Let me chime in to say that I very much appreciate the discussion that is occurring on the list on this topic.

 

Chuck

 

From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Ayden FĂ©rdeline
Sent: Wednesday, February 7, 2018 10:16 AM
To: Sam Lanfranco <sam@lanfranco.net>
Cc: gnso-rds-pdp-wg@icann.org
Subject: Re: [gnso-rds-pdp-wg] Legal basis vs. lawful

 

Thanks for this explanation, Sam and Tapani. On this basis I am most comfortable with the existing text; that is, any purpose must satisfy at least one 'legal basis' for processing.

 

Kind regards,

Ayden  

 

 

-------- Original Message --------

On 7 February 2018 4:53 PM, Sam Lanfranco <sam@lanfranco.net> wrote:

 

Thanks Tapani,

I will extract from your longer message.

I deliberately kept my brief and less technical.

I think we are in agreement here and I support your position.

 

 

On 2/7/2018 1:07 AM, Tapani Tarvainen wrote:

The key distinction, as I understand it, is that "lawful" would be
 defined by the negative, everything that some law does not prohibit,

where as "legal basis" is defined by the positive, only things whose
justification can be explicitly derived from law.

  <......>

So I would prefer "legal basis" specifically in this sense: that any processing
 would have to be explicitly based on one of the criteria, or bases, as listed
in GDPR Article 6, or similar explicit justification in other data protection legislation.