I am not quite sure
which arguments Alex is labelling obstructive, but I feel compelled
(at the risk of being called obstructive) to clarify a couple
of things. As a non lawyer, I would add.
1. Proportionality is a pretty well known concept in EU law, as is the reasonable person test I talked about last week, in common law. It does not mean that by introducing those concepts into the law, we are punching a hole in the bottom of the bucket. It does not mean that all a party has to claim is "I need that data" "I have a business that was founded on harvesting that data" or "if I don't get that data my auto bots will not be able to send out letters automatically, I will have to hire people to do work", and a data commissioner is supposed to fold and say "why shucks, you need that data you just go right ahead and take it. Chances are the individuals will never know". Not saying that doesn't happen, of course, humanity being what it is....
2. We are supposed to
be finding out what the right thing to do is. I do not expect
anyone on the IP/BC to stop arguing that they need the data,
(although I do pray for conversions on a biblical scale in my
private moments) and I will not label you or John Horton or
anyone else, I hope, obstructive for continuing to insist on
the same arguments. Happy to have it pointed out if I am
getting shrill, sometimes we all get short tempered. But
repeating the same argument and refusing to fold is not
obstructive. (I believe the BC or the IPC even added similar
language into their comments on the recent draft anti-harassment
policy, for which I congratulate them.)
3. As for bread crumb data. This is a very difficult area. For those of us who are not prepared to give up on privacy, the fact that you can find anything about anybody today without their consent, if you know where to look and what identifiers to use is not okay. As we move into the IOT (following some of Sam's examples) we do get closer to that world, and if we dont hurry up it will be hard to have any privacy about our most intimate affairs. So privacy advocates (and not just the lone nutter volunteering on this group who is speaking at the moment) are determined to set limits on bread crumb data. (see the 2014 paper by the Art 29, which touches on some of these issues http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf). Those of us who also administered the access to information acts when those acts were in their infancy, heard a lot of earnest argument from defence/intelligence/law enforcement agencies that we could not release seemingly innocuous crumbs of data lest they contribute to the "mosaic effect", whereby a dangerous picture of intelligence gathering/law enforcement techniques etc could be deduced from small elements released, once combined with others. Obviously this is true. The same agencies, again quite logically, argued that the same did not apply to personal data they needed. Personally, I find it hard to agree with that. Sadly, in the internet world, individuals are on their own in a largely unregulated universe. They are the victims of "information asymmetry", anyone with a life is too busy to be focused on what is happening to their personal data. We are past the point where someone can say "caveat emptor, it is up to the individual to read everything and find out what is happening to their data." Bread crumb data is therefore much more important now than it was when the original deal for a wide open WHOIS was hatched.
4. AS for authentication
to get access to thick data, which you have pointed out
correctly lies ahead of us.....we should not substitute one
completely insecure open data trove with one with a weak authenticator
that only stops bots. You and Scott Hollenbeck and many
others would know better than I what we need, but given we only
tweak this thing every 20 years we had better think ahead and
make it better than an email address. We need to be able to
arrest those who are committing fraud to get access to PI,
what standard of evidence would that take?
Stephanie Perrin
All,
So it seems the debate has progressed from “thin data” to “thick data” (i.e. data that includes email). I know we are all super excited to talk about “thick data” but I don’t think we are there yet (are we? Hopefully I didn’t miss the party…)
Focusing on thin data for the moment I struggle to understand how it is personal data. I do not believe it is. As for the odd logic proposed by some that the property of privacy is transitive (i.e. Because “thin data” can be used to link/point/discover other data then “thin data” equals “personal data”) I just don’t buy it.
I don’t disagree with much of what was expressed in this thread, however we must keep in mind that balance and proportionality are important concepts in many (all?) data privacy laws. Any arguments that imply that no such balance exists (or should exist) is obstructive IMO.
Alex
On 2/13/17, 5:42 AM, <gnso-rds-pdp-wg-bounces@icann.org on behalf of michele@blacknight.com> wrote:
I agree and I know from how I’ve used various email addresses that they are actively being harvested and spammed.
Also it’s one of the biggest sources of complaints we get from our clients (registrants)
It’s definitely not an “edge case”.
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Social: http://mneylon.social
Some thoughts: http://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg