[CPWG] [GTLD-WG] [registration-issues-wg] Next possible move related to GDPR

[Alan Greenberg]

A couple of points, most not in relation to a particular previous 
comment but to the overall conversation here over the last few days.

The fact that the ultimate result will be a compromise is a given 
That is what GDPR is. It calls for protection of personal 
information, BUT allows access for legitimate reasons. It is where 
that line is that is the question, and what are the legally 
admissible arguments for setting the line at a particular place for a 
given rationale.

And that last part is the difficulty. Different parties have 
different aims. Some are looking purely at privacy and believe it 
should be maximized. Others, for convenience or real need want to 
make access more liberal. Others really don't care, but want to 
minimize their exposure and risk to be cited for violations 9(and 
indeed, public companies have a legal responsibility to their 
shareholders to minimize such risk).

If we had enough time, effort, full understanding of the various 
needs and positions, and the wisdom of the proverbial bibilical 
Solomon, perhaps we could establish just what that compromise is with 
regard to WHOIS/RDS.

But that is not out job. How iCANN works, is that we each need to 
represent what is important to use and if you believe in in the 
multistakeholder model, or in magic, what will come out the other end 
is a balanced result that will make us all happy. Or all equally unhappy.

The premise of the EPDP is that we WILL end up with something that we 
believe will pass the GDPR test of balance. There is no shortage of 
people there who will be pressing for ultimate registrant privacy. So 
the question is, what should out stance be there? Some level of 
balance is a given - we do not need to defend that.

One other point on ccTLDs (and for that matter a select number of 
gTLDs). Many such TLDs have very low levels of abuse, because they 
have registration policies regarding who can register a domain and in 
some cases how it can be used. And these policies are enforced. So 
patterns  of use and abuse are quite different. If gTLDs were 
controlled as many ccTLDs are, we would not be having many of the 
conversations we have. Or the problems we have...

Alan