[CPWG] [registration-issues-wg] Urgent EPDP question

Holly Raiche h.raiche at internode.on.net
Mon Oct 15 02:00:46 UTC 2018 

Folks

An  argument against differentiation is that the contracted parties want to be able, as much as possible, to implement one system for managing information rather than having to differentiate between the license of a name being a natural person and the licensee of a name being a corporate person.

Another is says that there are circumstances where information about legal entities may amount to personal information - for example, when a small business (usually a legal person) has used the actual name of the person as the business name, or where, in the case of a legal person, the contact details provided are for  a named individual - thus GDPR protections should apply uniformly.  

My personal view is that, from the perspective of users, the protections of GDPR really need only apply to natural persons.  

That means that companies will need to be careful not to provide personal contact information for the RAA/Registry agreements.  And from an end user point of view, the management of systems to differentiate legal from natural persons is not our concern.


Holly


> On Oct 15, 2018, at 12:12 PM, Alan Greenberg <alan.greenberg at mcgill.ca> wrote:
> 
> Here is a question that we need an answer on no later than Tuesday morning.
> 
> GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
> 
> ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
> 
> The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
> 
> The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame.  (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
> 
> I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
> 
> Comments?
> 
> Alan
> 
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg

More information about the CPWG mailing list