[CPWG] Urgent EPDP question
Alan Greenberg
alan.greenberg at mcgill.ca
Mon Oct 15 01:12:36 UTC 2018
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected
(for those resident in Europe) be protected. GDPR does not apply to
Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all
registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties
may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to
restrict GDPS to Natural Persons. The contracted parties are pushing
back - strongly. The words vary, but in essence what they are saying
ranges from there should be no constraint on them to yes, they may
differentiate but with an unspecified time-frame. (As you may note
if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA
must do some validation of contact information for new an transfered
domains, but none to simple renewal. so there are currently
140,000,000 domains without verified information (5 years after the
2013 RAA came into force) and there is no requirement to ever
validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate
between legal persons and natural persons, just as GDPR and other
privacy legislation does.
Comments?
Alan
More information about the CPWG
mailing list