[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is backwards
Paul Keating
Paul at law.es
Thu Feb 15 14:56:01 UTC 2018
Rubens,
You stated:
> * There is a limited set of registrants that is entitled to GDPR protection.
> There is a very large class of registrants that is not entitled to GDPR
> protection. There is disagreement about where this line is, but this seems to
> be something where consensus is possible and there's an objectively, legally
> correct answer."
And,
>> 1. The GDPR applies to, and is intended to benefit, a limited set of
>> registrants.
>
> No, no agreement with that state
I completely disagree. The GDPR does in fact act only to bind Data
Collectors and Processors as to data concerning a specific and limited set
of people (EU residents). That registrars may seek to apply it across the
board to all registrants is a matter of convenience and risk avoidance given
the potential issues of properly identifying whether the registrant is in
fact one of the protected class. While I cannot fault the registrars for
wanting to limit risk, I do object to the objective miss-statement of the
law.
Paul Keating.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
Rubens Kuhl <rubensk at nic.br>
Date: Wednesday, February 14, 2018 at 9:41 PM
To: John Horton <john.horton at legitscript.com>
Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy is
backwards
>
>
>> On 14 Feb 2018, at 18:07, John Horton via gnso-rds-pdp-wg
>> <gnso-rds-pdp-wg at icann.org> wrote:
>>
>> Thanks, Chuck. I think whatever changes are required by the GDPR can be
>> accomplished with changes that, in my view, do not constitute a fundamental
>> change to Whois/RDS. Beyond what I think are non-fundamental changes relating
>> to the GDPR, I do not believe that any changes are a "must." As to your
>> question:
>> * There is a limited set of registrants that is entitled to GDPR protection.
>> There is a very large class of registrants that is not entitled to GDPR
>> protection. There is disagreement about where this line is, but this seems to
>> be something where consensus is possible and there's an objectively, legally
>> correct answer.
>
> Nope, GDPR applies to all domain services provided by a party that does
> business targeting EEA. So there is no agreement in limiting to whom GDPR
> applies to. You know what is in the Hamilton memo that you disagree with, and
> while it's your right to disagree, you can't define things as having agreement
> when there is no such thing.
>
>
>> * It is possible to protect that subset of registrants through (e.g.)
>> complimentary privacy protection, as well as some other limited policies
>> granting access to the data for a legitimate purpose (etc., everything we've
>> been discussing).
>
> Nope, that would only be valid for publishing of data. For collection and
> processing of data, private WHOIS as we know it might not be enough to achieve
> compliance, depending on TLD and ICANN requirements.
>
>> * Whether a registrant is, in fact, an entity that is in the very limited
>> class entitled to GDPR protection can be determined during the registration
>> process, and ICANN policy can require registrars to add these fields to the
>> registration process. Existing registrants can be asked to update their
>> information.
>> * Aside from the policies requiring that those additional data fields be
>> collected during the registration process (e.g., are you an EU citizen and
>> other relevant questions), and that if certain answers are "TRUE" then
>> privacy protection is automatically granted, Whois would not change. Port 43
>> access would continue as is, and so on.
>> I guess I would turn around and ask you and others if everyone agrees with
>> these two statements:
>> 1. The GDPR applies to, and is intended to benefit, a limited set of
>> registrants.
>
> No, no agreement with that statement.
>
>> 1. Registrar convenience or business objectives is not a valid basis to
>> support a policy change.
>
>
> That depends on level. If by business objectives you mean deny service for
> whole Europe, that's a pretty hard business hit. It's something like 20% of
> world's GDP.
>
>
>
>
>
> Rubens
>
>
> _______________________________________________ gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180215/4a8681be/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list