[CPWG] [registration-issues-wg] [GTLD-WG] Next possible move related to GDPR

Seun Ojedeji seun.ojedeji at gmail.com
Tue Sep 4 16:24:35 UTC 2018 

Sent from my mobile
Kindly excuse brevity and typos

On Tue, 4 Sep 2018, 16:52 Olivier MJ Crépin-Leblond, <ocl at gih.com> wrote:

> Hello all,
> .
>
> So we are somehow in the middle. The question we should be asking
> ourselves, is whether there is a solution that satisfies both sides of the
> debate? A solution that provides consumer protection, whilst at the same
> time complies with GDPR?
>

SO: At the ePDP level I don't think the question above will be accepted to
be within scope(even though I wish it was). However I do think it can be a
question that those of us participating can ponder upon with the goal of
making final spec close to answering that question as much as possible.

I used the phrase "as much as possible" because I don't think there can be
a fine balance.

Regards

>
> Kindest regards,
>
> Olivier
>
> On 04/09/2018 10:54, Bastiaan Goslings wrote:
>
> Unless I am mistaken I do not think we have to make a ‘decision that will favour either the protection of registrants OR the protection of end users’.
>
> Following this thread I am probably somewhat in the middle here: I definitely agree with the call for ‘balance’ but also think we have to be pragmatic and therefor need to establish what this required ’balance’ means in practical terms in order to help our EPDP members and alternates form a position.
>
> (Fyi I am somewhat allergic to statements like ‘we as end users advocates are morally bound to prioritize the interests of the majority’. Personally I automatically tend to go for the underdog position, I am not going to elaborate on how minority groups everywhere suffer from apparent political, religious and/or commercial majority viewpoints. No need to respond to that, it just a personal thing)
>
> In this case I don’t think are fundamentally disagreeing though, I think it is more a matter of tone. It does seem as if we are continuously emphasising that certain third parties should have access to non-public WHOIS data in the public interest, as if that is the only concern and it is bad enough that GDPR and the like make gated access even a requirement in the first place. Like, who cares about privacy, that is just a ‘minority’ interest. The false security versus privacy paradigma I referred to before, combined with a ‘there are many more users than registrants’ rationale. And I know we hat is not what we think and/or are saying, but in terms of tone that is what sticks, at least with me.
>
> I am of the opinion that a more balanced approach is indeed necessary. In practical terms I think we can do so by on the one hand seeing to it that ICANN becomes compliant with applicable data protection legislation like the GDPR, which in my opinion is not ‘a given’ looking at the current Temp Spec, advise from the EDPB, and what certain stakeholders within the EPDP are striving for. Of course I also am convinced that third party access based on legitimate interests are a no brainer. But even if that is the case, we need to see to it that WHOIS data are ‘collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes’ as art 5.1 (b) of the GDPR says. If that is not taken care of properly then we might be looking at a future scenario where e.g. LEAs with certified access to non-public WHOIS data will not be able to get all the data required as they’ll no longer be collected…
>
> -Bastiaan
>
>
>
> On 4 Sep 2018, at 10:02, Evan Leibovitch <evanleibovitch at gmail.com> <evanleibovitch at gmail.com> wrote:
>
> Hi Tijani,
>
> When nuance is possible, I have faith in our people to understand and work with that. Ideally we want both domain owners and domain users to be free from abuse. However, when there are decisions that will favour either the protection of registrants OR the protection of end users, our scale is balanced 98 to 2. Such hard choices - such as the very definitions of "harm" or "abuse"- will not be avoidable and we cannot shirk from that.
>
> Cheers,
> Evan
>
> PS: I am not sure that AFNIC/.fr is a good example, since well-run ccTLDs with residency requirements are typically not sources of significant end-user abuse. Were ICANN run like AFNIC or CIRA it's likely that gTLDs might not be such sources of abuse and this debate would be unnecessary.
> _______________________________________________
> CPWG mailing listCPWG at icann.orghttps://mm.icann.org/mailman/listinfo/cpwg
>
>
>
> _______________________________________________
> CPWG mailing listCPWG at icann.orghttps://mm.icann.org/mailman/listinfo/cpwg
>
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180904/0539ac65/attachment.html>

More information about the CPWG mailing list