[gnso-rds-pdp-wg] List topics for this week

Chen, Tim tim at domaintools.com
Thu Jun 15 16:43:09 UTC 2017 

Hi Rob,

Thanks for chiming in on these issues.  I understand your perspective on
the issue of your personal data, except for one statement which confused me:

"The local supermarket will pay me £44 (appx $60) for my postal address [
in vouchers, discounts, freebies etc ] - that 's the "value" of my data to
one user - if there was suitable recompense to registrants & registrars &
registries for access to whois data , I'm sure there would be less
objection to the system !"

Using the arguments you have made about individual control over PII, what
right does my chosen registrar or registry have to get compensated for my
whois data?   Put another way, I get your point about 'recompense to
registrants' but I don't understand how you can add in '& registrars &
registries' unless an individual has explicitly given permission to those
companies to monetize their whois data?

-Tim Chen

www.domaintools.com


[image: DomainTools] <http://info.domaintools.com/em-sig.html>


On Thu, Jun 15, 2017 at 4:39 AM, Rob Golding <rob.golding at astutium.com>
wrote:

> Hi
>
> There's a huge difference between domains and telephone numbers
>>
>
> The type of directory is irrelevant to my rights to control my data
>
> I don't think an article dated from 2000 brings relevant points.
>>
>
> That we've still not brought policy or technology upto almost 20 year old
> legislation just shows how unfit for purpose WHOIS has become
>
> Much of that is because enforcement of existing legislation has been lax,
> but the Snowden issue, repealling on the Data Retention Directive,
> scrapping of Safe-Harbour and a need to toughen up both the rules and the
> enforcement are what's led to the GDPR, which is now in force, and next
> year will be actively enforced.
>
> Multi-million $ fines rather than slap-on-wrists with 20k fines might
> start to change attitudes a bit as the penalties have been inflation
> adjusted, and now the data-subject is also entitled to compensation for the
> unauthorised use of their data - so there will be an "incentive" to start
> sueing people
>
> The local supermarket will pay me £44 (appx $60) for my postal address [
> in vouchers, discounts, freebies etc ] - that 's the "value" of my data to
> one user - if there was suitable recompense to registrants & registrars &
> registries for access to whois data , I'm sure there would be less
> objection to the system !
>
>
>
> -Social norms regarding handling spam have drastically shifted in the
>> past decades
>>
>
> Spam is just one of the numerous (ab)uses of the data. I imagine very few
> people have "consented" to spam, even if it was listed as a "proposed
> legitimate use" for which they could actively consent.
>
> If you don't choose to disclose
>> your information in whois, then no one has a right to it
>>
>
> Whether I choose to be listed in a directory (which I dont _really_ have
> much choice over as a registrant of numerous gtlds) or not doesn't change
> that it's *MY* data, nor that most of the (tld dependant) "privacy" options
> now available are relatively new (whois has been there for 30 years)
>
> If you do
>> disclose, knowing full well that whois is public, you shouldn't be
>> surprised at the results.
>>
>
> And therein lies what I think is the mindset problem, the "results" are
> (legally) ONLY what I give explicit permission for it to be used for, any
> other use is not permitted, and I have the right to revoke that permission,
> free of charge (to me) at any stage.
>
> The entitlements you listed(control over sharing, how data is used), on
>> the Internet in
>> 2017, are wholly unenforceable for anything publicly available.
>>
>
> Google pay thousands of times as much as ICANN to lawyers and yet they
> lost over the "right to be forgotten" issue under the older and much laxer
> legislation - so we'll see what is "enforceable"
>
> If we want to talk about ways to prevent abuse of whois data, first of
>> all, the "reverse lookup" and "historical" directories in their
>> current state are unlikely to be involved in abuse at all-
>>
>
> The directories themselves would constitute an "abuse" - in the main
> they've breached both law and contract to obtain that data
>
> Maybe we need a definition of what "public" means ?
> Rob
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170615/3590855e/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list