[Accred-Model] WP29 statement on WHOIS

[Rubens Kuhl]

> On 30 Apr 2018, at 21:59, Scott Austin <SAustin at vlplawgroup.com> wrote:
> 
> Rubens:
> You are correct, new law would have to be made – or existing law amended. But it is a given with the thousands of hours now spent by lawyers, ICANN, privacy officials and governing bodies analyzing GDPR that new law will be made in response to GDPR. My question is whether those laws in response will be made through a patchwork of regulations or statutes in multiple jurisdictions taking effect at different times to protect their unsuspecting citizens from GDPR’sits penalties; or worse, a patchwork of judge-made interpretations of GDPR’s application and scope in challenges of those penalties after they issue against citizens.


We don't have to resort to multiple jurisdictions; I don't think Europol has a view much different from FBI, for instance, so they are as able to carry a message of steering the needle towards transparency instead of privacy to lawmakers. 
But there is a global trend in society towards control of personal data that is overwhelming... so I wouldn't take such amendments for granted, even in less privacy-oriented jurisdictions. Specially after people realise that the sky hasn't fallen after May 25th. 


> And how will that cost compare with my suggestion of a modest amendment to an existing global contract network with existing registries,

That contract network can't supersede any applicable laws. Contracts can go only up to what the law allows, and changing civil law requires lawmaker involvement, different from case law. 


> which amendment proposes to keep data private but provide reasonable access for notice or service of process to a registrant through a qualified third party, registered designee, with the added benefit of taking effect globally and simultaneously. And given that GDPR is essentially the enactment of government sanctioned proxy protection which may limit if not obviate the need for existing private proxy services, perhaps the privacy/proxy service providers would be willing to transfer their services to fulfill the role of registrant’s agents or their back office.     

If that was true, privacy/proxy service would already be an included service in all major registrars. While it's included in Google Domains and Uniregistry, Google is #10 gTLD registrar at this time... so most registrants still to have to pay for a service that is much more simpler than the one you suggest. A good number of those registrar-based proxy services simply turn off privacy in response to any kind of dispute or issue instead of relaying notices to registrants. What you have described is more like the type of proxying provided by law offices, which comes with a price. 

BTW, since you mentioned trademark registrations in an earlier e-mail, I converted some local fees to local domain multiples so you can get a feeling of how that would impact pricing:
- Local PTO cost for requesting a trademark registration: 3.5 domains
- How much a lawyer bills for preparing that registration: 42.5 domains
- Local PTO cost for issuing a trademark: 7.5 domains
- Lawyer costs when the trademark is issued for monitoring and challenging future trademark applicants: 10 domains

It's hard to fit any of those into a cost-neutral mechanism. 


Rubens









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180430/281be960/attachment.html>