Whois vs GDPR, latest news
Daniel Brisson
dbrisson at uvm.edu
Wed May 23 16:21:35 UTC 2018
On 5/23/18, 12:10 PM, "NANOG on behalf of Anne P. Mitchell Esq." <nanog-bounces at nanog.org on behalf of amitchell at isipp.com> wrote:
> On May 23, 2018, at 9:59 AM, Owen DeLong <owen at delong.com> wrote:
>
>
>
>> On May 23, 2018, at 08:53, John Levine <johnl at iecc.com> wrote:
>>
>> In article <CAE-M_OBdDv1+DFto=h1O-ghLbs2TQ_x_P9kuw4LS24mSBaw9Ww at mail.gmail.com> you write:
>>> I asked one of the EU regulators at RSA how they intended to enforce GDPR
>>> violations on businesses that don't operate in their jurisdiction and
>>> without hesitation he told me they'd use civil courts to sue the offending
>>> companies.
>>
>> He probably thought you meant if he's in France and the business is in
>> Ireland, since they're both in the EU. Outside the EU, on the other
>> hand, ...
>>
>> If they try to sue in, say, US courts, the US court will ask them to
>> explain why a US court should try a suit under foreign law. There is
>> a very short list of reasons to do that, and this isn't on it.
>
> Actually, due to treaty, it is. At least according to some lawyers that have been advising ICANN stakeholder group(s).
>
> Also, don't forget the private right of action. Anyone can file anything in the U.S. courts... you may get it dismissed (although then again you may not) but either way, it's going to be time and money out of your pocket fighting it. MUCH better to just get compliant than to end up a test case.
Isn't "better" a factor of how much it costs to become compliant with GPDR? I'm no expert, but some of the things I've heard sounded not trivial to implement (read potentially BIG investment).
-dan
More information about the NANOG
mailing list