[Accred-Model] Codes of conduct

jonathan m jonathan.matkowsky at riskiq.net
Mon Jul 16 22:54:18 UTC 2018 

All,

Any model that doesn’t take into account for transparency of processing
that a data subject has the right to typically object and freeze the
processing is not compliant with GDPR. I think the registrar as a
controller must also have the right to object. That doesn’t mean that the
processing won’t eventually continue if it is compelling and overrides the
rights and freedoms of the individual but subject to Chapter 7 of the GDPR.

When safety is a concern, then as long as the data subject knows which
supervisory authority is overseeing the code of conduct under which the
request is being made, it’s possible to protect the identity of the
requestor. This should be relatively rare.

Not every legitimate interest outweighs the rights and freedoms of the data
subject, and a privacy impact assessment is required. Not every legitimate
interest is entitled to the same weight under GDPR, and the risks and
severity of harm to the person must be considered especially when certain
interests at stake aren’t the same as those of the controller.

We need RDAP to accommodate these concerns. When law enforcement has
legitimate interests, they can use the same RDAP tier of access, but when
pursuing a criminal offense or investigation, a different model of access
must be accommodated under the LED etc.

Ignoring these issues won’t make them go away.  I hope that truly
consensus-building voices participate in the EPDP, because it’s time we
stop trying to keep Whois to the greatest extent possible and instead
design the next generation to be better—more accurate, with more
accountability and integrity but also consistent with data protection laws
and internationally recognized norms. It makes sense to generally treat all
people — regardless of where they reside, with the same inherent rights and
freedoms that European laws are attempting to protect.

Jonathan Matkowsky
VP - Cybersecurity, Privacy & IP
JD, CIPT, CIPP/EU
RiskIQ, Inc.




> --
Jonathan Matkowsky

-- 
*******************************************************************
This 
message was sent from RiskIQ, and is intended only for the designated 
recipient(s). It may contain confidential or proprietary information and 
may be subject to confidentiality protections. If you are not a designated 
recipient, you may not review, copy or distribute this message. If you 
receive this in error, please notify the sender by reply e-mail and delete 
this message. Thank you.


*******************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180717/95e6866a/attachment.html>

More information about the Accred-Model mailing list