Restrict. But the [processing] principle at issue is really about granularity of data; granularity enables pointed decision-making. Multiple DP/P regimes are emerging, all of them sharing principles but often because of application makes for small to significant differences. In fact even in EU member states there are differences. Encourage granularity. -Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* ============================= On Mon, Oct 29, 2018 at 8:33 PM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
GDPR is applicable to residents of the EU by companies resident there and worldwide.
One of the issues is whether contracted parties should be allowed or required to distinguish between those who are resident there and elsewhere.
There is agreement that such distinction should be allowed, but EPDP is divided on whether it should be required. The GAC/BC/IPC want to see the distinction made, and at least one very large contracted party does already make the distinction. Other contracted parties are pushing back VERY strongly saying that there is virtually no way that the can or are willing to make the distinction.
The current (confusing) state of the working document is attached.
Which side should ALAC come down on?
- Restrict application to those to whom GDPR applies? - Apply universally ignoring residence?
As usual, quick replies requested.
Alan_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg