<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:rgb(68,68,68)">Thanks to Tapani, Michele, Theo and others -- appreciated, especially on a Friday evening for you! However, I think some others have found that unless you are within the borders of the EU, you are not a data subject, which mirrors the "Right to be Forgotten" -- you have to be a Data Subject for that right to apply, yes?. (And, I think that the GDPR only applies to Data Subjects.) Let me outline why I think your analysis is not correct:</div><div class="gmail_default"><ul><li style="text-align:justify"><font color="#444444" face="arial, helvetica, sans-serif">First, recitals help in interpretation and provide important context -- so they are indeed relevant -- but typically aren't binding in the same way that what comes afterwards is. So I don't think legally you can rely on the recitals for the argument you are making. But even if we take the recitals seriously (and we should use them for context), paragraphs like (23) repeatedly talk about "data subjects <b>who are in the Union</b>." For example, (23) states (in relevant part): "</font><font color="#444444" face="arial, helvetica, sans-serif">In order to ensure that natural persons are not deprived of (GDPR) protection...the processing of personal data of data subjects <b>who are in the Union</b> by a controller or a processor not established in the Union should be subject to this Regulation...in order to determine whether such a controller or processor is offering goods or services to <b>data subjects who are in the Union</b>..."</font></li><li><font color="#444444" face="arial, helvetica, sans-serif">Your reliance on the second clause (after the comma) in Article 3, Paragraph 1 is (I'd respectfully submit) misplaced in the light of the definitions section. The clause says "...r<span style="color:rgb(68,68,68);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:justify;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">egardless of whether the processing takes place in the Union or not." Processing, however, is defined as "any operation or set of operations on...personal data..." which of course is defined in the definitions section as relating to natural persons. You appear to be interpreting "processing" to mean "no matter where your customers come from." That simply isn't how it's defined. </span></font></li><li style="text-align:justify"><font color="#444444" face="arial, helvetica, sans-serif">Legal commentators like this <a href="https://cybercounsel.co.uk/data-subjects/">one</a> have foun</font><font face="arial, helvetica, sans-serif"><font color="#000000">d that "<span style="font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">a<span> </span></span><strong style="box-sizing:border-box;font-weight:600;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Data Subject</strong><span style="font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"> under GDPR is anyone within the borders of the EU, whose personal data is being processed. They have to be within the EU borders for them to qualify and therefore have the protection of the GDPR."</span></font></font></li></ul><div style="text-align:justify"><font color="#444444" face="arial, helvetica, sans-serif">I'm open to hearing something different and being wrong here, but look at it this way: I'd ask whether I, as a US citizen and resident, would have standing to file a complaint with a DPA if (only using you as an example here, Michele) I registered a domain name with Blacknight and felt that they violated my privacy rights under the GDPR. After all:</font></div><div style="text-align:justify"><ul><li><font color="#444444" face="arial, helvetica, sans-serif">The EU GDPR <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en">page</a> says "Rights for citizens." Am I a citizen? This <a href="https://eugdprcompliant.com/eu-citizens-rights/">website</a>, too, talks about my rights under the GDPR as an "EU Citizen." </font></li><li><font color="#444444" face="arial, helvetica, sans-serif">This EU GDPR <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights/what-are-my-rights_en">page</a> says that the (GDPR) rights "apply across the EU." So...I'm not in the EU. Doesn't that mean I don't have GDPR rights?</font></li><li><font color="#444444" face="arial, helvetica, sans-serif">This EU GDPR <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-are-data-protection-authorities-dpas-and-how-do-i-contact-them_en">page</a> tells me to "contact my DPA." Who...is my DPA?</font></li><li><font color="#444444" face="arial, helvetica, sans-serif">I can <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/can-i-claim-compensation_en">claim compensation</a> under my GDPR rights by filing a complaint "<span style="color:rgb(64,64,64);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">before the courts of the EU Member State of your habitual residence." (As well as the processor's country's DPA.) Can anyone tell me which EU Member State handles complaints for residents of Oregon, in the United States? Netherlands? Luxembourg? Ireland? Who?</span></font></li></ul><div style="text-align:start"><font color="#404040" face="arial, helvetica, sans-serif">I think you would all clearly agree: I don't, as a US citizen, have rights under the GDPR because...I'm not a Data Subject. I don't have what's known as "standing" to file a complaint, do I? Which means: the GDPR does not apply to me, which means...you, as a registrar, do not need to offer me GDPR protections. After all, it would be non-sensical to say that as a US citizen using your services, I have the right to GDPR protections but have no mechanism to enjoy their enforcement should you refuse to provide me those protections.</font></div><div style="text-align:start"><font color="#404040" face="arial, helvetica, sans-serif"><br></font></div><div style="text-align:start"><font color="#404040" face="arial, helvetica, sans-serif">Clear?</font></div></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><font color="#073763" face="arial, helvetica, sans-serif">John Horton<br>President and CEO, LegitScript</font><div><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" width="96" height="36"><br><div><p style="margin:0.0px 0.0px 0.0px 0.0px;font:12.0px Helvetica"><br></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><font color="#444444">Follow</font><font color="#0b5394"> </font><font color="#000000">Legit</font><font color="#0b5394">Script</font></b>: <a href="http://www.linkedin.com/company/legitscript-com" style="color:rgb(17,85,204)" target="_blank"><font color="#cc0000">LinkedIn</font></a> | <a href="https://www.facebook.com/LegitScript" style="color:rgb(17,85,204)" target="_blank"><font color="#6aa84f">Facebook</font></a> | <a href="https://twitter.com/legitscript" style="color:rgb(17,85,204)" target="_blank"><font color="#674ea7">Twitter</font></a> | <font color="#ff9900"><u><a href="http://blog.legitscript.com/" style="color:rgb(17,85,204)" target="_blank">Blog</a></u></font> |<font color="#ff9900"> <a href="http://go.legitscript.com/Subscription-Management.html" style="color:rgb(17,85,204)" target="_blank"><font color="#ff9900">Newsletter</font></a></font><br></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font color="#ff9900"><br></font></p><p style="text-align:left;margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><font color="#ff9900"><img src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" width="46" height="96"><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" width="47" height="96"><br></font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Feb 16, 2018 at 1:17 PM, Ayden Férdeline <span dir="ltr"><<a href="mailto:icann@ferdeline.com" target="_blank">icann@ferdeline.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Hi Paul,<br></div><div><br></div><div>As best I am aware, the GDPR refers to "data subjects" and "natural persons". Where does it define these persons as only being individuals who reside in the EU?<br></div><span class="im HOEnZb"><div><br></div><div>Ayden <br></div><div class="m_5879426675819092470protonmail_signature_block"><div class="m_5879426675819092470protonmail_signature_block-proton m_5879426675819092470protonmail_signature_block-empty"><br></div></div><div><br></div><div>-------- Original Message --------<br></div></span><div class="HOEnZb"><div class="h5"><div> On 16 February 2018 10:10 PM, Paul Keating <<a href="mailto:paul@law.es" target="_blank">paul@law.es</a>> wrote:<br></div><div> <br></div><blockquote class="m_5879426675819092470protonmail_quote" type="cite"><div>Yes BUT it applies ONLY to the collection and processing of the PDI of individuals residing in the EU.<br></div><div><br></div><div id="m_5879426675819092470AppleMailSignature">Sent from my iPad<br></div><div><div><br></div><div>On 16 Feb 2018, at 21:51, Michele Neylon - Blacknight <<a href="mailto:michele@blacknight.com" target="_blank">michele@blacknight.com</a>> wrote:<br></div></div><blockquote type="cite"><div><div class="m_5879426675819092470WordSection1"><p class="MsoNormal"><span lang="EN-GB">John</span><br></p><p class="MsoNormal"><span lang="EN-GB"> </span><br></p><p class="MsoNormal"><span lang="EN-GB">Article 3, as referenced by Tapani, makes it very clear to me:</span><br></p><p class="MsoNormal"><span lang="EN-GB">“</span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470font" style="font-family:-webkit-standard,serif">1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor
in the Union, regardless of whether the processing takes place in the Union or not</span></span><span lang="EN-GB">”</span><br></p><p class="MsoNormal"><span lang="EN-GB"> </span><br></p><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Regards</span></span><br></p><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"> </span></span><br></p><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Michele</span></span><br></p><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"> </span></span><br></p><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">--</span></span><br></p><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Mr Michele Neylon</span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Blacknight Solutions</span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Hosting, Colocation & Domains</span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"><a href="https://www.blacknight.com" target="_blank">https://www.blacknight.com</a></span></span><br></p><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"><a href="https://blacknight.blog" target="_blank">https://blacknight.blog</a> /</span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"><a href="http://ceo.hosting/" target="_blank">http://ceo.hosting/</a></span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Intl. <a href="tel:+353%2059%20918%203072" value="+353599183072" target="_blank">+353 (0) 59 9183072</a></span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Direct Dial: <a href="tel:+353%2059%20918%203090" value="+353599183090" target="_blank">+353 (0)59 9183090</a></span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">------------------------------<wbr>-</span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty</span></span><br></p></div><div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Road,Graiguecullen,Carlow,</span></span><span class="m_5879426675819092470highlight" style="background-color:white"><span class="m_5879426675819092470colour" style="color:rgb(25,25,25)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span></span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">R93 X265</span></span><br></p></div></div><p class="MsoNormal"><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">,Ireland Company No.: 370845</span></span><span lang="EN-GB"></span><br></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">From: </span></span></b><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">John Horton <<a href="mailto:john.horton@legitscript.com" target="_blank">john.horton@legitscript.com</a>><br> <b>Date: </b>Friday 16 February 2018 at 20:02<br> <b>To: </b>Michele Neylon <<a href="mailto:michele@blacknight.com" target="_blank">michele@blacknight.com</a>><br> <b>Cc: </b>"<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>" <<a href="mailto:benny@nordreg.se" target="_blank">benny@nordreg.se</a>>, RDS PDP WG <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>><br> <b>Subject: </b>Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP</span></span></p></div><div><p class="MsoNormal"> <br></p></div><div><div><p class="MsoNormal"><a name="m_5879426675819092470__MailOriginalBody"><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">Ha, thanks Michele, and sorry for the timing! (Hope your answer was written over a bottle of red wine, preferably an Oregon pinot.)</span></span></a><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"> </span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">Let me clarify my question, and feel free to defer the answer if next week is better. I'm asking if registrars have received specific
guidance, or can point to anything specific in the GDPR or any written document, indicating that you have to provide GDPR protections to all of your customers, even if they aren't in scope. In other words, I'm looking for a very clear statement along these
lines from a DPA:</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"> </span></span></span><br></p></div><div><blockquote style="margin-left:30.0pt;margin-right:0cm"><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">As an EU company, even if your customer is a natural person in the US, you must provide them the same rights under the GDPR that an
EU natural person would receive. Failure to do so is non-compliant with the GDPR. </span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"> </span></span></span><br></p></div></blockquote><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">Obviously, the exact wording my differ, but I'm trying to challenge your statement that "</span></span><span class="m_5879426675819092470highlight" style="background-color:white"><span class="m_5879426675819092470colour" style="color:rgb(34,34,34)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"><span class="m_5879426675819092470size" style="font-size:9.5pt">As
an Irish company all our clients have to be handled under GDPR." If that's true as a legal requirement, I think it's important for the security/compliance community to be aware of that...if it's not, perhaps that opens up some more granular approaches that
can satisfy both sides. </span></span></span></span></span><br></p></div></div><div><p class="MsoNormal"><span></span><br></p><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(7,55,99)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">John Horton<br> President and CEO, LegitScript</span></span></span></p><div><p class="MsoNormal"><span><img alt="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" id="m_5879426675819092470_x0000_i1033" style="width:1.0in;height:.375in" height="36" width="96" class="m_5879426675819092470proton-embedded"></span><br></p><div><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><b><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Follow</span></span></span><span class="m_5879426675819092470colour" style="color:rgb(11,83,148)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Legit</span></span></span><span class="m_5879426675819092470colour" style="color:rgb(11,83,148)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Script</span></span></span></b><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">: </span></span></span><a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(204,0,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">LinkedIn</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="https://www.facebook.com/LegitScript" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(106,168,79)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Facebook</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="https://twitter.com/legitscript" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(103,78,167)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Twitter</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="http://blog.legitscript.com/" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(17,85,204)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Blog</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> |<span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"> </span></span></span></span><a href="http://go.legitscript.com/Subscription-Management.html" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Newsletter</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"></span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"><img alt="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" id="m_5879426675819092470_x0000_i1032" style="width:.4791in;height:1.0in" height="96" width="46" border="0" class="m_5879426675819092470proton-embedded"><img alt="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" id="m_5879426675819092470_x0000_i1031" style="width:.4895in;height:1.0in" height="96" width="47" border="0" class="m_5879426675819092470proton-embedded"></span></span></span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"></span></span></span><br></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><p class="MsoNormal"><span> </span><br></p><div><p class="MsoNormal"><span>On Fri, Feb 16, 2018 at 11:53 AM, Michele Neylon - Blacknight <</span><a href="mailto:michele@blacknight.com" target="_blank"><span>michele@blacknight.com</span></a><span>>
wrote:</span><br></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm"><div><div><p class="MsoNormal"><span><span lang="EN-GB">John</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Of course you would wait until a Friday evening to ask me this ..</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Anyway ..</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">As a company in the EU we have to do everything through the lens of GDPR.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"><br>That does not mean that a company will get the same treatment as a private individual.</span></span></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">What it does mean is that we (and other EU based registrars and registries) have to consider whether or not there
is personal information in the currently public whois information. I’m not 100% sure yet what the best way of dealing with that is. <br> While we can ask new clients things during signup, it’s going to be significantly harder to get a response from the existing ones.</span></span></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Regards</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Michele</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">--</span></span></span><br></p><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Mr Michele Neylon</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Blacknight Solutions</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Hosting, Colocation & Domains</span></span></span><br></p></div><div><p class="MsoNormal"><span></span><a href="https://www.blacknight.com" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">https://www.blacknight.com</span></span></a><span></span><br></p><p class="MsoNormal"><span></span><a href="https://blacknight.blog" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">https://blacknight.blog</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"> /</span></span></span><br></p></div><div><p class="MsoNormal"><span></span><a href="http://ceo.hosting/" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">http://ceo.hosting/</span></span></a><span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Intl. </span></span></span><a href="tel:+353%2059%20918%203072" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">+353 (0) 59 9183072</span></span></a><span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Direct Dial: </span></span></span><a href="tel:+353%2059%20918%203090" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">+353 (0)59 9183090</span></span></a><span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">------------------------------<wbr>-</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Road,Graiguecullen,Carlow,</span></span><span class="m_5879426675819092470highlight" style="background-color:white"><span class="m_5879426675819092470colour" style="color:rgb(25,25,25)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span></span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">R93 X265</span></span></span><br></p></div></div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">,Ireland Company No.: 370845</span></span></span><br></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><span><b><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">From: </span></span></b><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">John Horton <</span></span></span><a href="mailto:john.horton@legitscript.com" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">john.horton@legitscript.com</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Date: </b>Friday 16 February 2018 at 19:28<br> <b>To: </b>Michele Neylon <</span></span></span><a href="mailto:michele@blacknight.com" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">michele@blacknight.com</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Cc: </b>"</span></span></span><a href="mailto:benny@nordreg.se" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">benny@nordreg.se</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">"
<</span></span></span><a href="mailto:benny@nordreg.se" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">benny@nordreg.se</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">>,
RDS PDP WG <</span></span></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">gnso-rds-pdp-wg@icann.org</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Subject: </b>Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP</span></span></span></p></div><div><p class="MsoNormal"><span> </span><br></p></div><div><div><p class="MsoNormal"><span><a name="m_5879426675819092470_m_-6544666227877383717__MailOriginalBody"><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">Michele,</span></span></a></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"> </span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">Let me dig in a bit on one question there -- actually curious about this.
You indicated "</span></span><span class="m_5879426675819092470highlight" style="background-color:white"><span class="m_5879426675819092470colour" style="color:rgb(34,34,34)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"><span class="m_5879426675819092470size" style="font-size:9.5pt">As an Irish company all our clients have to be handled under GDPR." So, for example, let's
say that I transferred my company's domain name (obviously, we're a legal person, and we're domiciled in the US and registered here) to Blacknight. I think you'd agree we're not the intended beneficiary of the GDPR. My specific question for you is: Is there
written guidance somewhere indicating that you do, in fact, have to provide me GDPR protections? That your policies have to apply to me? If there's some language out there specifically indicating that, it would be helpful to see that. I didn't see that in
the Hamilton memo (perhaps I'm missing it) nor in the text of the GDPR (but again, perhaps I'm missing it). Let me know if my question doesn't make sense. </span></span></span></span></span><br></p></div></div><div><p class="MsoNormal"><span></span><br></p><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(7,55,99)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">John Horton<br> President and CEO, LegitScript</span></span></span></p><div><p class="MsoNormal"><span><img alt="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" id="m_5879426675819092470_x0000_i1030" style="width:1.0in;height:.375in" height="36" width="96" border="0" class="m_5879426675819092470proton-embedded"></span><br></p><div><div><div><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><b><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Follow</span></span></span><span class="m_5879426675819092470colour" style="color:rgb(11,83,148)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Legit</span></span></span><span class="m_5879426675819092470colour" style="color:rgb(11,83,148)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Script</span></span></span></b><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">: </span></span></span><a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(204,0,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">LinkedIn</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="https://www.facebook.com/LegitScript" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(106,168,79)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Facebook</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="https://twitter.com/legitscript" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(103,78,167)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Twitter</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="http://blog.legitscript.com/" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(17,85,204)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Blog</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> |<span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"> </span></span></span></span><a href="http://go.legitscript.com/Subscription-Management.html" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Newsletter</span></span></span></span></a><span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"><img alt="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" id="m_5879426675819092470_x0000_i1029" style="width:.4791in;height:1.0in" height="96" width="46" border="0" class="m_5879426675819092470proton-embedded"><img alt="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" id="m_5879426675819092470_x0000_i1028" style="width:.4895in;height:1.0in" height="96" width="47" border="0" class="m_5879426675819092470proton-embedded"></span></span></span></span><br></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div><div><p class="MsoNormal"><span> </span><br></p><div><p class="MsoNormal"><span>On Fri, Feb 16, 2018 at 11:15 AM, Michele Neylon - Blacknight <</span><a href="mailto:michele@blacknight.com" target="_blank"><span>michele@blacknight.com</span></a><span>>
wrote:</span><br></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt"><div><div><p class="MsoNormal"><span><span lang="EN-GB">John</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">There are two distinct discussions here which seem to be getting mixed together.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">During the proxy / privacy discussion some people wanted there to be a distinction between who could avail of proxy
/ privacy services. Some wanted a prohibition on letting “commercial” have the ability to use proxy / privacy.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">The discussions here and elsewhere around collection and publication of data in light of GDPR are very different.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Nobody is disputing that there is a distinction between private individuals and corporations when it comes to GDPR.
However there are risks associated with the processing of personal information, which may be tied into corporate information. And the “commercial” vs “non-commercial” distinction won’t work.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Where there is a clear difference is between treatment of registrants based on geography.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">As an Irish company all our clients have to be handled under GDPR. The same would be true of any other provider based
in the EU.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">I cannot speak to nor will I get involved in debates around what various non-EU based operators may currently be
doing or plan to do in the future – there are enough of them on this list who can do so more ably than I and without my help.</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Regards</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB">Michele</span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><p class="MsoNormal"><span><span lang="EN-GB"> </span></span><br></p><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">--</span></span></span><br></p><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Mr Michele Neylon</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Blacknight Solutions</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Hosting, Colocation & Domains</span></span></span><br></p></div><div><p class="MsoNormal"><span></span><a href="https://www.blacknight.com" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">https://www.blacknight.com</span></span></a><span></span><br></p><p class="MsoNormal"><span></span><a href="https://blacknight.blog" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">https://blacknight.blog</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt"> /</span></span></span><br></p></div><div><p class="MsoNormal"><span></span><a href="http://ceo.hosting/" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">http://ceo.hosting/</span></span></a><span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Intl. </span></span></span><a href="tel:+353%2059%20918%203072" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">+353 (0) 59 9183072</span></span></a><span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Direct Dial: </span></span></span><a href="tel:+353%2059%20918%203090" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:10.5pt">+353 (0)59 9183090</span></span></a><span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">------------------------------<wbr>-</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">Road,Graiguecullen,Carlow,</span></span><span class="m_5879426675819092470highlight" style="background-color:white"><span class="m_5879426675819092470colour" style="color:rgb(25,25,25)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span></span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">R93 X265</span></span></span><br></p></div></div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:10.5pt">,Ireland Company No.: 370845</span></span></span><br></p><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><span><b><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">From: </span></span></b><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">gnso-rds-pdp-wg <</span></span></span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">gnso-rds-pdp-wg-bounces@<wbr>icann.org</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">>
on behalf of John Horton via gnso-rds-pdp-wg <</span></span></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">gnso-rds-pdp-wg@icann.org</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Reply-To: </b>John Horton <</span></span></span><a href="mailto:john.horton@legitscript.com" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">john.horton@legitscript.com</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Date: </b>Friday 16 February 2018 at 18:54<br> <b>To: </b>"</span></span></span><a href="mailto:benny@nordreg.se" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">benny@nordreg.se</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">"
<</span></span></span><a href="mailto:benny@nordreg.se" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">benny@nordreg.se</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Cc: </b>RDS PDP WG <</span></span></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span><span class="m_5879426675819092470size" style="font-size:12pt">gnso-rds-pdp-wg@icann.org</span></span></a><span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470size" style="font-size:12pt">><br> <b>Subject: </b>Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP</span></span></span></p></div><div><p class="MsoNormal"><span> </span><br></p></div><div><div><p class="MsoNormal"><span><a name="m_5879426675819092470_m_-6544666227877383717_m_-15097423538320"><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">I think quite a bit in
this WG and certainly in the prior privacy/proxy PDP, and absolutely what we're seeing with GoDaddy. To make sure I'm being clear about what I mean, GoDaddy isn't only redacting Whois information (via Port 43) where it's an EU natural citizen or natural resident.
The information is being redacted for....everyone. All registrants. There's simply no justification for that. </span></span></a></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"> </span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">I predict you'd see (I'm not speaking for anyone here, just me) a real willingness
on the security and compliance community's part to compromise and support a system where, IF a registrant is an EU natural person (yes, I know we need to define it accurately -- citizen, resident, we can get granular later) then...hey, let's set up a system
in involving redaction of some fields, access to those fields in legitimate cases, etc. I want to support registrars' compliance with the GDPR. But we're seeing the registrar community say: We want to apply this globally. To all domain name registrations.
Doesn't matter if the registrant is the intended beneficiary of the new law, or in scope, or not. We're going to just change global policy.</span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif"> </span></span></span><br></p></div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">I think that viewpoint has been pretty repeatedly represented in this working
group, but I'd love to hear from registrars that would support a more targeted solution where only the intended beneficiaries of the GDPR (that is, in-scope registrants) are covered under the policy. </span></span></span><br></p></div></div><div><p class="MsoNormal"><span></span><br></p><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><p class="MsoNormal"><span><span class="m_5879426675819092470colour" style="color:rgb(7,55,99)"><span class="m_5879426675819092470font" style="font-family:Arial,sans-serif">John Horton<br> President and CEO, LegitScript</span></span></span></p><div><p class="MsoNormal"><span><img alt="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" id="m_5879426675819092470_x0000_i1027" style="width:1.0in;height:.375in" height="36" width="96" border="0" class="m_5879426675819092470proton-embedded"></span><br></p><div><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><b><span class="m_5879426675819092470colour" style="color:rgb(68,68,68)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Follow</span></span></span><span class="m_5879426675819092470colour" style="color:rgb(11,83,148)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><span class="m_5879426675819092470colour" style="color:black"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Legit</span></span></span><span class="m_5879426675819092470colour" style="color:rgb(11,83,148)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Script</span></span></span></b><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">: </span></span></span><a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(204,0,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">LinkedIn</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="https://www.facebook.com/LegitScript" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(106,168,79)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Facebook</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="https://twitter.com/legitscript" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(103,78,167)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Twitter</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">
| </span></span></span><a href="http://blog.legitscript.com/" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(17,85,204)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Blog</span></span></span></span></a><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> |<span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"> </span></span></span></span><a href="http://go.legitscript.com/Subscription-Management.html" target="_blank"><span><span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt">Newsletter</span></span></span></span></a><span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"> </span></span></span><br></p><p style="margin:0cm;margin-bottom:.0001pt"><span><span class="m_5879426675819092470colour" style="color:rgb(255,153,0)"><span class="m_5879426675819092470font" style="font-family:Helvetica"><span class="m_5879426675819092470size" style="font-size:9pt"><img alt="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" id="m_5879426675819092470_x0000_i1026" style="width:.4791in;height:1.0in" height="96" width="46" border="0" class="m_5879426675819092470proton-embedded"><img alt="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" id="m_5879426675819092470_x0000_i1025" style="width:.4895in;height:1.0in" height="96" width="47" border="0" class="m_5879426675819092470proton-embedded"></span></span></span></span><br></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><div><div><p class="MsoNormal"><span> </span><br></p><div><p class="MsoNormal"><span>On Fri, Feb 16, 2018 at 10:44 AM, </span><a href="mailto:benny@nordreg.se" target="_blank"><span>benny@nordreg.se</span></a><span> <</span><a href="mailto:benny@nordreg.se" target="_blank"><span>benny@nordreg.se</span></a><span>>
wrote:</span><br></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt"><p class="MsoNormal"><span>Please refer to where registrars have been unwilling to explore this option?<br> <br> <br> <br> --<br> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br> <br> Benny Samuelsen<br> Registry Manager - Domainexpert<br> <br> Nordreg AB - ICANN accredited registrar<br> IANA-ID: 638<br> Phone: </span><a href="tel:%2B46.42197000" target="_blank"><span>+46.42197000</span></a><span><br> Direct: </span><a href="tel:%2B47.32260201" target="_blank"><span>+47.32260201</span></a><span><br> Mobile: </span><a href="tel:%2B47.40410200" target="_blank"><span>+47.40410200</span></a><span><br> <br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">> On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <</span></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span>gnso-rds-pdp-wg@icann.org</span></a><span><span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">>
wrote:</span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">> Just imagine how much of all of this could be avoided if registrars were willing to agree to a commercial/individual distinction.</span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">> John Horton</span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">> President and CEO, LegitScript</span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">> Follow LegitScript: LinkedIn | Facebook | Twitter | Blog | Newsletter</span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span><br> <span class="m_5879426675819092470m-6544666227877383717m-150974235383208381im">></span></span></p><div><div><p style="margin-bottom:12.0pt" class="MsoNormal"><span>> On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span>gnso-rds-pdp-wg@icann.org</span></a><span>>
wrote:<br> > GDPR taken to its logical extreme very well could require us to abandon IP reputation and to emptying our firewalls. I mean, no consumer authorized me to process their IP just by attacking me, right?<br> ><br> > Privacy absolutism is not the answer unless you basically want to mandate the internet backbone be converted to tor.<br> ><br> > --<br> > John Bambenek<br> ><br> > On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <</span><a href="mailto:michele@blacknight.com" target="_blank"><span>michele@blacknight.com</span></a><span>>
wrote:<br> ><br> >> It’s an interesting read, but it has several flaws.<br> >><br> >> It refers to registrars solely and ignores registries.<br> >><br> >> It also makes it sound like issues around whois are “new”, which we all know isn’t true.<br> >><br> >> The comments about IP addresses make it sound like it’s a theoretical concern, yet there is case law eg:<br> >><br> >> </span><a href="https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704" target="_blank"><span>https://www.irishtimes.com/<wbr>business/technology/european-<wbr>court-of-justice-rules-ip-<wbr>addresses-are-personal-data-1.<wbr>2835704</span></a><span><br> >><br> >><br> >><br> >><br> >><br> >><br> >><br> >> --<br> >><br> >> Mr Michele Neylon<br> >><br> >> Blacknight Solutions<br> >><br> >> Hosting, Colocation & Domains<br> >><br> >> </span><a href="https://www.blacknight.com/" target="_blank"><span>https://www.blacknight.com/</span></a><span><br> >><br> >> </span><a href="http://blacknight.blog/" target="_blank"><span>http://blacknight.blog/</span></a><span><br> >><br> >> Intl. </span><a href="tel:%2B353%20%280%29%2059%20%209183072" target="_blank"><span>+353 (0) 59 9183072</span></a><span><br> >><br> >> Direct Dial: </span><a href="tel:%2B353%20%280%2959%209183090" target="_blank"><span>+353 (0)59 9183090</span></a><span><br> >><br> >> Personal blog: </span><a href="https://michele.blog/" target="_blank"><span>https://michele.blog/</span></a><span><br> >><br> >> Some thoughts: </span><a href="https://ceo.hosting/" target="_blank"><span>https://ceo.hosting/</span></a><span><br> >><br> >> ------------------------------<wbr>-<br> >><br> >> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty<br> >><br> >> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845<br> >><br> >> From: gnso-rds-pdp-wg <</span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span>gnso-rds-pdp-wg-bounces@<wbr>icann.org</span></a><span>>
on behalf of Dotzero <</span><a href="mailto:dotzero@gmail.com" target="_blank"><span>dotzero@gmail.com</span></a><span>><br> >> Date: Friday 16 February 2018 at 00:07<br> >> To: RDS PDP WG <</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span>gnso-rds-pdp-wg@icann.org</span></a><span>><br> >> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP<br> >><br> >><br> >><br> >><br> >> </span><a href="https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/" target="_blank"><span>https://krebsonsecurity.com/<wbr>2018/02/new-eu-privacy-law-<wbr>may-weaken-security/</span></a><span><br> >><br> >> Michael Hammer<br> >><br> >> ______________________________<wbr>_________________<br> >> gnso-rds-pdp-wg mailing list<br> >> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span>gnso-rds-pdp-wg@icann.org</span></a><span><br> >> </span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span>https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</span></a><span><br> ><br> > ______________________________<wbr>_________________<br> > gnso-rds-pdp-wg mailing list<br> > </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span>gnso-rds-pdp-wg@icann.org</span></a><span><br> > </span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span>https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</span></a><span><br> ><br> > ______________________________<wbr>_________________<br> > gnso-rds-pdp-wg mailing list<br> > </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span>gnso-rds-pdp-wg@icann.org</span></a><span><br> > </span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span>https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</span></a><span></span></p></div></div></blockquote></div><p class="MsoNormal"><span> </span><br></p></div></div></div></div></div></blockquote></div><p class="MsoNormal"><span> </span><br></p></div></div></div></div></div></blockquote></div><div><span></span><br></div><p class="MsoNormal"> <br></p></div></div></div></blockquote><blockquote type="cite"><div><div><span>______________________________<wbr>_________________</span><br></div><div><span>gnso-rds-pdp-wg mailing list</span><br></div><div><span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a></span><br></div><div><span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></span><br></div></div></blockquote></blockquote><div><br></div></div></div><br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>