[Accred-Model] Codes of conduct

benny at nordreg.se benny at nordreg.se
Wed Aug 1 23:14:09 UTC 2018 

The way its implemented in Denmark are questionable since the anonymous function are only for people in Denmark with a danish adresses and therefore registrants are not equal treated which according to EU regulations are not allowed.

I guess it will be tested in court 

--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197000
Direct: +47.32260201
Mobile: +47.40410200

> On 2 Aug 2018, at 03:44, Rubens Kuhl <rubensk at nic.br> wrote:
> 
> 
> All EU ccTLDs have changed procedures to deal with GDPR, so none of them are DPA-tested or courts-tested. Rules vary a lot among them, including .is (Iceland) which still publishes registrant e-mail addresses. Some might be doing it based on local law (Denmark comes to mind, as can be seen in https://www.dk-hostmaster.dk/en/anonymity ) or a consultation with local DPA, and some might be simply wrong. 
> 
> But reading the correspondence from Article 29 / EDPB, I don't see such a declaratory model flying by them. Since we are talking EU, different from ccTLDs we have to either follow the common denominator, or have a per-jurisdiction procedure. We can't take Denmark anonymity ban, for instance, and apply to all EU... 
> 
> 
> Rubens
> 
> 
> 
>> On 1 Aug 2018, at 17:29, <trachtenbergm at gtlaw.com> <trachtenbergm at gtlaw.com> wrote:
>> 
>> Brian,
>>  
>> What about Denic’s process which uses a form and requires the requestor to confirm that “The applicant needs the data because the applicant owns an absolute right (for instance to a name or trademark) that the applicant believes may be violated by the domain.”
>>  
>> https://www.denic.de/en/service/whois-service/third-party-requests-for-holder-data/
>>  
>> https://www.denic.de/fileadmin/public/downloads/Domaindatenanfrage/Antrag_Domaindaten_Rechteinhaber_EN.pdf
>>  
>> Denic is in the EU but has automated this process and is relying on representations of the requestor so seems like others could as well.
>>  
>> Best regards,
>>  
>> Marc H. Trachtenberg
>> Shareholder 
>> Greenberg Traurig, LLP | 77 West Wacker Drive | Suite 3100 | Chicago, IL 60601
>> Tel 312.456.1020 
>> Mobile 773.677.3305
>> trachtenbergm at gtlaw.com | www.gtlaw.com
>>  
>> <image001.jpg>
>>  
>>  
>> From: Accred-Model [mailto:accred-model-bounces at icann.org] On Behalf Of BECKHAM, Brian
>> Sent: Friday, July 27, 2018 5:01 AM
>> To: Rubens Kuhl; accred-model at icann.org; gdpr at icann.org
>> Subject: Re: [Accred-Model] Codes of conduct
>>  
>> Hi Rubens,
>>  
>> As far as standardized processes go, are you aware of any public examples that folks could look at?
>>  
>> I am aware e.g., of the Nominet Data Release Request which asks requestors to “explain who you are and the reason that you are requesting the non-public data”.
>>  
>> Similarly, the EURid Personal Data Disclosure Form requires requestors to describe “your legitimate interest regarding the disclosure of personal data; [and] how you intend to use the requested data”.
>>  
>> These examples, as well as v1.7 of the model being discussed on this list, go beyond the “Trust me I'm a lawyer” mischaracterization.
>>  
>> Arguably going significantly beyond what these European ccTLDs require, version 1.7 of the A&A Model (at page 4) states inter alia that requestors should have “a specific and delineated purpose for their access to and use of non-public data” and moreover that they should certify “that access to and use of non-public data is for a legitimate and lawful purpose and limited to the purpose for which it is sought.”
>>  
>> If there are other standardized models you (or others) are aware of, it would be helpful if you could share those to see if a set of best practices/request elements could be pulled together.
>>  
>> Thanks, and best regards,
>>  
>> Brian
>>  
>> From: Accred-Model [mailto:accred-model-bounces at icann.org] On Behalf Of Rubens Kuhl
>> Sent: Wednesday, July 25, 2018 11:03 PM
>> To: accred-model at icann.org; gdpr at icann.org
>> Subject: Re: [Accred-Model] Codes of conduct
>>  
>>  
>>  
>> 
>> On 25 Jul 2018, at 17:50, Cyntia King <cking at modernip.com> wrote:
>>  
>> Agreed that the GDPR should empower Data Subjects to have more control over their PII.
>> However, this isn’t the only consideration:
>>  
>> 	• The GDPR also states:  “The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.”  (Recital 4)
>> I think Rod’s suggestions are a good faith effort to achieve that proportionality.
>>  
>> 	• In meetings w/ the European Commission (28-May-18), the commission said they shared the concerns of trademark rights advocates that there be standardized & predictable access to necessary WHOIS information.
>> I believe the Commission is aware that an ad hoc system of response is not only chaotic, but potentially unsafe. 
>> 
>>  
>> A consistent & reliable system that balances the privacy rights of certain individuals against the threat of harm to (potentially countless) others, will be a difficult - but not impossible - balancing act.
>>  
>>  
>> A system that grants more access than a situation allows under GDPR is also problematic. So when going from ad hoc to standardised, the standard can't have less information than would be required in ad hoc mode, specially information specific to that request, like a power-of-attorney from an specific brand holder. Simply saying "Trust me I'm a lawyer" doesn't cut it.
>>  
>>  
>> Rubens
>>  
>>  
>>  
>> Rubens
>>  
>>  
>> 
>>  
>> GLOBAL
>> INNOVATION
>> INDEX 2018
>>  
>>  
>> Energizing the World with Innovation
>>  
>>  
>> Launch July 10
>> www.wipo.int/gii
>> #GII2018
>>  
>>  
>> 
>> World Intellectual Property Organization Disclaimer: This electronic message may contain privileged, confidential and copyright protected information. If you have received this e-mail by mistake, please immediately notify the sender and delete this e-mail and all its attachments. Please ensure all e-mail attachments are scanned for viruses prior to opening or using.
>> If you are not an intended recipient of confidential and privileged information in this email, please delete it, notify us immediately at postmaster at gtlaw.com, and do not use or disseminate such information.
> 
> _______________________________________________
> Accred-Model mailing list
> Accred-Model at icann.org
> https://mm.icann.org/mailman/listinfo/accred-model

More information about the Accred-Model mailing list