[CPWG] Urgent EPDP question

[Gordon Chillcott]

Alan:

The objective here is compliance with GDPR - and, yes, other privacy
legislation.   

ICANN, then, must differentiate between legal and natural persons as
part of this compliance effort.

Gordon Chillcott
 

On Sun, 2018-10-14 at 21:12 -0400, Alan Greenberg wrote:
> Here is a question that we need an answer on no later than Tuesday morning.
> 
> GDPR requires the information related to Natural Persons be protected 
> (for those resident in Europe) be protected. GDPR does not apply to 
> Legal Persons (ie companies).
> 
> ICANN's Temporary Spec allows contracted parties to treat all 
> registrant alike and subject to GDPR.
> 
> The EPDP Charter includes questions about whether contracted parties 
> may or must treat Legal Persons differently from Natural Persons.
> 
> The GAC, BC and IPC have made strong statements about the need to 
> restrict GDPS to Natural Persons. The contracted parties are pushing 
> back - strongly. The words vary, but in essence what they are saying 
> ranges from there should be no constraint on them to yes, they may 
> differentiate but with an unspecified time-frame.  (As you may note 
> if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA 
> must do some validation of contact information for new an transfered 
> domains, but none to simple renewal. so there are currently 
> 140,000,000 domains without verified information (5 years after the 
> 2013 RAA came into force) and there is no requirement to ever 
> validate their information - so unspecified time frames can last a LONG time.)
> 
> I personally feel that it is essential that we should differentiate 
> between legal persons and natural persons, just as GDPR and other 
> privacy legislation does.
> 
> Comments?
> 
> Alan
> 
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg