<html>
<body>
GoDaddy has made it very clear that their action is unrelated to GDPR,
most recently in a message to this list from Sara Bockey
(<a href="http://mm.icann.org/pipermail/gnso-rds-pdp-wg/2018-February/005543.html" eudora="autourl">
http://mm.icann.org/pipermail/gnso-rds-pdp-wg/2018-February/005543.html</a>
). <br><br>
You can choose to believe them or not. Since their action has only
affected their bulk access path and not the web interface, it would offer
ZERO protection with regard to GDPR, so I am inclined to accept their
explanation.<br><br>
A non-EU registrar may choose to protect all customers in addition to
EU-based ones, or may choose to follow the complex path (that is sarcasm)
of looking at the country the customer supplies, or the country from
which the credit card originated. It is purely up to them unless/until
ICANN indicates otherwise.<br><br>
We have a difficult enough job dealing with the facts and the very
significant uncertainties. Let's not invest alternative facts to confuse
us even more.<br><br>
Alan<br><br>
At 17/02/2018 02:12 PM, Raoul Plommer wrote:<br><br>
<blockquote type=cite class=cite cite="">Let me rephrase that: a
non-European company complies with GDPR because of its European data
subjects (could be fined otherwise). Their non-European clients are thus
very possbily, indirectly protected because of the GDPR, if the company
makes changes to all of its processing of data. I think GoDaddy is
already an example of that.<br><br>
-Raoul<br><br>
On 17 February 2018 at 21:03,
<<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>>
wrote:<br>
<dl><br>
<dd>Thanks Raoul. So you think that a non-European registrar or
registry could be fined if it violated the GDPR for a non-European
natural person?<br><br>
<dd> <br><br>
<dd>Chuck<br><br>
<dd> <br><br>
<dd>From:</b> Raoul Plommer
[<a href="mailto:plommer@gmail.com" eudora="autourl">
mailto:plommer@gmail.com</a>] <br>
<dd>Sent:</b> Saturday, February 17, 2018 10:57 AM<br>
<dd>To:</b>
<a href="mailto:consult@cgomes.com">consult@cgomes.com</a><br>
<dd>Cc:</b> Ayden Férdeline
<<a href="mailto:icann@ferdeline.com">icann@ferdeline.com</a>>;
Paul Keating <<a href="mailto:paul@law.es">paul@law.es</a>>; RDS
PDP WG
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>><br><br>
<dd>Subject:</b> Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois
and GDRP<br><br>
<dd> <br>
<dl><br>
<dd>I don't understand how the GDPR could<br>
<dd>protect non-European natural persons dealing with non-European
companies.<br><br>
</dl>
<dd> <br><br>
<dd>Unfortunately, not all laws can be that well enforced, but they are
nevertheless in place. In this particular example, I think there's the
massive threat of getting fined, that will give the companies the right
incentive to comply. Banks and financial services in tax-havens didn't
expect to get caught either.<br><br>
<dd> <br><br>
<dd>If a non-European company complies with the GDPR because of its
European customers, then its non-European are extended the same
protections through interfaces and access.<br><br>
<dd> <br><br>
<dd>-Raoul<br><br>
<dd> <br><br>
<dd>On 17 February 2018 at 20:20,
<<a href="mailto:consult@cgomes.com">consult@cgomes.com</a>>
wrote:<br>
<dl><br>
<dd>As one who is trying to understand the GDPR, the key condition for
these recitals is ‘processed within the legal boundaries of the
European Union’.<br><br>
<dd> <br><br>
<dd>Chuck<br><br>
<dd> <br><br>
<dd>From:</b> gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" eudora="autourl">
mailto:gnso-rds-pdp-wg-bounces@icann.org</a>] On Behalf Of </b>Ayden
Férdeline<br>
<dd>Sent:</b> Friday, February 16, 2018 12:27 PM<br>
<dd>To:</b> Paul Keating
<<a href="mailto:paul@law.es">paul@law.es</a>><br><br>
<br>
<dd>Cc:</b> RDS PDP WG
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>><br>
<dd>Subject:</b> Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois
and GDRP<br><br>
<dd> <br><br>
<dd>I interpret the GDPR as applying to anyone, residing anywhere,
regardless of his or her citizenship, whose data is processed within the
legal boundaries of the European Union. <br><br>
<dd> <br><br>
<dd><a href="http://www.privacy-regulation.eu/en/recital-2-GDPR.htm">
Recital 2</a> (emphasis added) states: "The principles of, and rules
on the protection of natural persons with regard to the processing of
their personal data should, whatever their nationality or
residence</u></i></b>, respect their fundamental rights and freedoms, in
particular their right to the protection of personal data."<br><br>
<dd> <br><br>
<dd><a href="http://www.privacy-regulation.eu/en/recital-4-GDPR.htm">
Recital 4</a> (emphasis added) states: "The processing of personal
data should be designed to serve mankind</u></i></b>."<br><br>
<dd> <br><br>
<dd><a href="http://www.privacy-regulation.eu/en/recital-14-GDPR.htm">
Recital 14</a> (emphasis added) states: "The protection afforded by
this Regulation should apply to natural persons, whatever their
nationality or place of residence</u></i></b>, in relation to the
processing of their personal data."<br><br>
<dd> <br><br>
<dd>Ayden <br><br>
<dd> <br><br>
<dd> <br><br>
<dd>-------- Original Message --------<br><br>
<dd>On 16 February 2018 9:07 PM, Paul Keating
<<a href="mailto:paul@law.es">paul@law.es</a>> wrote:<br><br>
<dd> <br>
<dl><br>
<dd>John,<br><br>
<dd> <br><br>
<dd>Given that the GDPR only applies to private data of private
individuals residing in the EU, i dount you will ever see such a
statement.<br><br>
<dd> <br><br>
<dd>Sent from my iPad<br><br>
<dd> <br><br>
<dd>On 16 Feb 2018, at 21:02, John Horton via gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>> wrote:<br>
<dl><br>
<dd>Ha, thanks Michele, and sorry for the timing! (Hope your answer was
written over a bottle of red wine, preferably an Oregon pinot.)<br><br>
<dd> <br><br>
<dd>Let me clarify my question, and feel free to defer the answer if next
week is better. I'm asking if registrars have received specific guidance,
or can point to anything specific in the GDPR or any written document,
indicating that you have to provide GDPR protections to all of your
customers, even if they aren't in scope. In other words, I'm looking for
a very clear statement along these lines from a DPA:<br><br>
<dd> <br>
<dl><br>
<dd>As an EU company, even if your customer is a natural person in the
US, you must provide them the same rights under the GDPR that an EU
natural person would receive. Failure to do so is non-compliant with the
GDPR. <br><br>
<dd> <br><br>
</dl>
<dd>Obviously, the exact wording my differ, but I'm trying to challenge
your statement that "As an Irish company all our clients have to be
handled under GDPR." If that's true as a legal requirement, I think
it's important for the security/compliance community to be aware of
that...if it's not, perhaps that opens up some more granular approaches
that can satisfy both sides. <br><br>
<dd> <br><br>
<dd>John Horton<br>
<dd>President and CEO, LegitScript<br><br>
<dd>
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.3" width=96 height=36 alt="Image removed by sender.">
<br><br>
<dd> <br><br>
<dd>Follow LegitScript</b>:
<a href="http://www.linkedin.com/company/legitscript-com">LinkedIn</a>
|
<a href="https://www.facebook.com/LegitScript">Facebook</a> |
<a href="https://twitter.com/legitscript">Twitter</a> |
<a href="http://blog.legitscript.com/">Blog</a></u> |
<a href="http://go.legitscript.com/Subscription-Management.html">
Newsletter</a><br><br>
<dd> <br><br>
<dd>
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.4" width=46 height=96 alt="Image removed by sender.">
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.5" width=47 height=95 alt="Image removed by sender.">
<br><br>
<dd> <br><br>
<dd>On Fri, Feb 16, 2018 at 11:53 AM, Michele Neylon - Blacknight
<<a href="mailto:michele@blacknight.com">michele@blacknight.com</a>
> wrote:<br>
<dl><br>
<dd>John<br><br>
<dd> <br><br>
<dd>Of course you would wait until a Friday evening to ask me this ..
<br><br>
<dd> <br><br>
<dd>Anyway .. <br><br>
<dd> <br><br>
<dd>As a company in the EU we have to do everything through the lens of
GDPR.<br><br>
<br>
<dd>That does not mean that a company will get the same treatment as a
private individual.<br><br>
<dd> <br><br>
<dd>What it does mean is that we (and other EU based registrars and
registries) have to consider whether or not there is personal information
in the currently public whois information. I’m not 100% sure yet what
the best way of dealing with that is. <br>
<dd>While we can ask new clients things during signup, it’s going to be
significantly harder to get a response from the existing ones.<br><br>
<dd> <br><br>
<dd>Regards<br><br>
<dd> <br><br>
<dd>Michele<br><br>
<dd> <br><br>
<dd> <br><br>
<dd>--<br><br>
<dd>Mr Michele Neylon<br><br>
<dd>Blacknight Solutions<br><br>
<dd>Hosting, Colocation & Domains<br><br>
<dd><a href="https://www.blacknight.com">https://www.blacknight.com</a>
<br><br>
<dd><a href="https://blacknight.blog/" eudora="autourl">
https://blacknight.blog</a> /<br><br>
<dd><a href="http://ceo.hosting/">http://ceo.hosting/</a><br><br>
<dd>Intl. <a href="tel:+353%2059%20918%203072">+353 (0) 59
9183072</a><br><br>
<dd>Direct Dial: <a href="tel:+353%2059%20918%203090">+353 (0)59
9183090</a><br><br>
<dd>-------------------------------<br><br>
<dd>Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
Park,Sleaty<br><br>
<dd>Road,Graiguecullen,Carlow, R93 X265<br><br>
<dd>,Ireland Company No.: 370845<br><br>
<dd>From: </b>John Horton
<<a href="mailto:john.horton@legitscript.com">
john.horton@legitscript.com</a>><br>
<dd>Date: </b>Friday 16 February 2018 at 19:28<br>
<dd>To: </b>Michele Neylon
<<a href="mailto:michele@blacknight.com">michele@blacknight.com</a>
><br>
<dd>Cc:
</b>"<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>"
<<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>>, RDS PDP
WG
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>><br>
<dd>Subject: </b>Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois
and GDRP<br><br>
<dd> <br><br>
<dd>Michele,<br><br>
<dd> <br><br>
<dd>Let me dig in a bit on one question there -- actually curious about
this. You indicated "As an Irish company all our clients have to be
handled under GDPR." So, for example, let's say that I transferred
my company's domain name (obviously, we're a legal person, and we're
domiciled in the US and registered here) to Blacknight. I think you'd
agree we're not the intended beneficiary of the GDPR. My specific
question for you is: Is there written guidance somewhere indicating that
you do, in fact, have to provide me GDPR protections? That your policies
have to apply to me? If there's some language out there specifically
indicating that, it would be helpful to see that. I didn't see that in
the Hamilton memo (perhaps I'm missing it) nor in the text of the GDPR
(but again, perhaps I'm missing it). Let me know if my question doesn't
make sense. <br><br>
<dd> <br><br>
<dd>John Horton<br>
<dd>President and CEO, LegitScript <br><br>
<dd>
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.3" width=96 height=36 alt="Image removed by sender.">
<br><br>
<dd> <br><br>
<dd>Follow LegitScript</b>:
<a href="http://www.linkedin.com/company/legitscript-com">LinkedIn</a>
|
<a href="https://www.facebook.com/LegitScript">Facebook</a> |
<a href="https://twitter.com/legitscript">Twitter</a> |
<a href="http://blog.legitscript.com/">Blog</a> |
<a href="http://go.legitscript.com/Subscription-Management.html">
Newsletter</a><br><br>
<dd> <br><br>
<dd>
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.4" width=46 height=96 alt="Image removed by sender.">
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.5" width=47 height=95 alt="Image removed by sender.">
<br><br>
<dd> <br><br>
<dd>On Fri, Feb 16, 2018 at 11:15 AM, Michele Neylon - Blacknight
<<a href="mailto:michele@blacknight.com">michele@blacknight.com</a>
> wrote:<br>
<dl><br>
<dd>John<br><br>
<dd> <br><br>
<dd>There are two distinct discussions here which seem to be getting
mixed together.<br><br>
<dd> <br><br>
<dd>During the proxy / privacy discussion some people wanted there to be
a distinction between who could avail of proxy / privacy services. Some
wanted a prohibition on letting “commercial” have the ability to use
proxy / privacy. <br><br>
<dd> <br><br>
<dd>The discussions here and elsewhere around collection and publication
of data in light of GDPR are very different. <br><br>
<dd> <br><br>
<dd>Nobody is disputing that there is a distinction between private
individuals and corporations when it comes to GDPR. However there are
risks associated with the processing of personal information, which may
be tied into corporate information. And the “commercial” vs
“non-commercial” distinction won’t work. <br><br>
<dd> <br><br>
<dd>Where there is a clear difference is between treatment of registrants
based on geography. <br><br>
<dd>As an Irish company all our clients have to be handled under GDPR.
The same would be true of any other provider based in the EU.<br><br>
<dd> <br><br>
<dd>I cannot speak to nor will I get involved in debates around what
various non-EU based operators may currently be doing or plan to do in
the future there are enough oof them on this list who can do so more
ably than I and without my help.<br><br>
<dd> <br><br>
<dd>Regards<br><br>
<dd> <br><br>
<dd>Michele<br><br>
<dd> <br><br>
<dd> <br><br>
<dd>--<br><br>
<dd>Mr Michele Neylon<br><br>
<dd>Blacknight Solutions<br><br>
<dd>Hosting, Colocation & Domains<br><br>
<dd><a href="https://www.blacknight.com">https://www.blacknight.com</a>
<br><br>
<dd><a href="https://blacknight.blog/" eudora="autourl">
https://blacknight.blog</a> /<br><br>
<dd><a href="http://ceo.hosting/">http://ceo.hosting/</a><br><br>
<dd>Intl. <a href="tel:+353%2059%20918%203072">+353 (0) 59
9183072</a><br><br>
<dd>Direct Dial: <a href="tel:+353%2059%20918%203090">+353 (0)59
9183090</a><br><br>
<dd>-------------------------------<br><br>
<dd>Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
Park,Sleaty<br><br>
<dd>Road,Graiguecullen,Carlow, R93 X265<br><br>
<dd>,Ireland Company No.: 370845<br><br>
<dd>From: </b>gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">
gnso-rds-pdp-wg-bounces@icann.org</a>> on behalf of John Horton via
gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>><br>
<dd>Reply-To: </b>John Horton
<<a href="mailto:john.horton@legitscript.com">
john.horton@legitscript.com</a>><br>
<dd>Date: </b>Friday 16 February 2018 at 18:54<br>
<dd>To:
</b>"<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>"
<<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>><br>
<dd>Cc: </b>RDS PDP WG
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>><br>
<dd>Subject: </b>Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois
and GDRP<br><br>
<dd> <br><br>
<dd>
<a name="m_8500151828835619447_m_7981932615346826788_m_-654466622787738">
</a>I think quite a bit in this WG and certainly in the prior
privacy/proxy PDP, and absolutely what we're seeing with GoDaddy. To make
sure I'm being clear about what I mean, GoDaddy isn't only redacting
Whois information (via Port 43) where it's an
EU<a name="m_8500151828835619447_m_7981932615346826788_m_-654466622787738">
</a> natural citizen or natural resident. The information is being
redacted for....everyone. All registrants. There's simply no
justification for that. <br><br>
<dd> <br><br>
<dd>I predict you'd see (I'm not speaking for anyone here, just me) a
real willingness on the security and compliance community's part to
compromise and support a system where, IF a registrant is an EU natural
person (yes, I know we need to define it accurately -- citizen, resident,
we can get granular later) then...hey, let's set up a system in involving
redaction of some fields, access to those fields in legitimate cases,
etc. I want to support registrars' compliance with the GDPR. But we're
seeing the registrar community say: We want to apply this globally. To
all domain name registrations. Doesn't matter if the registrant is the
intended beneficiary of the new law, or in scope, or not. We're going to
just change global policy.<br><br>
<dd> <br><br>
<dd>I think that viewpoint has been pretty repeatedly represented in this
working group, but I'd love to hear from registrars that would support a
more targeted solution where only the intended beneficiaries of the GDPR
(that is, in-scope registrants) are covered under the policy. <br><br>
<dd> <br><br>
<dd>John Horton<br>
<dd>President and CEO, LegitScript <br><br>
<dd>
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.3" width=96 height=36 alt="Image removed by sender.">
<br><br>
<dd> <br><br>
<dd>Follow LegitScript</b>:
<a href="http://www.linkedin.com/company/legitscript-com">LinkedIn</a>
|
<a href="https://www.facebook.com/LegitScript">Facebook</a> |
<a href="https://twitter.com/legitscript">Twitter</a> |
<a href="http://blog.legitscript.com/">Blog</a> |
<a href="http://go.legitscript.com/Subscription-Management.html">
Newsletter</a><br><br>
<dd> <br><br>
<dd>
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.4" width=46 height=96 alt="Image removed by sender.">
<img src="cid:7.1.0.9.2.20180217153745.094b94c8@mcgill.ca.5" width=47 height=95 alt="Image removed by sender.">
<br><br>
<dd> <br><br>
<dd>On Fri, Feb 16, 2018 at 10:44 AM,
<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>
<<a href="mailto:benny@nordreg.se">benny@nordreg.se</a>>
wrote:<br>
<dl><br>
<dd>Please refer to where registrars have been unwilling to explore this
option?<br><br>
<br><br>
<dd>--<br>
<dd>Med vänliga hälsningar / Kind Regards / Med vennlig hilsen<br><br>
<dd>Benny Samuelsen<br>
<dd>Registry Manager - Domainexpert<br><br>
<dd>Nordreg AB - ICANN accredited registrar<br>
<dd>IANA-ID: 638<br>
<dd>Phone: <a href="tel:%2B46.42197000">+46.42197000</a><br>
<dd>Direct: <a href="tel:%2B47.32260201">+47.32260201</a><br>
<dd>Mobile: <a href="tel:%2B47.40410200">+47.40410200</a><br><br>
<dd>> On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>> wrote:<br>
<dd>><br>
<dd>> Just imagine how much of all of this could be avoided if
registrars were willing to agree to a commercial/individual
distinction.<br>
<dd>><br>
<dd>> John Horton<br>
<dd>> President and CEO, LegitScript<br>
<dd>><br>
<dd>><br>
<dd>> Follow LegitScript: LinkedIn | Facebook
| Twitter | Blog | Newsletter<br>
<dd>><br>
<dd>><br>
<dd>><br><br>
<dd>> On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via
gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>> wrote:<br>
<dd>> GDPR taken to its logical extreme very well could require us to
abandon IP reputation and to emptying our firewalls. I mean, no consumer
authorized me to process their IP just by attacking me, right?<br>
<dd>><br>
<dd>> Privacy absolutism is not the answer unless you basically want
to mandate the internet backbone be converted to tor.<br>
<dd>><br>
<dd>> --<br>
<dd>> John Bambenek<br>
<dd>><br>
<dd>> On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight
<<a href="mailto:michele@blacknight.com">michele@blacknight.com</a>
> wrote:<br>
<dd>><br>
<dd>>> It’s an interesting read, but it has several flaws.<br>
<dd>>><br>
<dd>>> It refers to registrars solely and ignores registries.<br>
<dd>>><br>
<dd>>> It also makes it sound like issues around whois are
“new”, which we all know isn’t true.<br>
<dd>>><br>
<dd>>> The comments about IP addresses make it sound like it’s a
theoretical concern, yet there is case law eg:<br>
<dd>>><br>
<dd>>>
<a href="https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704">
https://www.irishtimes.com/business/technology/european-court-of-justice-rules-ip-addresses-are-personal-data-1.2835704</a>
<br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>> --<br>
<dd>>><br>
<dd>>> Mr Michele Neylon<br>
<dd>>><br>
<dd>>> Blacknight Solutions<br>
<dd>>><br>
<dd>>> Hosting, Colocation & Domains<br>
<dd>>><br>
<dd>>>
<a href="https://www.blacknight.com/">https://www.blacknight.com/</a><br>
<dd>>><br>
<dd>>>
<a href="http://blacknight.blog/" eudora="autourl">
http://blacknight.blog/</a><br>
<dd>>><br>
<dd>>> Intl. <a href="tel:%2B353%20%280%29%2059%20%209183072">+353
(0) 59 9183072</a><br>
<dd>>><br>
<dd>>> Direct Dial: <a href="tel:%2B353%20%280%2959%209183090">+353
(0)59 9183090</a><br>
<dd>>><br>
<dd>>> Personal blog:
<a href="https://michele.blog/">https://michele.blog/</a><br>
<dd>>><br>
<dd>>> Some thoughts:
<a href="https://ceo.hosting/">https://ceo.hosting/</a><br>
<dd>>><br>
<dd>>> -------------------------------<br>
<dd>>><br>
<dd>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside
Business Park,Sleaty<br>
<dd>>><br>
<dd>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company
No.: 370845<br>
<dd>>><br>
<dd>>> From: gnso-rds-pdp-wg
<<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">
gnso-rds-pdp-wg-bounces@icann.org</a>> on behalf of Dotzero
<<a href="mailto:dotzero@gmail.com">dotzero@gmail.com</a>><br>
<dd>>> Date: Friday 16 February 2018 at 00:07<br>
<dd>>> To: RDS PDP WG
<<a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a>><br>
<dd>>> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE
whois and GDRP<br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>><br>
<dd>>>
<a href="https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/">
https://krebsonsecurity.com/2018/02/new-eu-privacy-law-may-weaken-security/</a>
<br>
<dd>>><br>
<dd>>> Michael Hammer<br>
<dd>>><br>
<dd>>> _______________________________________________<br>
<dd>>> gnso-rds-pdp-wg mailing list<br>
<dd>>>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
<dd>>>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
<dd>><br>
<dd>> _______________________________________________<br>
<dd>> gnso-rds-pdp-wg mailing list<br>
<dd>>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
<dd>>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
<dd>><br>
<dd>> _______________________________________________<br>
<dd>> gnso-rds-pdp-wg mailing list<br>
<dd>>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<br>
<dd>>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br><br>
</dl>
<dd> <br><br>
</dl>
<dd> <br><br>
<dd> <br><br>
</dl>
<dd>_______________________________________________<br><br>
<dd>gnso-rds-pdp-wg mailing list<br><br>
<dd><a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a><br><br>
<dd>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br><br>
</dl>
</dl>
<dd> <br><br>
<br>
<dd>_______________________________________________<br>
<dd>gnso-rds-pdp-wg mailing list<br>
<dd><a href="mailto:gnso-rds-pdp-wg@icann.org">
gnso-rds-pdp-wg@icann.org</a><br>
<dd>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br><br>
</dl>
<dd> <br><br>
</dl><br>
Content-Type: image/jpeg; name="image001.jpg"<br>
Content-Disposition: inline; filename="image001.jpg"<br>
Content-ID: <image001.jpg@01D3A7DE.FA2A2280><br>
X-Attachment-Id: 21998c826114fe81_0.1<br>
X-Microsoft-Exchange-Diagnostics:<br>
<x-tab> </x-tab>
1;YQXPR0101MB1589;27:k452URZEZnZiYuE8JvR+n9GdoLPH5Q+QRSCwwuNjdPdawPfavPkWBwzoZl99Xbhmn2ZEz0oS51ID8GALwVKWteCtyYUBrjxKCSirVjfSgMeX6y06FNCiYxa2+PbjNTji<br>
X-Microsoft-Antispam-Message-Info:<br>
<x-tab> </x-tab>
epqzDBBN2odyVdBhSXOTo+LRAbZjeVQ66bZvVzum+6DyRux7PtSf165DPe/hjmL4EN7/UP38nLVSxBMve2fbcI7uOYnp3EvgVNsng5yYBkVsSsXqoD+a5ghrH8uNWr+3JH/zP2CeCzg9473w90HNiKKWo9EQ2AwYz7GRa9r+qqY=<br>
<br>
Content-Type: image/jpeg; name="image002.jpg"<br>
Content-Disposition: inline; filename="image002.jpg"<br>
Content-ID: <image002.jpg@01D3A7DE.FA2A2280><br>
X-Attachment-Id: 21998c826114fe81_0.2<br>
X-Microsoft-Exchange-Diagnostics:<br>
<x-tab> </x-tab>
1;YQXPR0101MB1589;27:k452URZEZnZiYuE8JvR+n9GdoLPH5Q+QRSCwwuNjdPdawPfavPkWBwzoZl99Xbhmn2ZEz0oS51ID8GALwVKWteCtyYUBrjxKCSirVjfSgMeX6y06FNCiYxa2+PbjNTji<br>
X-Microsoft-Antispam-Message-Info:<br>
<x-tab> </x-tab>
epqzDBBN2odyVdBhSXOTo+LRAbZjeVQ66bZvVzum+6DyRux7PtSf165DPe/hjmL4EN7/UP38nLVSxBMve2fbcI7uOYnp3EvgVNsng5yYBkVsSsXqoD+a5ghrH8uNWr+3JH/zP2CeCzg9473w90HNiKKWo9EQ2AwYz7GRa9r+qqY=<br>
<br>
Content-Type: image/jpeg; name="image003.jpg"<br>
Content-Disposition: inline; filename="image003.jpg"<br>
Content-ID: <image003.jpg@01D3A7DE.FA2A2280><br>
X-Attachment-Id: 21998c826114fe81_0.3<br>
X-Microsoft-Exchange-Diagnostics:<br>
<x-tab> </x-tab>
1;YQXPR0101MB1589;27:k452URZEZnZiYuE8JvR+n9GdoLPH5Q+QRSCwwuNjdPdawPfavPkWBwzoZl99Xbhmn2ZEz0oS51ID8GALwVKWteCtyYUBrjxKCSirVjfSgMeX6y06FNCiYxa2+PbjNTji<br>
X-Microsoft-Antispam-Message-Info:<br>
<x-tab> </x-tab>
epqzDBBN2odyVdBhSXOTo+LRAbZjeVQ66bZvVzum+6DyRux7PtSf165DPe/hjmL4EN7/UP38nLVSxBMve2fbcI7uOYnp3EvgVNsng5yYBkVsSsXqoD+a5ghrH8uNWr+3JH/zP2CeCzg9473w90HNiKKWo9EQ2AwYz7GRa9r+qqY=<br>
<br>
<br>
Content-Type: text/plain; charset="us-ascii"<br>
Content-Transfer-Encoding: 7bit<br>
Content-Disposition: inline<br>
X-Microsoft-Exchange-Diagnostics:<br>
<x-tab> </x-tab>
1;YQXPR0101MB1589;27:k452URZEZnZiYuE8JvR+n9GdoLPH5Q+QRSCwwuNjdPdawPfavPkWBwzoZl99Xbhmn2ZEz0oS51ID8GALwVKWteCtyYUBrjxKCSirVjfSgMeX6y06FNCiYxa2+PbjNTji<br>
X-Microsoft-Antispam-Message-Info:<br>
<x-tab> </x-tab>
epqzDBBN2odyVdBhSXOTo+LRAbZjeVQ66bZvVzum+6DyRux7PtSf165DPe/hjmL4EN7/UP38nLVSxBMve2fbcI7uOYnp3EvgVNsng5yYBkVsSsXqoD+a5ghrH8uNWr+3JH/zP2CeCzg9473w90HNiKKWo9EQ2AwYz7GRa9r+qqY=<br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
gnso-rds-pdp-wg@icann.org<br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote>
</body>
</html>