[Accred-Model] WHOIS Tiered Access and Accreditation Program: Comments from M3AAWG

[Rubens Kuhl]

> Em 13 de abr de 2018, à(s) 16:59:000, Aikman-Scalese, Anne <AAikman at lrrc.com> escreveu:
> 
> I just hope the DPAs will realize that the stability of the Internet is also dependent on consumer trust and confidence which is currently assured in part by private IP interests.

They might come to that conclusion in the future, but so far their stance speaks for itself:
"Finally, ICANN should take care in defining purposes in a manner which corresponds to its own organisational mission and mandate, which is to coordinate the stable operation of the Internet's unique identifier systems. Purposes pursued by other interested third parties should not determine the purposes pursued by ICANN. The WP29 cautions ICANN not to conflate its own purposes with the interests of third parties, nor with the lawful grounds of processing which may be applicable in a particular case.

> If not, why are the Consumer Confidence reviews mandated?  Consumer trust and confidence is of course based on the notion that internet commerce is safe.   There is an important EU law at stake and that is the European Directive on Enforcement of Intellectual Property Rights (“IPRED”).
> 
> See this link: https://ec.europa.eu/growth/industry/intellectual-property/enforcement_en <https://ec.europa.eu/growth/industry/intellectual-property/enforcement_en>
> 
> At the point where both governmental law enforcement and consumer protection authorities and registrars via abuse at registrar.com <mailto:abuse at registrar.com> are overwhelmed with complaints (and private IP holders are unable to effectively shut down counterfeit and often dangerous or fraudulent) services), consumers will change their behavior and use only “trusted sites”.  That will ultimately have a very bad effect on competition and innovation in the DNS and on the number of registrations purchased, in particular by small entrepreneurial businesses.
> 

I hope that by "trusted sites" you don't mean that famous social network whose CEO was just deposed by a legislative body of a major country. ;-)
In fact I guess it was a mention to marketplaces, and it could be an unfortunate push towards those, indeed.


> At this point, companies are going to have to start telling their customers what is coming as of May 25. I’m concerned that Internet business will become even more highly concentrated among the “Big” shops and then the EU will have to start enacting even more legislation to curb that market power.  It is in EVERYONE’s best interests to enable access for IP enforcement to information about sites where goods and services are being sold.

If a natural person operates a site where goods and services are being sold, they are granted the same GDPR protections as a natural person operating a site with kitten pictures.


> So everyone  in the community should be trying to facilitate a workable model for that purpose with an Interim Model which at the very least allows the UDRP and the URS to continue to function even as of May 25.

I thought that was already covered by GDPR, at least for a domain for which a dispute has been filed. What is not covered is how to get some of the information that today can be used in such proceedings, such as a pattern of abusive registration. I don't see an easy solution to this problem that satisfies GDPR and doesn't turn UDRP/URS into a data shop to find something about someone . Quoting the Article 29 letter:
"It should also be clarified how access shall be limited in order to minimize risks of unauthorized access and use (e.g. by enabling access on the basis of specific queries only as opposed to bulk transfers and/or other restrictions on searches or reverse directory services, including mechanisms to restrict access to fields to what is necessary to achieve the legitimate purpose in question)"



>  For the interim model, why not require registrants to provide an e-mail address that contains no personal information?  – much easier and less expensive to implement than a system which requires the registrar to create an “anonymization” system.
> 

Not that easier when it comes to less skilled users, or when such is forbidden by corporate policy. If they currently pay for an e-mail service they will think their cost is doubling, they won't just go to Gmail or Hotmail and create an account pleasedontspamme at gmail.com <mailto:pleasedontspamme at gmail.com> like a savvy user would do.
For registrars already providing privacy options, such system is already implemented, and they might prefer choosing that route.


Rubens


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180413/cee3e8ba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180413/cee3e8ba/signature.asc>