Regardless of what the GDPR details are, we have to presume that other jurisdictions will have different rules, both more and less stringent, perhaps a lot so.
Alan
--
Sent from my mobile. Please excuse brevity and typos.
That brings us back to the question whether we would want a unified DNS system or a fractured one. I personally think 14% of the worlds registrations are quite a significant number, but even if you do not, does this mean you would prefer fragmentation of policies and rules?
Am 13.02.2018 um 19:18 schrieb John Horton via gnso-rds-pdp-wg:
+1 (to Greg)
On Tue, Feb 13, 2018 at 10:09 AM Greg Aaron <gca@icginc.com> wrote:
What are the jurisdictions where gTLD registrants are located? The stats indicate that a distinct minority of gTLD registrations and registrants may qualify for GDPR protection. According to ICANN’s metrics, 14% of registrants are in the EU. The top jurisdictions are:
USA 41.0%
EU countries 14.0%
China 9.4%
Canada 4.2%
Japan 3.5%
Panama 3.3%
[other 24.6%]
These stats don’t tell us exactly how many registrations might involve GDPR (affecting that are the jurisdictions of the various parties involved in any given registartion, the fact that legal person in the EU are not due the same protection as natural persons, etc.). Still, that 14% is interesting.
The European Commission itself recently told ICANN that solutions can and should be balanced, to “preserve the proper use of WHOIS while ensuring full compliance with the (current and future) EU data protection rules”, and that GDPR only applies to the personal data of natural persons in the EU.
So, what justifies extending a particular protection regime (baseline) to all registrants worldwide, especially when a technical system can support situational-based needs? Over-compliance is not necessary, and over-compliance erodes the proper use of WHOIS. I suggest that a proper solution is to enable compliance with a rule in the situations in which the rule applies. The proper solution is not to over-apply a rule, or to apply the rule where it does not have power.
All best,
--Greg
Source: https://www.icann.org/resources/pages/cct-metrics-domain-name-registration-2016-06-27-en
**********************************
Greg Aaron
Vice-President, Product Management
iThreat Cyber Group / Cybertoolbelt.com
mobile: +1.215.858.2257
**********************************
The information contained in this message is privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Tuesday, February 13, 2018 11:24 AM
To: gnso-rds-pdp-wg@icann.org
Subject: Re: [gnso-rds-pdp-wg] Legal basis vs. lawful
More than half the countries in the world now have comprehensive data protection laws, and the number grows every year. We found that in our research of foundation documents at the start of this WG. The tipping point took place in 2015. As it happens, Volker's approach simply does take this perspective into account.
Best, Kathy
On 2/13/2018 11:04 AM, Dotzero wrote:
Volker, you assert that "it would be sensible to take GDPR as a basis and start from there". Perhaps sensible from your perspective and easier from your perspective but ICANN is an international organization - primarily dealing with technical/administrative issues - and it MUST take an approach that, as best it can, accommodates the laws and practices of various jurisdictions around the world. Your proposed approach, quite simply does not do that.
Michael Hammer
On Tue, Feb 13, 2018 at 10:54 AM, Volker Greimann <vgreimann@key-systems.net> wrote:
I think that it would be sensible to take the GDPR as a basis and start from there. Obviously, where it conflicts with other applicable laws, we should make sure to accomodate those as well, but as the EU Commission and others have pointed out is that compliance with GDPR does not preclude providing certain access levels to certain parties. What those levels would be and who those parties could be should be the main focus of our work.
Am 13.02.2018 um 15:41 schrieb Chuck:
Volker,
Are you saying that you think that RDS policies should be designed to comply with European regulations and then applied to all other jurisdictions in the world?
Chuck
From: Volker Greimann [mailto:vgreimann@key-systems.net]
Sent: Tuesday, February 13, 2018 5:58 AM
To: Chuck <consult@cgomes.com>; 'Michael Palage' <michael@palage.com>
Cc: gnso-rds-pdp-wg@icann.org
Subject: Re: [gnso-rds-pdp-wg] Legal basis vs. lawful
I am afraid that if we create different policies for different regions, we will break the model, encourage forum shopping and encourage firewalling of entire geographic sections of the net. I hope that is not what we are doing here.
GDPR will cause some breakage of this and I see it as our mission to fix this breakage of the standard by proposing a unified model once again.
Ultimately, if this solution does what the EU has been asking for, e.g. protect legitimate use cases of registration data as well as the rights of the data subjects, there is no reason why it should not be universally applicable.
Best,
Volker
Am 13.02.2018 um 00:04 schrieb Chuck:
Volker,
The WG could recommend policies that are ‘universally applicable to all registrations’ but I seriously doubt that will happen in today’s world. That would be much simpler than policies that vary by region and users, but is it realistic?
Chuck
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann
Sent: Monday, February 12, 2018 2:30 PM
To: Michael Palage <michael@palage.com>
Cc: gnso-rds-pdp-wg@icann.org
Subject: Re: [gnso-rds-pdp-wg] Legal basis vs. lawful
Michael is right. ICANN iOS based on the thought of “One World; one Internet”. This also means that the policies it creates should be universally applicable to all registrations, if possible. IF we start creating policy that diverges, that would only lead to further fragmentation and undermine the founding ideal of ICANN itself. Our aim should be to create one policy that can be applied to all or most registrations and that can be implemented by all registrars alike.
While we will likely have a certain amount of fragmentation following May 25 as each contracted party applies its own solution, it should be our goal to overcome this and present a new unified policy that works for all contracted parties.
Volker
On 12. Feb 2018, at 20:27, Michael Palage <michael@palage.com> wrote:
Greg/John,
I will respectfully push back on your legal over simplification of the GDPR.
The exterritorial aspect of the GDPR set forth in Article 3 is NOT just limited to EU residents/citizens. As Michele has noted in the past, the GDPR requires BlackKnight as an Irish legal entity to protect all of its customers data (EU/Non-EU) in compliance with GDPR, as well as US entities that target and conduct business within the EU.
Now your points about the distinction between natural and legal persons is a fair one and one that has been noted in EU and Art 29 communications. Could you please share the basis of your proposition that 97% of all domain name registrations are registered by legal entities.
As I have note previously the long term viability of the ICANN multi-stakeholder model is at risk as national governments continue to pass national laws that impact the operation of the Internet. However, the European Union is NOT alone in advancing Privacy Legislation, in fact data localization is perhaps the next biggest lurking threat to the domain name system.
Best regards,
Michael
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of John Horton via gnso-rds-pdp-wg
Sent: Monday, February 12, 2018 1:22 PM
To: Greg Aaron <gca@icginc.com>
Cc: gnso-rds-pdp-wg@icann.org
Subject: Re: [gnso-rds-pdp-wg] Legal basis vs. lawful
I think Greg is right on. There's simply no justification to force a law that is only intended to apply to a) EU residents/citizens that are b) natural persons not using the domain name for commercial purposes, to the remaining...what? 97% - 99% of the world's registrant population? That would be a balanced way to implement all of this.
John Horton
President and CEO, LegitScript
