[At-Large] Data Protection directives need to include Data Transparency directives.

sivasubramanian muthusamy 6.internet at gmail.com
Tue Aug 21 22:06:17 UTC 2018


(I sent the following message as comments on an epdp Report on Temporary
Specification for gTLD registration data. But this is more of a comment on
Data Protection regulation in general, so copied to the Internet Policy

In Data Protection terminology, "Personal data" is more of a generic or
'loose' term that applies both to individual and business data. In DNS,
Registration Data does not make any distinction between individual
registrants and business registrants whose web space is for some form of
(e)commerce activity. While there is a need for privacy of personal data of
individual registrants, the opposite, need for greater transparency, may be
required in the case of data related to any form of commercial, perhaps
even Government and non Government web spaces.

The rationale is that the online presence of small and large businesses
alike are often short of information pertaining to physical location, names
of functionaries, officials or the person in-charge.  A Phone company does
not have listed phone number, an email company does not have a visible
email addresses ! This is part of a pattern of multiple players transacting
business online from a carefully guarded climate of "do-not-reply" email
accounts, phones without a call back number, answering machines,
conveniently assisted by BPO intermediaries who keep the consumer at an
unapproachable distance. A hotel reservation portal or a small shop online
transacts business online without allowing the consumer the ability to
reach them for various reasons.

Limiting access to Registration data indiscriminately and only for
'legitimate uses' may perpetuate this trend of inaccessibility of business
entities,  widen the disconnect between business and consumer with the
effect that multiple commercial registrants would continue to design their
online presence to transact business without due accountability. The
section  4.4.2, Lawfulness & Purposes of Processing gTLD Registration Data
as written, might have the unintended consequence of perpetuating unhealthy
protection for segments that actually require information disclosure and
transparency. How the DNS will make such a distinction is another question.

Does GDPR make such a distinction?

Sivasubramanian M

Sivasubramanian M <https://www.facebook.com/sivasubramanian.muthusamy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20180822/0fd001c5/attachment.html>

More information about the At-Large mailing list