On 13 Feb 2018, at 15:29, Chris Pelling <chris@netearth.net> wrote:
Sorry Greg,
Totally disagree based on the requirements of the RAA and data retention requirements. Sending data to Icann for audits etc, to iron mountain for data escrow.
Way too much data in my opinion
During audits data is sent to auditors, not to ICANN. I wouldn't trust ICANN InfoSec with such data and I think most contracted parties wouldn't either. As for data escrow, it only contains registration data; while some information there is sensitive (like physical address), registrants would rather keep their domains in case of a registrar or registry collapse. Different from WHOIS publication, when the possible legitimate uses under discussions are of 3rd parties, escrow is a legitimate interest of the registrant. While I would like to see DPAs signing on that thinking to be sure we are on the safe side, it's not a balance, it is in place towards registrant benefit. The only grey area here is "right to be forgotten" after a domain is deleted or transferred; will a registrant be able to ask for such data removal, or is a domain registry like a land registry where the ownership history belongs to society not to individual owners of that piece of land ? Rubens