[registration-issues-wg] [CPWG] [GTLD-WG] Next possible move related to GDPR

Bastiaan Goslings bastiaan.goslings at ams-ix.net
Tue Sep 4 08:54:06 UTC 2018

Unless I am mistaken I do not think we have to make a ‘decision that will favour either the protection of registrants OR the protection of end users’.

Following this thread I am probably somewhat in the middle here: I definitely agree with the call for ‘balance’ but also think we have to be pragmatic and therefor need to establish what this required ’balance’ means in practical terms in order to help our EPDP members and alternates form a position.

(Fyi I am somewhat allergic to statements like ‘we as end users advocates are morally bound to prioritize the interests of the majority’. Personally I automatically tend to go for the underdog position, I am not going to elaborate on how minority groups everywhere suffer from apparent political, religious and/or commercial majority viewpoints. No need to respond to that, it just a personal thing)

In this case I don’t think are fundamentally disagreeing though, I think it is more a matter of tone. It does seem as if we are continuously emphasising that certain third parties should have access to non-public WHOIS data in the public interest, as if that is the only concern and it is bad enough that GDPR and the like make gated access even a requirement in the first place. Like, who cares about privacy, that is just a ‘minority’ interest. The false security versus privacy paradigma I referred to before, combined with a ‘there are many more users than registrants’ rationale. And I know we hat is not what we think and/or are saying, but in terms of tone that is what sticks, at least with me.

I am of the opinion that a more balanced approach is indeed necessary. In practical terms I think we can do so by on the one hand seeing to it that ICANN becomes compliant with applicable data protection legislation like the GDPR, which in my opinion is not ‘a given’ looking at the current Temp Spec, advise from the EDPB, and what certain stakeholders within the EPDP are striving for. Of course I also am convinced that third party access based on legitimate interests are a no brainer. But even if that is the case, we need to see to it that WHOIS data are ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’ as art 5.1 (b) of the GDPR says. If that is not taken care of properly then we might be looking at a future scenario where e.g. LEAs with certified access to non-public WHOIS data will not be able to get all the data required as they’ll no longer be collected…


> On 4 Sep 2018, at 10:02, Evan Leibovitch <evanleibovitch at gmail.com> wrote:
> Hi Tijani,
> When nuance is possible, I have faith in our people to understand and work with that. Ideally we want both domain owners and domain users to be free from abuse. However, when there are decisions that will favour either the protection of registrants OR the protection of end users, our scale is balanced 98 to 2. Such hard choices - such as the very definitions of "harm" or "abuse"- will not be avoidable and we cannot shirk from that.
> Cheers,
> Evan
> PS: I am not sure that AFNIC/.fr is a good example, since well-run ccTLDs with residency requirements are typically not sources of significant end-user abuse. Were ICANN run like AFNIC or CIRA it's likely that gTLDs might not be such sources of abuse and this debate would be unnecessary.
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20180904/2a5c1a98/signature.asc>
-------------- next part --------------
CPWG mailing list
CPWG at icann.org

More information about the registration-issues-wg mailing list