[CPWG] [GTLD-WG] EPDP: Geographic distinction

Alan Greenberg alan.greenberg at mcgill.ca
Tue Oct 30 13:49:31 UTC 2018 

Clearly trying to "simplify" a question, it is no longer accurate.

Bastiann is correct the basis for protecting an 
individual's data is based not in citizenship or 
residency (which is a technical term that has 
varying meaning depending on the country and a 
person's exact status) but simply being "in" the 
EU (and even "EU" is a simplification).

Alan

At 30/10/2018 02:43 AM, Bastiaan Goslings wrote:
>Just a quick comment, also related to a comment 
>Maureen made earlier ('with EU citizens working 
>and living all over the world for various 
>reasons and varying lengths of time, what is the 
>actual definition for "resident of the EU”):
>
>I’m not aware of the GDPR referring to either 
>EU ‘citizens’ or ‘residents’.
>
>See art 3 of the GDPR 
>https://gdpr-info.eu/art-3-gdpr/ which sets the territorial scope.
>
>So the GDPR is applicable to controllers and 
>processors in the Union, regardless of whether 
>the processing takes place in the Union (and 
>regardless of whether the data subjects affected 
>are in the Union), and to the processing of 
>personal data of data subjects who are in the 
>Union by controllers and processors not established in the Union.
>
>(see also recitals 2 and 14 https://gdpr-info.eu/recitals/ )
>
>Anyway, looking at the example mentioned below, 
>any citizen living in the US, not just those 
>from the EU, 'would get the benefit of GDPR when 
>the Controller or Processor with their data is “established” in the EU'.
>
>-Bastiaan
>
>
>
>
> > On 30 Oct 2018, at 05:52, Greg Shatan <greg at isoc-ny.org> wrote:
> >
> > Alan,
> >
> > One slight caveat: an EU Citizen living in 
> the US would still get the benefit of GDPR when 
> the Controller or Processor with their data is 
> “established” in the EU. But they get that 
> benefit only because the Controller or Processor’s covered by GDPR.
> >
> > Greg
> > On Tue, Oct 30, 2018 at 12:40 AM Greg Shatan <greg at isoc-ny.org> wrote:
> > I also think it should be restricted to what 
> GDPR requires. Anything beyond that essentially 
> puts ICANN into the business of making privacy 
> policy without a basis in law, which is beyond the remit of the EPDP.
> >
> > There may be an interesting discussion to be 
> had about whether ICANN should change WHOIS for 
> policy reasons, but the EPDP is not the place for that conversation.
> >
> > Greg
> > On Mon, Oct 29, 2018 at 11:12 PM Jonathan 
> Zuck <JZuck at innovatorsnetwork.org> wrote:
> > I'm inclined to say restricted if for no 
> other reason than we'll eventually have a bunch 
> of GDPRs that are slightly different.
> >
> > On 10/29/18, 9:36 PM, "GTLD-WG on behalf 
> of Alan Greenberg" 
> <gtld-wg-bounces at atlarge-lists.icann.org on 
> behalf of alan.greenberg at mcgill.ca> wrote:
> >
> >     GDPR is applicable to residents of the EU by companies resident there
> >     and worldwide.
> >
> >     One of the issues is whether contracted parties should be allowed or
> >     required to distinguish between those who 
> are resident there and elsewhere.
> >
> >     There is agreement that such distinction should be allowed, but EPDP
> >     is divided on whether it should be required. The GAC/BC/IPC want to
> >     see the distinction made, and at least one very large contracted
> >     party does already make the distinction. Other contracted parties are
> >     pushing back VERY strongly saying that there is virtually no way that
> >     the can or are willing to make the distinction.
> >
> >     The current (confusing) state of the working document is attached.
> >
> >     Which side should ALAC come down on?
> >
> >     - Restrict application to those to whom GDPR applies?
> >     - Apply universally ignoring residence?
> >
> >     As usual, quick replies requested.
> >
> >     Alan
> >
> > _______________________________________________
> > CPWG mailing list
> > CPWG at icann.org
> > https://mm.icann.org/mailman/listinfo/cpwg
> > _______________________________________________
> > GTLD-WG mailing list
> > GTLD-WG at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
> >
> > Working Group direct URL: 
> https://community.icann.org/display/atlarge/New+GTLDs
> > _______________________________________________
> > CPWG mailing list
> > CPWG at icann.org
> > https://mm.icann.org/mailman/listinfo/cpwg

More information about the CPWG mailing list