President and CEO, LegitScript
John
Of course you would wait until a Friday evening to ask me this ..
Anyway ..
As a company in the EU we have to do everything through the lens of GDPR.
That does not mean that a company will get the same treatment as a private individual.
What it does mean is that we (and other EU based registrars and registries) have to consider whether or not there is personal information in the currently public whois information. I’m not 100% sure yet what the best way of dealing with that is.
While we can ask new clients things during signup, it’s going to be significantly harder to get a response from the existing ones.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
------------------------------
- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow, R93 X265
,Ireland Company No.: 370845
From: John Horton <john.horton@legitscript.com>
Date: Friday 16 February 2018 at 19:28
To: Michele Neylon <michele@blacknight.com>
Cc: "benny@nordreg.se" <benny@nordreg.se>, RDS PDP WG <gnso-rds-pdp-wg@icann.org>
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Let me dig in a bit on one question there -- actually curious about this. You indicated "As an Irish company all our clients have to be handled under GDPR." So, for example, let's say that I transferred my company's domain name (obviously, we're a legal person, and we're domiciled in the US and registered here) to Blacknight. I think you'd agree we're not the intended beneficiary of the GDPR. My specific question for you is: Is there written guidance somewhere indicating that you do, in fact, have to provide me GDPR protections? That your policies have to apply to me? If there's some language out there specifically indicating that, it would be helpful to see that. I didn't see that in the Hamilton memo (perhaps I'm missing it) nor in the text of the GDPR (but again, perhaps I'm missing it). Let me know if my question doesn't make sense.
John Horton
President and CEO, LegitScript
On Fri, Feb 16, 2018 at 11:15 AM, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
John
There are two distinct discussions here which seem to be getting mixed together.
During the proxy / privacy discussion some people wanted there to be a distinction between who could avail of proxy / privacy services. Some wanted a prohibition on letting “commercial” have the ability to use proxy / privacy.
The discussions here and elsewhere around collection and publication of data in light of GDPR are very different.
Nobody is disputing that there is a distinction between private individuals and corporations when it comes to GDPR. However there are risks associated with the processing of personal information, which may be tied into corporate information. And the “commercial” vs “non-commercial” distinction won’t work.
Where there is a clear difference is between treatment of registrants based on geography.
As an Irish company all our clients have to be handled under GDPR. The same would be true of any other provider based in the EU.
I cannot speak to nor will I get involved in debates around what various non-EU based operators may currently be doing or plan to do in the future – there are enough of them on this list who can do so more ably than I and without my help.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
------------------------------
- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow, R93 X265
,Ireland Company No.: 370845
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@
icann.org > on behalf of John Horton via gnso-rds-pdp-wg <gnso-rds-pdp-wg@icann.org>
Reply-To: John Horton <john.horton@legitscript.com>
Date: Friday 16 February 2018 at 18:54
To: "benny@nordreg.se" <benny@nordreg.se>
Cc: RDS PDP WG <gnso-rds-pdp-wg@icann.org>
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
I predict you'd see (I'm not speaking for anyone here, just me) a real willingness on the security and compliance community's part to compromise and support a system where, IF a registrant is an EU natural person (yes, I know we need to define it accurately -- citizen, resident, we can get granular later) then...hey, let's set up a system in involving redaction of some fields, access to those fields in legitimate cases, etc. I want to support registrars' compliance with the GDPR. But we're seeing the registrar community say: We want to apply this globally. To all domain name registrations. Doesn't matter if the registrant is the intended beneficiary of the new law, or in scope, or not. We're going to just change global policy.
I think that viewpoint has been pretty repeatedly represented in this working group, but I'd love to hear from registrars that would support a more targeted solution where only the intended beneficiaries of the GDPR (that is, in-scope registrants) are covered under the policy.
John Horton
President and CEO, LegitScript
On Fri, Feb 16, 2018 at 10:44 AM, benny@nordreg.se <benny@nordreg.se> wrote:
Please refer to where registrars have been unwilling to explore this option?
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
Benny Samuelsen
Registry Manager - Domainexpert
Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197000
Direct: +47.32260201
Mobile: +47.40410200
> On 16 Feb 2018, at 19:38, John Horton via gnso-rds-pdp-wg <gnso-rds-pdp-wg@icann.org> wrote:
>
> Just imagine how much of all of this could be avoided if registrars were willing to agree to a commercial/individual distinction.
>
> John Horton
> President and CEO, LegitScript
>
>
> Follow LegitScript: LinkedIn | Facebook | Twitter | Blog | Newsletter
>
>
>> On Fri, Feb 16, 2018 at 10:33 AM, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg@icann.org> wrote:
> GDPR taken to its logical extreme very well could require us to abandon IP reputation and to emptying our firewalls. I mean, no consumer authorized me to process their IP just by attacking me, right?
>
> Privacy absolutism is not the answer unless you basically want to mandate the internet backbone be converted to tor.
>
> --
> John Bambenek
>
> On Feb 16, 2018, at 06:09, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
>
>> It’s an interesting read, but it has several flaws.
>>
>> It refers to registrars solely and ignores registries.
>>
>> It also makes it sound like issues around whois are “new”, which we all know isn’t true.
>>
>> The comments about IP addresses make it sound like it’s a theoretical concern, yet there is case law eg:
>>
>> https://www.irishtimes.com/business/technology/european- court-of-justice-rules-ip- addresses-are-personal-data-1. 2835704
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Mr Michele Neylon
>>
>> Blacknight Solutions
>>
>> Hosting, Colocation & Domains
>>
>> https://www.blacknight.com/
>>
>> http://blacknight.blog/
>>
>> Intl. +353 (0) 59 9183072
>>
>> Direct Dial: +353 (0)59 9183090
>>
>> Personal blog: https://michele.blog/
>>
>> Some thoughts: https://ceo.hosting/
>>
>> ------------------------------- gnso-rds-pdp-wg-bounces@
>>
>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>
>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>
>> From: gnso-rds-pdp-wg <icann.org > on behalf of Dotzero <dotzero@gmail.com>
>> Date: Friday 16 February 2018 at 00:07
>> To: RDS PDP WG <gnso-rds-pdp-wg@icann.org>
>> Subject: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>
>>
>>
>>
>> https://krebsonsecurity.com/2018/02/new-eu-privacy-law- may-weaken-security/
>>
>> Michael Hammer
>>
>> _______________________________________________ gnso-rds-pdp-wg@icann.org
>> gnso-rds-pdp-wg mailing list
>>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________ gnso-rds-pdp-wg@icann.org
> gnso-rds-pdp-wg mailing list
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________ gnso-rds-pdp-wg@icann.org
> gnso-rds-pdp-wg mailing list
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg