Hi Alan, Protecting registrars is not the issue, the impact that I see of the distinction is only on the market, new businesses being created or flourishing and others being diminished however, all of this is industry related matters it does not relate to the protection of rights or privacy, moreover I see it of very little help to third parties with legitimate interest. In all cases I do share our main aim and goal as ALAC to protect end users and help those who try to keep us safe. BestHadia On Wednesday, October 31, 2018, 8:34:54 PM GMT+2, Alan Greenberg <alan.greenberg@mcgill.ca> wrote: Hadia, On the geographic location of controllers and processors: if a Ry/Rr doesn't know where it's processors are, I think it needs to look at its business. A Rr knows who it's direct resellers are but not necessarily it's second and lower-level resellers. Isn't it about time it did??? Not knowing who is in the reseller chain has already caused all sorts of problem in enforcing terms of the RAA which bind an unknown and unknowable group of resellers (unknowable without the Rr taking action) in a way that cannot be audited. On differentiating Registrars, if the Rr with a 35% market share does not care, why are we trying to protect registrars? Is that our business? Alan At 31/10/2018 06:26 AM, Hadia Abdelsalam Mokhtar EL miniawi wrote:
Hi All,
So going back to the EPDP team charter question if registry operators and registrars should be permitted or required to differentiate between registrants based on the geographic location, I am of the opinion that no distinction should be made based on the geographic location of the registrant and the reason is that whether the GDPR applies or not does not only depend on the location of the registrant but it also depends on the location of the controller and processor, that is the registry, registrars and resellers and any other related processors. The regulation has this nature of extended territory, as I see it the impact of this distinction will be mainly on the industry, so registrants might choose a reseller in Europe over a reseller or a registrar outside of the EU or vice versa just to be protected or not protected by the GDPR . I cannot see the merit of the registries and registrars differentiating between the registrants based on their geographic location, where registrants not residing in the EU will be treated in accordance to the GDPR if their reseller or registrar is in the EU, the distinction based only on the geographic location of the registrant is already not possible according to the GDPR.
Kindest Regards Hadia
-----Original Message----- From: CPWG [mailto:cpwg-bounces@icann.org] On Behalf Of gtheo Sent: Tuesday, October 30, 2018 9:47 AM To: Greg Shatan Cc: Jonathan Zuck; CPWG Subject: Re: [CPWG] [registration-issues-wg] [GTLD-WG] EPDP: Geographic distinction
As an EU Registrar I need to comply with the GDPR (obvious), as such I need to apply the GDPR to all my international customers or I would not be compliant (maybe not so obvious).
You could perhaps make a distinction between EU vs non EU Registrars? But how do you mix in the other 126 data protection laws that keep growing in numbers? The EPDP team needs to factor that in also. Ultimately the distinction will almost not work. https://iapp.org/news/privacy-tracker/
Thanks,
Theo Geurts
Greg Shatan schreef op 2018-10-30 05:52 AM:
Alan,
One slight caveat: an EU Citizen living in the US would still get the benefit of GDPR when the Controller or Processor with their data is “established� in the EU. But they get that benefit only because the Controller or Processor’s covered by GDPR.
Greg On Tue, Oct 30, 2018 at 12:40 AM Greg Shatan <greg@isoc-ny.org> wrote:
I also think it should be restricted to what GDPR requires. Anything beyond that essentially puts ICANN into the business of making privacy policy without a basis in law, which is beyond the remit of the EPDP.
There may be an interesting discussion to be had about whether ICANN should change WHOIS for policy reasons, but the EPDP is not the place for that conversation.
Greg On Mon, Oct 29, 2018 at 11:12 PM Jonathan Zuck < JZuck@innovatorsnetwork.org> wrote:
I'm inclined to say restricted if for no other reason than we'll eventually have a bunch of GDPRs that are slightly different.
On 10/29/18, 9:36 PM, "GTLD-WG on behalf of Alan Greenberg" < gtld-wg-bounces@atlarge-lists.icann.org on behalf of alan.greenberg@mcgill.ca> wrote:
GDPR is applicable to residents of the EU by companies resident there and worldwide.
One of the issues is whether contracted parties should be allowed or required to distinguish between those who are resident there and elsewhere.
There is agreement that such distinction should be allowed, but EPDP is divided on whether it should be required. The GAC/BC/IPC want to see the distinction made, and at least one very large contracted party does already make the distinction. Other contracted parties are pushing back VERY strongly saying that there is virtually no way that the can or are willing to make the distinction.
The current (confusing) state of the working document is attached.
Which side should ALAC come down on?
- Restrict application to those to whom GDPR applies? - Apply universally ignoring residence?
As usual, quick replies requested.
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg