[IRT.RegDataPolicy] Legal clarification regarding publication of TC data

Rubens Kuhl rubensk at nic.br
Tue Oct 15 17:51:20 UTC 2019 


> On 15 Oct 2019, at 14:30, Mark Svancarek (CELA) <marksv at microsoft.com> wrote:
> 
> 	" AFAIK, privacy regulations are about having an use case and then finding the adequate processing for it, not the other way around..."
> 	" This looks the old "just because" type of argument that has been found not to be convincing to DPAs. I'm sure many uses have happened in the past, but we are implementing the ones mapped by the RegData EPDP Phase 1. "
> 	"The fact is regarding websites that there is already contact information available elsewhere, triggering the minimisation principle making not usable as legal basis. And since this mailing list is archived, this reference can easily become an exhibit at a DPA fine on someone."
> 
> Rubens, I think you are missing the point.  We are discussing how to enable a technical contact who wishes their contact information to be freely published.  The example is a sample use case for someone who finds a need to contact the technical contact whose data has been freely published for the purpose of fixing a website.  Perhaps we should have used a different example, say reporting a missing AAAA record? The fact that someone would access the freely published contact information has nothing to do with your concerns above.

The person wishing such publication of technical contact can go to a registrar that provides that and request it; there is nothing in the RegData Policy as it's now preventing that. What there is not, reflecting EPDP policy guidance, is something to oblige a registrar to do so, exactly due to the many complexities that can't be easily factored into policy, like how many reseller levels there are in that registration chain, which jurisdictions are involved etc. 

BTW, the missing AAAA record is also not a reason to reach the domain technical contact; the DNS provider of a domain can be different from the domain technical contact. Keeping the microsoft.com example, the SOA DNS record of the domain indicates who to reach out to regarding DNS zone contents:
host -t soa microsoft.com
microsoft.com has SOA record ns1.msft.net. msnhst.microsoft.com. 2019101505 7200 600 2419200 3600

In this case, msnhst at microsoft.com. And this was done with a simple DNS query. 

I'm pretty sure that market demand will make the ones requesting it and the ones offering it to meet and do business. 


Rubens

More information about the IRT.RegDataPolicy mailing list