> On Apr 11, 2018, at 03:51 , Andrew Alston <andrew.als...@liquidtelecom.com> 
> wrote:
> Btw Owen,
> I might also point out – AfriNIC has EU territories that it services directly 
> – which heightens this even further
> Andrew
> From: Andrew Alston [mailto:andrew.als...@liquidtelecom.com 
> <mailto:andrew.als...@liquidtelecom.com>] 
> Sent: 11 April 2018 13:06
> To: Owen DeLong <o...@delong.com <mailto:o...@delong.com>>
> Cc: General <community-discuss@afrinic.net 
> <mailto:community-discuss@afrinic.net>>; AFRINIC Board of Directors' List 
> <bo...@afrinic.net <mailto:bo...@afrinic.net>>
> Subject: Re: [Community-Discuss] AFRINIC and the GDPR
> Owen,
> Firstly – AfriNIC does hold data on EU residents – that is without question – 
> I know of a couple of cases of EU residents with their data held by AfriNIC 
> without even thinking of it.

Yes, but this, alone, does not subject AfriNIC to EU jurisdiction and therefore 

> Secondly – irrespective of if they are signatories or not – if AfriNIC 
> chooses to do any business with RIPE for example, they are doing business 
> with an EU entity and can be prevented from doing so if they don’t comply is 
> my understanding.

Gray area. I’m not sure that AfriNIC does anything which would count as 
“business” with RIPE in any case. Their business
relationship is with PTI. Their relationship with RIPE is as fellow members of 
a trade organization.
> Irrespective of this – the AfriNIC board if they believe they do not need to 
> comply in any way shape or form – needs to state that to this community and 
> to its members and give reasons as to why not – at that point – the affected 
> members can then make an informed decision as to their course of action 
> should they choose one. But – AfriNIC still has an obligation to inform its 
> community as to its standing in this regard and do so before the legislation 
> becomes reality.

Sure. I’m just saying, it’s not clear at this time that AfriNIC is even subject 
to GDPR and it seems to me that would be the first question to ask before 
embarking on a journey involving how to comply with a law to which the 
organization might not even be subject.


> Please note clause 3.4.vii of the bylaws:
> (vii) to disseminate among its members information on all matters affecting 
> the Company and its members and to provide for and be a central channel of 
> communication for the members of the Company and generally for the 
> furtherance and promotion of their interests;
> Andrew
> From: Owen DeLong [mailto:o...@delong.com <mailto:o...@delong.com>] 
> Sent: 11 April 2018 09:08
> To: Andrew Alston <andrew.als...@liquidtelecom.com 
> <mailto:andrew.als...@liquidtelecom.com>>
> Cc: General <community-discuss@afrinic.net 
> <mailto:community-discuss@afrinic.net>>; AFRINIC Board of Directors' List 
> <bo...@afrinic.net <mailto:bo...@afrinic.net>>
> Subject: Re: [Community-Discuss] AFRINIC and the GDPR
> Importance: High
> On Apr 10, 2018, at 22:42 , Andrew Alston <andrew.als...@liquidtelecom.com 
> <mailto:andrew.als...@liquidtelecom.com>> wrote:
> Hi AfriNIC Board,
> Can this board please *urgently* inform this community as to what 
> preparations they have made as regards to compliance with the General Data 
> Protection Regulations passed by the European Commision and the board will be 
> in a position to give this community a full and complete report as to their 
> GDPR compliance status and what will be changing before the 25th of May to 
> ensure that when the GDPR comes into force AfriNIC is compliant.
> Is Mauritius signatory to some treaty making them subject to GDPR?
> Considering that the regulation comes into force on the 25th of May 2018 – 
> and AfriNIC is 100% holding data of EU Citizens, which makes them subject to 
> the regulations irrespective of the fact that they are domiciled in Mauritius 
> – this is an urgent and critical issue.  It has direct impact on the whois 
> database, abuse contact information, handling of data submitted during 
> application process and potentially even the proposed review policy, just to 
> name a few things that I can think of off the top of my head – and cannot be 
> ignored.  I would in fact have liked to have seen discussions by the board in 
> the minutes that have been published about the GDPR long before now – 
> considering the impact – but failing that – the question is now being asked.
> It’s not about EU Citizens. It’s about EU Residents. (Common misconception 
> about GDPR).
> Further, unless your in a silly country that was dumb enough to sign a treaty 
> extending EU’s legal reach into your sovereignty, such as the stupid congress 
> of the united States, then you can offer the EU a nice big Italian sign 
> language gesture regarding their GDPR and continue on with business as usual.
> Owen

Community-Discuss mailing list

Reply via email to