[Gnso-epdp-team] On the proposed guidance
Mueller, Milton L
milton at gatech.edu
Wed Apr 14 20:11:40 UTC 2021
I have only gotten time to review the latest Guidance document and the surrounding debate today. Apologies, but there is a lot going on in my day job.
I am disappointed to see that we seem to be going backwards. I see divergence rather than convergence on the way we are approaching the problem.
I see no point in adding more noise to the current document via the Comments function. What I would like to try to do is articulate some broad principles about how to deal with the legal/natural distinction. If we can agree on those principles, it will be relatively easy to complete the document. If we cannot/do not agree on those principles, additional wordsmithing and debates over terms will not get us anywhere.
So here are the broad principles that I would offer up for debate:
1. The legal/natural distinction is relevant and we need to find a way make it in RDDS without compromising privacy rights.
2. Registrants should be able to self-designate as legal or natural, with no burden of authentication placed on registrars or registries
3. To protect small home offices or NGOs who are technically Legal persons but whose registration data may include Personal data, we need an additional check in the process.
4. As long as they conform with the above 3 principles, registrars/ries (CPs) should be given maximum flexibility to choose the way to differentiate.
Principle 1 discussion:
If we cannot agree on this (or agree to abandon this principle), _nothing else will fall into place_. Ever. So let’s settle that. Steve and Volker I suspect will disagree with this principle. Steve has argued that the L/N distinction is “not a central concern” and all that matters is whether the registrant’s data is to be made available to anyone. If he is right, we can discard the guidance altogether, because we already have a recommendation to allow the RNH to consent to the publication of their data. Volker has also suggested that it is personal data we need to differentiate, not L/N . I disagree with Steve and Volker on this and so do most of the rest of the group. L/N distinction is a central concern to certain stakeholder groups in the EPDP, because a) GDPR and other data protection laws do not protect it and this process is all about bringing RDS into compliance with privacy law; b) Legal person data could be published and it would provide easier access to their registration data. As a NCSG member I can find no basis for objecting to the publication of WalMart’s, Kroger’s or the local hardware store’s registration data. Any concerns about PII are addressed by principles 2 and 3. Steve is approaching this as an engineer, but this is a policy process, and we will not obtain agreement on a solution unless certain stakeholders are satisfied. If they think it is a central concern, it’s a central concern, that’s how policy/politics work.
Principle 2 discussion
This is the key principle that keeps NCSG and CPH satisfied. Registrants are in control of how they are designated. Yes, this means that some people will lie. That is just something we will have to accept. One cannot erase that possibility without creating a system that is too burdensome and costly as to outweigh any benefits.
Principle 3 discussion
This is something everyone seems to agree on already. But it is good to make it explicit, then we can work out how specific our guidance can get, so as to conform to …
Avoid being overly prescriptive, but ensure that the other 3 principles are honored. So yes, Volker, we give you maximum flexibility to implement in accordance with different business models, but you can NOT make a designation for a RNH, because it violates principle 2.
I truly believe that if we can come to agreement on these 4 principles and use them as the basis for drafting guidance, we can actually finish this.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team