General Data Protection Regulation: Difference between revisions
Dustin Loup (talk | contribs) No edit summary |
Kiran Kumar (talk | contribs) No edit summary |
||
Line 8: | Line 8: | ||
==GDPR and WHOIS== | ==GDPR and WHOIS== | ||
The GDPR directly impacts the domain name space, most notability the [[WHOIS]] service. Prior to the GDPR enforcement date, [[ICANN]]'s contracted parties ([[Registry|Registries]] and [[Registrar]]s) expressed concern about their about to comply with their contractual requirement and be GDPR compliant. In light of this concern and the uncertainty around the implications of GDPR on WHOIS, ICANN announced that it would defer action against registries and registrars for noncompliance related to registration data.<ref>[https://www.icann.org/resources/pages/contractual-compliance-statement-2017-11-02-en ICANN Contractual Compliance Statement] Accessed 2 February 2018</ref> | The GDPR directly impacts the domain name space, most notability the [[WHOIS]] service. Prior to the GDPR enforcement date, [[ICANN]]'s contracted parties ([[Registry|Registries]] and [[Registrar]]s) expressed concern about their about to comply with their contractual requirement and be GDPR compliant. In light of this concern and the uncertainty around the implications of GDPR on WHOIS, ICANN announced that it would defer action against registries and registrars for noncompliance related to registration data.<ref>[https://www.icann.org/resources/pages/contractual-compliance-statement-2017-11-02-en ICANN Contractual Compliance Statement] Accessed 2 February 2018</ref> | ||
==Regulations Of GDPR== | |||
The regulation applies if the data controller (an organization that collects data from EU residents) or processor (an organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore the regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. | |||
The regulation does not purport to apply to the processing of personal data for national security activities or law enforcement within the European Union; however, industry groups concerned about facing a potential conflict of laws have questioned whether Article 48 of the GDPR could be invoked to seek to prevent a data controller subject to a third country's laws from complying with a legal order from that country's law enforcement, judicial, or national security authorities to disclose to such authorities the personal data of an EU person, regardless of whether the data resides inside or outside the EU. Article 48 states that any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognized or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty in force between the requesting third (non-EU) country and the Union or a Member State, The data protection reform package also includes a separate Data Protection Directive for the police and criminal justice sector that provides rules on personal data exchanges at national, European and international level. | |||
== References == | == References == |