It’s an interesting approach but the issue does not stop on EU grounds. I just want to make all and everyone understand one difficult point: GDPR global effect Although it’s the EU’s legal act, the new regulation will have extraterritorial application. It will apply to any entity or data controller — inside or outside the EU — that offers goods or services to, or monitors the behavior of, EU residents, and therefore processes any of their personal data. Fines for non-compliance with the GDPR can reach 4% of the company’s annual worldwide turnover or €20 million, whichever is higher. Now this causes problems. This can easily hit badly on ccNSO guides. The big brands have easily bought domain names that is not in the EU zone. Just a highlight. I think we should certainly stop thinking one area or country. I would tend to say we adopt one general approach for all. My take is that we have to stop thinking old ways and look forward to changes. Stop thinking old ways let’s move to One way that would give ICANN org staff less issues in handling different approaches. Kris

On Feb 13, 2018, at 09:38, Tapani Tarvainen <ncsg@tapani.tarvainen.info> wrote:

<https://www.boxbe.com/overview> This message is eligible for Automatic Cleanup! (ncsg@tapani.tarvainen.info) Add cleanup rule <https://www.boxbe.com/popup?url=https%3A%2F%2Fwww.boxbe.com%2Fcleanup%3Fkey%...> | More info <http://blog.boxbe.com/general/boxbe-automatic-cleanup?tc_serial=36664647977&...> On Mon, Feb 12, 2018 at 01:07:18PM -0800, Chuck (consult@cgomes.com) wrote:

...

It seems to me that it is possible to have 'one RDS' that includes gated access to accommodate different requirements by jurisdiction. RDAP certainly allows for this; it might get complicated, but I think it is possible.

Good point. Certainly some jurisdiction-based differences could be accommodated that way, although not all of GDPR requirements are related to access only.

But that observation suggests a possible way forward.

The urgent, immediate need is to have "RDS for Europe", i.e., a GDPR-compliant RDS. Without that Europeans will end up simply turning WHOIS off.

So we could try to do just that: design a hypothetical "EU-RDS", and while doing it just make a list of things there that would be unlawful or unpalatable elsewhere.

Then, after getting the "EU-RDS" reasonably well defined, we could see if those differences could be managed by using RDAP abilities or something else to create an umbrella RDS so to speak, with options to tune it for different jurisdictions.

If nothing else, it might be useful as an exercise to ferret out the concrete, detailed points of conflict, and move the discussion away from the high level of abstraction that doesn't seem to be leading anywhere.

-- Tapani Tarvainen _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

Kris Seeburn seeburn.k@gmail.com www.linkedin.com/in/kseeburn/ <http://www.linkedin.com/in/kseeburn/> "Life is a Beach, it all depends at how you look at it"