Regardless of whom the GDPR applies to, we need to ask ourselves
the question whether the system we will be designing should make
that differentiation. It may be beneficial and reduce user
confusion if they do not have to use two different methods to
access registration data depending on where in the world the
registrant is based, but only one universal system. And if they
have to jump through certain hoops (for example pre-certification
of the requester) anyways to get at EU data subject data, where is
the harm in using that same hoop for all data? <br>
</p>
<p>Best,</p>
<p>Volker<br>
</p>
<br>
<div class="moz-cite-prefix">Am 15.02.2018 um 15:56 schrieb Paul
Keating:<br>
</div>
<blockquote type="cite" cite="mid:D6AB5D84.C07D0%25Paul@law.es">
<div>Rubens,</div>
<div><br>
</div>
<div>You stated:</div>
<div><br>
</div>
<div>
<blockquote type="cite" class="" style="font-family:
-webkit-standard;">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default">
<ul class="">
<li class=""><font class="" face="arial,helvetica,sans-serif" color="#444444">There
is a limited set of registrants that is entitled
to GDPR protection. There is a very large class of
registrants that is not entitled to GDPR
protection. There is disagreement about where this
line is, but this seems to be something where
consensus is possible and there's an objectively,
legally correct answer."</font></li>
</ul>
</div>
</div>
</div>
</blockquote>
</div>
<div>And,</div>
<div><br>
</div>
<div><span id="OLK_SRC_BODY_SECTION">
<blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="padding: 0px 0px 0px 5px; margin: 0px 0px 0px 5px;">
<div class="" style="word-wrap: break-word;
-webkit-nbsp-mode: space; line-break: after-white-space;">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default">
<div class="">
<ol class="">
<li class="">The GDPR applies to, and is
intended to benefit, a limited set of
registrants. <br class="">
</li>
</ol>
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<span class="Apple-tab-span" style="white-space:pre"> </span>No,
no agreement with that state</div>
</blockquote>
</span>
<div><br>
</div>
</div>
<div><br>
</div>
<div>I completely disagree. The GDPR does in fact act only to
bind Data Collectors and Processors as to data concerning a
specific and limited set of people (EU residents). That
registrars may seek to apply it across the board to all
registrants is a matter of convenience and risk avoidance given
the potential issues of properly identifying whether the
registrant is in fact one of the protected class. While I
cannot fault the registrars for wanting to limit risk, I do
object to the objective miss-statement of the law.</div>
<div><br>
</div>
<div>Paul Keating.</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt;
text-align:left; color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT:
0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg-bounces@icann.org</a>>
on behalf of Rubens Kuhl <<a href="mailto:rubensk@nic.br" moz-do-not-send="true">rubensk@nic.br</a>><br>
<span style="font-weight:bold">Date: </span> Wednesday,
February 14, 2018 at 9:41 PM<br>
<span style="font-weight:bold">To: </span> John Horton <<a href="mailto:john.horton@legitscript.com" moz-do-not-send="true">john.horton@legitscript.com</a>><br>
<span style="font-weight:bold">Cc: </span> RDS PDP WG <<a href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>><br>
<span style="font-weight:bold">Subject: </span> Re:
[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards<br>
</div>
<div><br>
</div>
<blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0
0 0 5;">
<div>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class=""><br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 14 Feb 2018, at 18:07, John Horton
via gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg@icann.org" class="" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">Thanks,
Chuck. I think whatever changes are required by
the GDPR can be accomplished with changes that,
in my view, do not constitute a fundamental
change to Whois/RDS. Beyond what I think are
non-fundamental changes relating to the GDPR, I
do not believe that any changes are a "must." As
to your question:</div>
<div class="gmail_default">
<ul class="">
<li class=""><font class="" face="arial,helvetica,sans-serif" color="#444444">There is a limited set of
registrants that is entitled to GDPR
protection. There is a very large class of
registrants that is not entitled to GDPR
protection. There is disagreement about
where this line is, but this seems to be
something where consensus is possible and
there's an objectively, legally correct
answer. </font></li>
</ul>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
Nope, GDPR applies to all domain services provided by a
party that does business targeting EEA. So there is no
agreement in limiting to whom GDPR applies to. You know
what is in the Hamilton memo that you disagree with, and
while it's your right to disagree, you can't define
things as having agreement when there is no such thing. </div>
<div><br class="">
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default">
<ul class="">
<li class=""><font class="" face="arial,helvetica,sans-serif" color="#444444">It is possible to protect
that subset of registrants through (e.g.)
complimentary privacy protection, as well
as some other limited policies granting
access to the data for a legitimate
purpose (etc., everything we've been
discussing). </font></li>
</ul>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
Nope, that would only be valid for publishing of data.
For collection and processing of data, private WHOIS as
we know it might not be enough to achieve compliance,
depending on TLD and ICANN requirements. </div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default">
<ul class="">
<li class=""><font class="" face="arial,helvetica,sans-serif" color="#444444">Whether a registrant is,
in fact, an entity that is in the very
limited class entitled to GDPR protection
can be determined during the registration
process, and ICANN policy can require
registrars to add these fields to the
registration process. Existing registrants
can be asked to update their information. </font></li>
<li class=""><font class="" face="arial,helvetica,sans-serif" color="#444444">Aside from the policies
requiring that those additional data
fields be collected during the
registration process (e.g., are you an EU
citizen and other relevant questions), and
that if certain answers are "TRUE" then
privacy protection is automatically
granted, Whois would not change. Port 43
access would continue as is, and so on. </font></li>
</ul>
<div class=""><font class="" face="arial,helvetica,sans-serif" color="#444444">I guess I would turn around
and ask you and others if everyone agrees
with these two statements:</font></div>
<div class="">
<ol class="">
<li class="">The GDPR applies to, and is
intended to benefit, a limited set of
registrants. <br class="">
</li>
</ol>
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
No, no agreement with that statement. </div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="gmail_default">
<div class="">
<ol class="" start="2">
<li class="">Registrar convenience or
business objectives is not a valid basis
to support a policy change. </li>
</ol>
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div><br class="">
</div>
That depends on level. If by business objectives you
mean deny service for whole Europe, that's a pretty hard
business hit. It's something like 20% of world's GDP. </div>
<div><br class="">
</div>
<div><br class="">
</div>
<div><br class="">
</div>
<div><br class="">
</div>
<div><br class="">
</div>
<div>Rubens</div>
<div><br class="">
</div>
<div><br class="">
</div>
</div>
</div>
_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div>
_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote></span></body></html>