In message <9032D272-96D5-47E5-869F-7044B3B88EFC@ucd.ie>, "Niall O'Reilly" <niall.oreilly@ucd.ie> wrote:
I expect that there will be a "grey area" between what should be open and what needs to be protected, and look to the NCC to make clear where the bounds of this grey area will lie.
There is no "grey area". Why would you even suggest that there is one? Data relating to natural persons falls under GDPR. Corporate data does not. If anyone anywhere within RIPE, RIPE NCC, or Europe generally is having any difficulty distinguishing between natural persons and corporations then I can and will gladly supply numerous photographs in order to assist in illustrating the important and easily recognizable differences for the benefit of any who may still be having difficulties in distinguishing between the two... like numerous domain name registrars that I could quite easily name.
It is important that "privacy issues" is not allowed to become (as in some contexts, "health and safety" already has) a groundless, facile, but yet unassailable reason for refusal.
While I agree with the above sentiment, I'm sorry to have to point out that this ship has already sailed, quite some time ago already, largely if not entirely due to cowardice, lethargy, and an abundance of useless inaction on the part of ICANN. Try getting -any- meaningful WHOIS data for any corporate-registered domain name out of, just to name two examples, either Enom or Alibaba. And good luck with that. More to the point, try to get any answers out of ICANN for why they stand by idly while numerous domain name registrars openly flaunt their ability to utterly ignore their contractual commitments to ICANN (e.g their contractual commitments to run WHOIS servers with actual data in them) even in cases that clearly do not implicate GDPR protections for natural persons. And good luck with that also.
For avoidance of doubt, I am not at all suggesting that the NCC has begun to use either of these phrases in such a way.
And neither am I. But having been stonewalled by multiple -other- bodies of so-called "Internet governance", I can say that I personally do not think that it is entirely inappropriate to make the point that no such body should be using GDPR or any other lame excuse for failing to do its job, or to provide open records, as was the long tradition on the Internet even well before any of these bodies even exited. Regards, rfg