Brian wrote:
Some registrar interests that are in conflict (objectively) with providing access are:
a) operational efficiency;
MM: would be improved substantially by an SSAD with centralized requesting
b) GDPR penalties
MM: um, if they get penalized for disclosure, then the disclosure should not have happened, no? You might also think about the risks of concentrating all GDPR liability in a single source.
c) future customer business
MM: first, registrars have an interest in weeding out true bad guys as much as any of us. But from a data subject view, the impact of market discipline is a feature, not a bug. Switch it around.
Would it be reasonable for advocates of end users/registrants to trust authorization providers who have NO accountability to end users? Why would NCSG ever accept that?