For those interested in which countries have privacy law, I think Graham Greenleaf's table is a good reference: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2603502 cheers Stephanie Perrin On 2016-03-30 6:04, DANIEL NANGHAKA via Gnso-rds-pdp-privacy wrote:
Dear All,
If we are to look at Privacy as a global issue which is a fact, we cannot rule out the fact that there are already some territories that are have drafted there own policy on Data Privacy and Protection. I would not like to reference at this moment to specific documentation taking a global perspective,
I agree with @Farell that we need to focus on the topic, the documentation listed in this case of Europa does not provide a full benchmark in the drafting of the RDS Privacy policy and we can come up with a standard.
First and foremost Any Institution that is subjected to gathering of data becomes a data handler and the data of the subject must be subject to privacy, before any data must be shared to the third party then there must be consent to share the data.
There should be a benchmark of the data that is shared to third parties for the data to be shared.
When it comes to the WHOIS Database, the information shared is worth too much that poses a security risk to the registrant which includes but not limited to spam, hacks, attacks to mention based on access.
There is an improvision of Domain Privacy but it only protects the user information which I feel leaves a security gap.
Secondly following the statement made by @David
" ... Whether or not EU principles represent international best practice or are otherwise desirable for other jurisdictions is not a helpful debate to have in this sub-group. Some ICANN registrars are within EU jurisdictions, and so must comply with those rules, so it is relevant..."
I agree, the EU principles should be a guide as EU does not necessarily represent other territories that are not included in the EU. Every registrant must comply to the rules and policies of there respective territories and where there is need to stretch into other respective regions, then a guiding territorial policy works best as a benchmark with reference to both territories privacy policies. This means there is need for a Global Policy Benchmark that references to cross territorial cases regarding to the respective privacy policy of the data handlers.
This is where once there is breach of privacy and it cuts across territorial boundaries then International Policy takes rule.
Regards Nanghaka Daniel K. Executive Director - ILICIT Africa / Council Member - FOSSFA / Community Lead - ISOC Uganda Chapter Mobile +256 772 898298 (Uganda) Skype: daniel.nanghaka
----------------------------------------- /"Working for Africa" /-----------------------------------------
On Tue, Mar 29, 2016 at 12:29 PM, Farell Folly via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org>> wrote:
Dear all,
I agree again with David Cake. Let's focus on our topic. Stereotypes are not good advisors for security/data privacy/data protection.
Le mar. 29 mars 2016 à 06:28, David Cake via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org>> a écrit :
The purpose of this sub-group is simply to decide what material is relevant and useful to the working groups deliberation, and help produce summaries etc that will guide the WG through the large amount of relevant material.
Whether or not EU principles represent international best practice or are otherwise desirable for other jurisdictions is not a helpful debate to have in this sub-group. Some ICANN registrars are within EU jurisdictions, and so must comply with those rules, so it is relevant. Thank you Ayden for identifying some material that you feel is relevant to this working groups work.
David
On 29 Mar 2016, at 1:43 AM, Greg Shatan <gregshatanipc@gmail.com <mailto:gregshatanipc@gmail.com>> wrote:
Ayden,
EU rulings do not necessarily impact the law in the rest of the world, much less California. I would not categorize an attempt to embrace EU principles as a "race to the top" nor would I categorize those principles as "international best practices." Certainly, we as a group should not adopt such attitudes. But, hey, it's nice to know where you stand.
Best regards,
Greg Shatan
<image001.jpg>
*Gregory S. Shatan | Partner *McCARTER & ENGLISH, LLP
245 Park Avenue, 27th Floor | New York, New York 10167 T: 212-609-6873 <tel:212-609-6873> F: 212-416-7613 <tel:212-416-7613> gshatan @mccarter.com <mailto:gshatan%20@mccarter.com> | www.mccarter.com <http://www.mccarter.com/>
BOSTON | HARTFORD | STAMFORD | NEW YORK | NEWARK EAST BRUNSWICK | PHILADELPHIA | WILMINGTON | WASHINGTON, DC
On Mon, Mar 28, 2016 at 12:01 PM, Ayden Fabien Férdeline <gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org>> wrote:
Hello all,
I would like to introduce some material relating to the 'right to be forgotten' in Europe. Here's a court judgement <https://links2.mixmaxusercontent.com/aMjjKHWxnLSD3SEwj/l/Y6pG8Inj7cxRfeEQg?r...> <http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIn...>.
The protection of personal data in Europe is seen as a fundamental right on equal standing with all other human rights. The Court of Justice of the European Union has consistently held that any and all data processing must be subject to stringent proportionality assessments.
It has been unsuccessfully argued that allowing users to delete their data is an affront to other fundamental rights such as free speech. The Court of Justice of the EU has consistently ruled that if and when the privacy interests of the data subject outweigh the public interest, the individual should be able to enforce his or her 'right to be forgotten'.
This decision is something we should carefully consider when looking at how long we retain information for. Certainly once a domain name has expired, it would be difficult to justify under these rulings the continued storage of the sensitive personal information of registrants.
I appreciate that EU rulings do not necessarily impact Californian law, but hey, why not have a race to the top and adopt international best practices in privacy law… :-)
Best wishes,
Ayden Férdeline
On Sun, Mar 27, 2016 at 5:37 AM, David Cake via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org>> wrote:
Welcome all of you to the Privacy sub-team. Thanks to all of you for volunteering.
Our task is first to collect information on privacy issues relevant to registration data. Then we will go on to decide how best to present that information for use of the working group - we may consolidate, summarise, prioritise etc in order to make the important information easily available. Hopefully the privacy experts on this group will help us locate the most important material, and make it easily digestible to the broader working group.
This is a link to the RDS PDP WG document that describes the approach the WG agreed upon https://community.icann.org/download/attachments/58730879/RDS-PDP-Proposed-S... <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_dow...>
At this early stage, we are in collection mode - please send documents that you think will be valuable to the group. If you add a bit more information for context as to why you think it would be useful, that will probably be very helpful for later work.
Looking forward to working with you all.
David
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
Ayden Férdeline +44.77.8018.7421 <tel:%2B44.77.8018.7421>
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
-- Best regards,
@__f_f__
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
ᐧ
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy