[CPWG] [registration-issues-wg] [GTLD-WG] EPDP: Geographic distinction

Alan Greenberg alan.greenberg at mcgill.ca
Wed Oct 31 17:32:27 UTC 2018 

I support applying GDPR and other legislation/regulation. We have no choice in that. At the moment because we aretime-constrained we are looking at just GDPR and I do not believe that we should go beyond that. Other leg/reg may be stricter that GDPR, or more open. We have already seen cases in the EU where ccTLDs are more open and have justified that to their privacy commissioners. We cannot presume that GDPR is the absolute baseline.

The ALAC position has been to maximize access to whois for cybersecurity workers. By masking a large fraction of the information (which is exactly what applying GDPR universally does, we are decreasing significantly such access and making it much easier for malfeasants to hide. Recent studies have already demonstrated that cybersecurity efforts are being hurt by the Temp Spec.

"The EU is protectively implementing her own GDPR because DNS market is huge in that part of the world..."

WHOIS has nothing to do with the motivation for GDPR. Depending on your perspective, it is an unfortunate casualty of it, or a serendipitous beneficiary.

Alan


At 31/10/2018 05:49 AM, Seun Ojedeji wrote:
On Tue, Oct 30, 2018 at 2:50 PM Alan Greenberg <alan.greenberg at mcgill.ca<mailto:alan.greenberg at mcgill.ca> > wrote:

The wider we allow redaction, the less access there is for cybersecurity and consumer protection/fraud issues.


SO: Alan I want to assume you are stating the above as an effect of GDPR (and other related laws in other countries), and hopefully not as a justification to not consider applying the privacy intention of GDPR at a global level which I think is the main question Sebastian asked.

The EU is protectively implementing her own GDPR because DNS market is huge in that part of the world, there are other countries that have similar rules as well(and more will emerge) but considering that the next billion internet users won't be from EU there is likelihood that the market trends will change in future hence I hope those version of GDPRs will not catch ICANN by surprise as GDPR did. In reaction to that, my hope is that the current ePDP will continue to make her recommendations as future proof as possible in the post-GDPR-like world.

Regards

Alan

At 30/10/2018 08:07 AM, Sebastien Bachollet wrote:
Hello,
I have questions:
If and when other GDPR like policies are developed in other part of the World do ICANN will need to enforce a policy for each « regime »?
Or as At-Large can̢۪t we ask for a protection for allall the (individual) (end) users?
And if we consider GDPR as a good step to protect (individual) (end) users privacy in Europe, why not for the others?

If we have to support distinction, it must be on the basis of the residence (the address in the Whois) and not the citizenship.

It must be also allow and possible if one want to publish their personal data to do so.

One world, one Internet, one privacy protection for all Internet individual end users ;)

All the best
SeB

Le 30 oct. 2018 à 07:43, Bastiaan Goslings < bastiaan.goslings at ams-ix.net<mailto:bastiaan.goslings at ams-ix.net>> a écrit :

Just a quick comment, also related to a comment Maureen made earlier ('with EU citizens working and living all over the world for various reasons and varying lengths of time, what is the actual definition for "resident of the EU†):

I’m not aware of the GDPR referring to either EU ÃU ‘citizens’ or ‘r ‘residents’. .

See art 3 of the GDPR https://gdpr-info.eu/art-3-gdpr/ which sets the territorial scope.

So the GDPR is applicable to controllers and processors in the Union, regardless of whether the processing takes place in the Union (and regardless of whether the data subjects affected are in the Union), and to the processing of personal data of data subjects who are in the Union by controllers and processors not established in the Union.

(see also recitals 2 and 14 https://gdpr-info.eu/recitals/ )

Anyway, looking at the example mentioned below, any citizen living in the US, not just those from the EU, 'would get the benefit of GDPR when the Controller or Processor with their data is “establishedÃd†in the EU'.

-Bastiaan




On 30 Oct 2018, at 05:52, Greg Shatan <greg at isoc-ny.org<mailto:greg at isoc-ny.org>> wrote:

Alan,

One slight caveat: an EU Citizen living in the US would still get the benefit of GDPR when the Controller or Processor with their data is “established†in the EU. But they get that benefit o only because the Controller or Processor’s covered by by GDPR.

Greg
On Tue, Oct 30, 2018 at 12:40 AM Greg Shatan <greg at isoc-ny.org<mailto:greg at isoc-ny.org>> wrote:
I also think it should be restricted to what GDPR requires. Anything beyond that essentially puts ICANN into the business of making privacy policy without a basis in law, which is beyond the remit of the EPDP.

There may be an interesting discussion to be had about whether ICANN should change WHOIS for policy reasons, but the EPDP is not the place for that conversation.

Greg
On Mon, Oct 29, 2018 at 11:12 PM Jonathan Zuck < JZuck at innovatorsnetwork.org<mailto:JZuck at innovatorsnetwork.org>> wrote:
I'm inclined to say restricted if for no other reason than we'll eventually have a bunch of GDPRs that are slightly different.

On 10/29/18, 9:36 PM, "GTLD-WG on behalf of Alan Greenberg" < gtld-wg-bounces at atlarge-lists.icann.org<mailto:gtld-wg-bounces at atlarge-lists.icann.org> on behalf of alan.greenberg at mcgill.ca<mailto:alan.greenberg at mcgill.ca> > wrote:

   GDPR is applicable to residents of the EU by companies resident there
   and worldwide.

   One of the issues is whether contracted parties should be allowed or
   required to distinguish between those who are resident there and elsewhere.

   There is agreement that such distinction should be allowed, but EPDP
   is divided on whether it should be required. The GAC/BC/IPC want to
   see the distinction made, and at least one very large contracted
   party does already make the distinction. Other contracted parties are
   pushing back VERY strongly saying that there is virtually no way that
   the can or are willing to make the distinction.

   The current (confusing) state of the working document is attached.

   Which side should ALAC come down on?

   - Restrict application to those to whom GDPR applies?
   - Apply universally ignoring residence?

   As usual, quick replies requested.

   Alan

_______________________________________________
CPWG mailing list
CPWG at icann.org<mailto:CPWG at icann.org>
https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________
GTLD-WG mailing list
GTLD-WG at atlarge-lists.icann.org<mailto:GTLD-WG at atlarge-lists.icann.org>
https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg

Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
_______________________________________________
CPWG mailing list
CPWG at icann.org<mailto:CPWG at icann.org>
https://mm.icann.org/mailman/listinfo/cpwg

_______________________________________________
CPWG mailing list
CPWG at icann.org<mailto:CPWG at icann.org>
https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________
GTLD-WG mailing list
GTLD-WG at atlarge-lists.icann.org<mailto:GTLD-WG at atlarge-lists.icann.org>
https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg

Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
_______________________________________________
CPWG mailing list
CPWG at icann.org<mailto:CPWG at icann.org>
https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________
registration-issues-wg mailing list
registration-issues-wg at atlarge-lists.icann.org<mailto:registration-issues-wg at atlarge-lists.icann.org>
https://mm.icann.org/mailman/listinfo/registration-issues-wg



--
------------------------------------------------------------------------

Seun Ojedeji,
Federal University Oye-Ekiti
web:     http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: <http://goog_1872880453> seun.ojedeji at fuoye.edu.ng<mailto:seun.ojedeji at fuoye.edu.ng>


Bringing another down does not take you up - think about your action!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20181031/dac27b10/attachment-0001.html>

More information about the CPWG mailing list