Urgent EPDP question
Here is a question that we need an answer on no later than Tuesday morning. GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies). ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR. The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons. The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.) I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does. Comments? Alan
I fully agree with Alan's position. Mitt Romney is wrong, in most of the world at least. ( https://youtu.be/FxUsRedO4UY) ___________________ Evan Leibovitch, Toronto @evanleibovitch/@el56 On Sun, Oct 14, 2018, 9:13 PM Alan Greenberg, <alan.greenberg@mcgill.ca> wrote:
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Folks An argument against differentiation is that the contracted parties want to be able, as much as possible, to implement one system for managing information rather than having to differentiate between the license of a name being a natural person and the licensee of a name being a corporate person. Another is says that there are circumstances where information about legal entities may amount to personal information - for example, when a small business (usually a legal person) has used the actual name of the person as the business name, or where, in the case of a legal person, the contact details provided are for a named individual - thus GDPR protections should apply uniformly. My personal view is that, from the perspective of users, the protections of GDPR really need only apply to natural persons. That means that companies will need to be careful not to provide personal contact information for the RAA/Registry agreements. And from an end user point of view, the management of systems to differentiate legal from natural persons is not our concern. Holly
On Oct 15, 2018, at 12:12 PM, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
In agreement of contractual parties of having 2 systems, one to protect the "natural person" privacy information for every one globally and not only those from Europe. The second is for the "legal persons" and because they're under licence agreements in the legal system of their respective countries. Hence moving to a two registered system has to have a limited and derminate timeframe to move towards the dual registrant system. I don't think their concerns about changing the system, but it seems it goes beyond that. If there are concerns about the micro commercial business for individual who function without any registration in their countries, it would be their individual problem in how to be accountable to their countries requirements. Nadira On Mon, Oct 15, 2018, 05:01 Holly Raiche <h.raiche@internode.on.net> wrote:
Folks
An argument against differentiation is that the contracted parties want to be able, as much as possible, to implement one system for managing information rather than having to differentiate between the license of a name being a natural person and the licensee of a name being a corporate person.
Another is says that there are circumstances where information about legal entities may amount to personal information - for example, when a small business (usually a legal person) has used the actual name of the person as the business name, or where, in the case of a legal person, the contact details provided are for a named individual - thus GDPR protections should apply uniformly.
My personal view is that, from the perspective of users, the protections of GDPR really need only apply to natural persons.
That means that companies will need to be careful not to provide personal contact information for the RAA/Registry agreements. And from an end user point of view, the management of systems to differentiate legal from natural persons is not our concern.
Holly
On Oct 15, 2018, at 12:12 PM, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
Agree -----Original Message----- From: GTLD-WG <gtld-wg-bounces@atlarge-lists.icann.org> On Behalf Of Alan Greenberg Sent: Sunday, October 14, 2018 9:13 PM To: CPWG <cpwg@icann.org> Subject: [GTLD-WG] [CPWG] Urgent EPDP question Importance: High Here is a question that we need an answer on no later than Tuesday morning. GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies). ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR. The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons. The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.) I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does. Comments? Alan _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Dear Alan, On 15/10/2018 06:42, Alan Greenberg wrote:
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
I also agree. If one is going to base an argument on GDPR, then companies do not fall under GDPR. Kindest regards, Olivier
I agree with Alan. We should keep to the strict remits of GDPR in terms of applying only to Natural Persons. Justine ----- On Mon, 15 Oct 2018 at 09:13, Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
On Mon, Oct 15, 2018, 6:43 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
+1. Such a distinction would be fair. The epdp could also consider recommending a privacy intensive framework for natural person's data and a transperncy-centric framework for legal person's data.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
The problem with this is a corporate entity would have the name, telephone, and address of the contact individual in the whois information. That proposal will include that individual under the GDPRs of a contact. On Sun, October 14, 2018 9:22 pm, sivasubramanian muthusamy wrote:
On Mon, Oct 15, 2018, 6:43 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
+1. Such a distinction would be fair. The epdp could also consider recommending a privacy intensive framework for natural person's data and a transperncy-centric framework for legal person's data.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
What problem are we trying to solve when we differentiate between legal entities vs natural persons? Thanks, Theo Bill Silverstein schreef op 2018-10-15 06:58 AM:
The problem with this is a corporate entity would have the name, telephone, and address of the contact individual in the whois information. That proposal will include that individual under the GDPRs of a contact.
On Sun, October 14, 2018 9:22 pm, sivasubramanian muthusamy wrote:
On Mon, Oct 15, 2018, 6:43 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
+1. Such a distinction would be fair. The epdp could also consider recommending a privacy intensive framework for natural person's data and a transperncy-centric framework for legal person's data.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
contact@company.com Tel: switchboard: xxxxxxxxxx Address of company: xxxxxxxxx What kind of a company is company that does not want to be contactable? Seriously? Kindest regards, Olivier On 15/10/2018 10:28, Bill Silverstein wrote:
The problem with this is a corporate entity would have the name, telephone, and address of the contact individual in the whois information. That proposal will include that individual under the GDPRs of a contact.
On Sun, October 14, 2018 9:22 pm, sivasubramanian muthusamy wrote:
On Mon, Oct 15, 2018, 6:43 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
+1. Such a distinction would be fair. The epdp could also consider recommending a privacy intensive framework for natural person's data and a transperncy-centric framework for legal person's data.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
Yes Natural person must be protected under GDPR no legal person. In French Personne physique oui Personne morale non Thanks SeB Envoyé de mon iPhone
Le 15 oct. 2018 à 03:12, Alan Greenberg <alan.greenberg@mcgill.ca> a écrit :
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Good morning: Well, you guys have been having a busy night! Alan: I think you have got your answer. (Should ICANN try to impose a uniform system it would be most likely too lax to conform to GDPR for natural persons.) Regards CW (Monday morning!)
El 15 de octubre de 2018 a las 7:14 Sebastien Bachollet <sebicann@bachollet.fr> escribió:
Yes Natural person must be protected under GDPR no legal person. In French Personne physique oui Personne morale non Thanks SeB
Envoyé de mon iPhone
Le 15 oct. 2018 à 03:12, Alan Greenberg <alan.greenberg@mcgill.ca> a écrit :
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Alan
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
That isn't what GDPR states. By presenting it as applying to "natural persons" vs "legal persons" you are over simplifying GDPR and its application. GDPR applies to personal data. It applies to data subjects. It also applies to data processing in the EU regardless of where the data subject is. So as an Irish company we have to treat our Canadian clients' data under GDPR as we are processing it in the EU. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Michele you are correct. I considered putting that level of detail in, but decided that it overly complicated a message that was solely asking about legal vs natural persons. Note that your comment would have made the parenthetical twice as long as the rest of the sentence. Alan At 15/10/2018 05:15 AM, Michele Neylon - Blacknight wrote:
Alan
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
That isn't what GDPR states. By presenting it as applying to "natural persons" vs "legal persons" you are over simplifying GDPR and its application. GDPR applies to personal data. It applies to data subjects. It also applies to data processing in the EU regardless of where the data subject is. So as an Irish company we have to treat our Canadian clients' data under GDPR as we are processing it in the EU.
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I think the proper question to ask is “How many end users actually benefited from third parties checking WHOIS data”? The answer might well be “All of them.” Best regards, Greg On Mon, Oct 15, 2018 at 11:47 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Michele you are correct. I considered putting that level of detail in, but decided that it overly complicated a message that was solely asking about legal vs natural persons. Note that your comment would have made the parenthetical twice as long as the rest of the sentence.
Alan
At 15/10/2018 05:15 AM, Michele Neylon - Blacknight wrote:
Alan
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
That isn't what GDPR states. By presenting it as applying to "natural persons" vs "legal persons" you are over simplifying GDPR and its application. GDPR applies to personal data. It applies to data subjects. It also applies to data processing in the EU regardless of where the data subject is. So as an Irish company we have to treat our Canadian clients' data under GDPR as we are processing it in the EU.
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
Hmm... third party access does not always benefit the end user in reality. Cheers! Sent from my mobile Kindly excuse brevity and typos On Mon, 15 Oct 2018, 19:15 Greg Shatan, <greg@isoc-ny.org> wrote:
I think the proper question to ask is “How many end users actually benefited from third parties checking WHOIS data”?
The answer might well be “All of them.”
Best regards,
Greg On Mon, Oct 15, 2018 at 11:47 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Michele you are correct. I considered putting that level of detail in, but decided that it overly complicated a message that was solely asking about legal vs natural persons. Note that your comment would have made the parenthetical twice as long as the rest of the sentence.
Alan
At 15/10/2018 05:15 AM, Michele Neylon - Blacknight wrote:
Alan
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
That isn't what GDPR states. By presenting it as applying to "natural persons" vs "legal persons" you are over simplifying GDPR and its application. GDPR applies to personal data. It applies to data subjects. It also applies to data processing in the EU regardless of where the data subject is. So as an Irish company we have to treat our Canadian clients' data under GDPR as we are processing it in the EU.
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ GTLD-WG mailing list GTLD-WG@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg
Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
Hello Alan, I join others to agree that there indeed needs to clear differentiation between the 2 element, actually am unsure how not differentiating will better help towards fulfilling GDPR requirements. My hope though is that the "natural persons" referred will not be to those covered by GDPR alone but rather to the global registrants. Regards PS: On a lighter note, what is GDPS as mentioned by Alan? - Lots of Acronym in ICANN acronymn soup. On Mon, Oct 15, 2018 at 2:13 AM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
-- ------------------------------------------------------------------------ *Seun Ojedeji,Federal University Oye-Ekitiweb: http://www.fuoye.edu.ng <http://www.fuoye.edu.ng> Mobile: +2348035233535**alt email: <http://goog_1872880453>seun.ojedeji@fuoye.edu.ng <seun.ojedeji@fuoye.edu.ng>* Bringing another down does not take you up - think about your action!
Alan: The objective here is compliance with GDPR - and, yes, other privacy legislation. ICANN, then, must differentiate between legal and natural persons as part of this compliance effort. Gordon Chillcott On Sun, 2018-10-14 at 21:12 -0400, Alan Greenberg wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
I agree; the ALAC should press for differentiation. -Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* ============================= On Sun, Oct 14, 2018 at 8:13 PM Alan Greenberg <alan.greenberg@mcgill.ca> wrote:
Here is a question that we need an answer on no later than Tuesday morning.
GDPR requires the information related to Natural Persons be protected (for those resident in Europe) be protected. GDPR does not apply to Legal Persons (ie companies).
ICANN's Temporary Spec allows contracted parties to treat all registrant alike and subject to GDPR.
The EPDP Charter includes questions about whether contracted parties may or must treat Legal Persons differently from Natural Persons.
The GAC, BC and IPC have made strong statements about the need to restrict GDPS to Natural Persons. The contracted parties are pushing back - strongly. The words vary, but in essence what they are saying ranges from there should be no constraint on them to yes, they may differentiate but with an unspecified time-frame. (As you may note if you looked at the RDS-WHOIS2 report, registrars under the 2013 RAA must do some validation of contact information for new an transfered domains, but none to simple renewal. so there are currently 140,000,000 domains without verified information (5 years after the 2013 RAA came into force) and there is no requirement to ever validate their information - so unspecified time frames can last a LONG time.)
I personally feel that it is essential that we should differentiate between legal persons and natural persons, just as GDPR and other privacy legislation does.
Comments?
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg _______________________________________________ registration-issues-wg mailing list registration-issues-wg@atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/registration-issues-wg
participants (17)
-
Alan Greenberg -
Bill Silverstein -
Carlton Samuels -
Evan Leibovitch -
Gordon Chillcott -
Greg Shatan -
gtheo -
Holly Raiche -
Jonathan Zuck -
Justine Chew -
mail@christopherwilkinson.eu CW -
Michele Neylon - Blacknight -
Nadira Alaraj -
Olivier MJ Crépin-Leblond -
Sebastien Bachollet -
Seun Ojedeji -
sivasubramanian muthusamy