[registration-issues-wg] [CPWG] [GTLD-WG] EPDP: Geographic distinction

Sebastien Bachollet sebicann at bachollet.fr
Wed Oct 31 10:28:03 UTC 2018



> Le 30 oct. 2018 à 14:49, Alan Greenberg <alan.greenberg at mcgill.ca> a écrit :
> 
> GDPR, in the context of WHOIS/RDS and ICANN applies only to gTLD Registrants' personal data and not all users.
Yes sure. But if a good practice for once is coming from the g world I am sure that some of the cc can do the same.
> 
> The wider we allow redaction, the less access there is for cybersecurity and consumer protection/fraud issues.
I guess here we have a question between collecting the data (and the need for law enforcement and consumer protection must be take into account) and displaying the data publicly with WHOIS/RDS.
Allowing collection is different from public availability.
SeB
> 
> Alan
> 
> At 30/10/2018 08:07 AM, Sebastien Bachollet wrote:
>> Hello,
>> I have questions:
>> If and when other GDPR like policies are developed in other part of the World do ICANN will need to enforce a policy for each « regime »?
>> Or as At-Large can’t we ask for a protection for all the (individual) (end) users?
>> And if we consider GDPR as a good step to protect (individual) (end) users privacy in Europe, why not for the others?
>> 
>> If we have to support distinction, it must be on the basis of the residence (the address in the Whois) and not the citizenship.
>> 
>> It must be also allow and possible if one want to publish their personal data to do so.
>> 
>> One world, one Internet, one privacy protection for all Internet individual end users ;)
>> 
>> All the best
>> SeB
>> 
>>> Le 30 oct. 2018 à 07:43, Bastiaan Goslings < bastiaan.goslings at ams-ix.net <mailto:bastiaan.goslings at ams-ix.net>> a écrit :
>>> 
>>> Just a quick comment, also related to a comment Maureen made earlier ('with EU citizens working and living all over the world for various reasons and varying lengths of time, what is the actual definition for "resident of the EU”):
>>> 
>>> I’m not aware of the GDPR referring to either EU ‘citizens’ or ‘residents’. 
>>> 
>>> See art 3 of the GDPR https://gdpr-info.eu/art-3-gdpr/ <https://gdpr-info.eu/art-3-gdpr/> which sets the territorial scope.
>>> 
>>> So the GDPR is applicable to controllers and processors in the Union, regardless of whether the processing takes place in the Union (and regardless of whether the data subjects affected are in the Union), and to the processing of personal data of data subjects who are in the Union by controllers and processors not established in the Union.
>>> 
>>> (see also recitals 2 and 14 https://gdpr-info.eu/recitals/ <https://gdpr-info.eu/recitals/> )
>>> 
>>> Anyway, looking at the example mentioned below, any citizen living in the US, not just those from the EU, 'would get the benefit of GDPR when the Controller or Processor with their data is “established” in the EU'.
>>> 
>>> -Bastiaan
>>> 
>>> 
>>> 
>>> 
>>>> On 30 Oct 2018, at 05:52, Greg Shatan <greg at isoc-ny.org <mailto:greg at isoc-ny.org>> wrote:
>>>> 
>>>> Alan,
>>>> 
>>>> One slight caveat: an EU Citizen living in the US would still get the benefit of GDPR when the Controller or Processor with their data is “established” in the EU. But they get that benefit only because the Controller or Processor’s covered by GDPR.
>>>> 
>>>> Greg
>>>> On Tue, Oct 30, 2018 at 12:40 AM Greg Shatan <greg at isoc-ny.org <mailto:greg at isoc-ny.org>> wrote:
>>>> I also think it should be restricted to what GDPR requires. Anything beyond that essentially puts ICANN into the business of making privacy policy without a basis in law, which is beyond the remit of the EPDP. 
>>>> 
>>>> There may be an interesting discussion to be had about whether ICANN should change WHOIS for policy reasons, but the EPDP is not the place for that conversation. 
>>>> 
>>>> Greg 
>>>> On Mon, Oct 29, 2018 at 11:12 PM Jonathan Zuck < JZuck at innovatorsnetwork.org <mailto:JZuck at innovatorsnetwork.org>> wrote:
>>>> I'm inclined to say restricted if for no other reason than we'll eventually have a bunch of GDPRs that are slightly different.
>>>> 
>>>> On 10/29/18, 9:36 PM, "GTLD-WG on behalf of Alan Greenberg" < gtld-wg-bounces at atlarge-lists.icann.org <mailto:gtld-wg-bounces at atlarge-lists.icann.org> on behalf of alan.greenberg at mcgill.ca <mailto:alan.greenberg at mcgill.ca> > wrote:
>>>> 
>>>>    GDPR is applicable to residents of the EU by companies resident there 
>>>>    and worldwide.
>>>> 
>>>>    One of the issues is whether contracted parties should be allowed or 
>>>>    required to distinguish between those who are resident there and elsewhere.
>>>> 
>>>>    There is agreement that such distinction should be allowed, but EPDP 
>>>>    is divided on whether it should be required. The GAC/BC/IPC want to 
>>>>    see the distinction made, and at least one very large contracted 
>>>>    party does already make the distinction. Other contracted parties are 
>>>>    pushing back VERY strongly saying that there is virtually no way that 
>>>>    the can or are willing to make the distinction.
>>>> 
>>>>    The current (confusing) state of the working document is attached.
>>>> 
>>>>    Which side should ALAC come down on?
>>>> 
>>>>    - Restrict application to those to whom GDPR applies?
>>>>    - Apply universally ignoring residence?
>>>> 
>>>>    As usual, quick replies requested.
>>>> 
>>>>    Alan
>>>> 
>>>> _______________________________________________
>>>> CPWG mailing list
>>>> CPWG at icann.org <mailto:CPWG at icann.org>
>>>> https://mm.icann.org/mailman/listinfo/cpwg <https://mm.icann.org/mailman/listinfo/cpwg>
>>>> _______________________________________________
>>>> GTLD-WG mailing list
>>>> GTLD-WG at atlarge-lists.icann.org
>>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg <https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg>
>>>> 
>>>> Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs <https://community.icann.org/display/atlarge/New+GTLDs>
>>>> _______________________________________________
>>>> CPWG mailing list
>>>> CPWG at icann.org
>>>> https://mm.icann.org/mailman/listinfo/cpwg <https://mm.icann.org/mailman/listinfo/cpwg>
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org <mailto:CPWG at icann.org>
>>> https://mm.icann.org/mailman/listinfo/cpwg <https://mm.icann.org/mailman/listinfo/cpwg>
>>> _______________________________________________
>>> GTLD-WG mailing list
>>> GTLD-WG at atlarge-lists.icann.org <mailto:GTLD-WG at atlarge-lists.icann.org>
>>> https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg <https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg>
>>> 
>>> Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs <https://community.icann.org/display/atlarge/New+GTLDs>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20181031/e1f8c7a5/attachment-0001.html>
-------------- next part --------------
_______________________________________________
CPWG mailing list
CPWG at icann.org
https://mm.icann.org/mailman/listinfo/cpwg


More information about the registration-issues-wg mailing list