Whois vs GDPR, latest news

Anne P. Mitchell Esq. amitchell at isipp.com
Wed May 23 16:09:49 UTC 2018



> On May 23, 2018, at 9:59 AM, Owen DeLong <owen at delong.com> wrote:
> 
> 
> 
>> On May 23, 2018, at 08:53, John Levine <johnl at iecc.com> wrote:
>> 
>> In article <CAE-M_OBdDv1+DFto=h1O-ghLbs2TQ_x_P9kuw4LS24mSBaw9Ww at mail.gmail.com> you write:
>>> I asked one of the EU regulators at RSA how they intended to enforce GDPR
>>> violations on businesses that don't operate in their jurisdiction and
>>> without hesitation he told me they'd use civil courts to sue the offending
>>> companies.
>> 
>> He probably thought you meant if he's in France and the business is in
>> Ireland, since they're both in the EU.  Outside the EU, on the other
>> hand, ...
>> 
>> If they try to sue in, say, US courts, the US court will ask them to
>> explain why a US court should try a suit under foreign law.  There is
>> a very short list of reasons to do that, and this isn't on it.
> 
> Actually, due to treaty, it is. At least according to some lawyers that have been advising ICANN stakeholder group(s). 
> 

Also, don't forget the private right of action.  Anyone can file anything in the U.S. courts... you  may get it dismissed (although then again you may not) but either way, it's going to be time and money out of your pocket fighting it.  MUCH better to just get compliant than to end up a test case.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




More information about the NANOG mailing list