This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] GDPR - positive effects on email abuse
- Previous message (by thread): [anti-abuse-wg] GDPR - positive effects on email abuse
- Next message (by thread): [anti-abuse-wg] Final Decision on 2017-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Vittorio Bertola
vittorio.bertola at open-xchange.com
Wed May 30 11:14:48 CEST 2018
> Il 29 maggio 2018 alle 22.00 "Ronald F. Guilmette" <rfg at tristatelogic.com> ha scritto: > As I understand it, the binding contractual obligations which all individual > domain name registrants have committed to include the requirment to provide > accurate WHOIS data, with the understanding that this information will be > published. It is illegal to require people in a contract to agree to supply or publish their data if they want to receive a service, unless you can prove that it would not be in any way practically possible to supply the service without receiving and/or publishing those data (and I stress: practically, not by policy). In this case, you can argue that it is necessary for the users to supply their information, for example to be able to pay and get an invoice, but publishing it is another matter: there is really no argument to support the idea that the DNS cannot technically work without Whois. So, at this point in time, any contractual clause by anyone (ICANN, registry, registrar...) requiring a EU citizen to agree to publish data in Whois is (very likely to be) void in Europe. > Also and similarly, as I understand it, domain name registrars and registries > (with the exception of the ccTLDs) have all contractually committed themselves > (to ICANN) to actually publish this data. And similarly, those provisions are now void in Europe. > Could someone please explain to me then how these pre-existing contractual > obligations somehow fall outside of the exception stated in GDPR Art 6 I c? > > In what sense are these pre-existing contractual obligations not "legal > obligations", as defined, presumably, within the GDPR framework? Because a "legal obligation" can only be imposed by a law-making body, i.e. the European or national parliament. Contracts are not laws, and private parties cannot make, change, ignore, grant exemptions from, or enforce laws. Whenever you have a public registry in Europe, you have a national or European law that creates it, and thus bypasses the privacy laws. So what you should actually do is to lobby the European Parliament to pass a regulation that institutes a public registry of domain name owners - then it would work. Regards, -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola at open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy
- Previous message (by thread): [anti-abuse-wg] GDPR - positive effects on email abuse
- Next message (by thread): [anti-abuse-wg] Final Decision on 2017-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]