Re: [Community-Discuss] [rpd] Lobbying Allegations against Wafa Dahmani

[Owen DeLong]

Yes, but when you do, if you use that signature, you have a responsibility to 
make it clear that you are not speaking in an official capacity in any of those 
roles.

Owen


> On Jul 3, 2019, at 08:46 , wafa DAHMANI  wrote:
> 
> Hello All,
> 
> I can campaign for anyone and its perfectly normal and I was speaking in my 
> personal behalf. 
> 
> I understand that my salutations can be confusing, but I sent this email in 
> my personal capacity. 
> 
> Being a volunteer at ASO - AC does not strip me off my rights to my personal 
> opinions nor does it mean I can not campaign for my preferred candidates.
> 
> In anycase, the ASO - AC has its own procedures and communication channels.
> 
> 
> Wafa Dahmani
> 
> Member AFRINIC Appeal Committee
> Global IGF MAG member
> ASO / AC excom member
> 
> De: "Paschal Ochang" 
> À: "community-discuss" , "rpd" 
> 
> Envoyé: Mercredi 3 Juillet 2019 16:09:18
> Objet: [rpd] Lobbying Allegations against Wafa Dahmani
> 
> Hello all, this was posted under the thread of allegations against Larus 
> Foundation so I did the honors of opening it as separate thread so that this 
> two issues can be dealt with separately. This was posted as an allegation 
> towards Wafa and the mail displays a act of lobbying. Can this honorable 
> community be clarified on this allegations please. 
> 
> Dear,
> 
>  My name is Wafa Dahmani from Tunisia, an active member of the African 
> community and more specifically AFRINIC: member of the appeal committee; ASO 
> / AC excom member and Ex Chair of Governance Committee '(GC) at AFRINIC.
> I contact you to solicit your votes for the following candidates:
> 
> Board of Directors:
> North Africa (seat 1)
> 
> Habin Youssef
> West Africa (seat 2)
> 
> Ly Ousmane
> 
> South Africa (seat 5)
> 
> Mpisane Vika William
> 
> East Africa (seat 6)
> 
> Nkusi Robert Ford
> 
> Non-regional (seat 7)
> 
> Eshun Benjamin Adzenyamebeye
> 
> 
> 
> Election Number Resource Organization Number Council
> 
> Mustapha Ben Jemaa
> 
> Election Policy Development Working Group
> 
> Komi Elitcha
> Sami Hassan
> 
> Election Governance Committee
> 
> Daniel Nanghaka
> Ladies and Gentlemen, in the context of our strategy  and in order to 
> preserve AFRINIC's interests for Africa and to be able to choose the right 
> candidates for North Africa in the long term, it is desirable to join all our 
> efforts and vote for these candidates who presents the best choice for an 
> adequate board
> 
> the de facto vote online through your interface with AFRINIC is very simple 
> for all categories except the policy development Working group where we want 
> you to mobilize your teams on the spot to vote for our candidates
> We strongly solicit your support
> 
> Thank you
> 
> Wafa Dahmani
> 
> member AFRINIC Appeal Committee
> Global IGF MAG member
> ASO / AC excom member
> 
> 
> 
> ___
> RPD mailing list
> r...@afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
> ___
> Community-Discuss mailing list
> Community-Discuss@afrinic.net 
> https://lists.afrinic.net/mailman/listinfo/community-discuss 
> 
___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss

[Community-Discuss] Data protection

[S. Moonesamy]

Dear Mathieu,
At 02:36 AM 10-07-2019, Mathieu Paonessa wrote:

Just a quick reminder that many have forgotten:
- Réunion and Mayotte are part of the Afrinic service region.


Thank you for the reminder.

There was a thread in 2018 about data protection 
[1].  There is ETS 223 [2] which is a 
modernization of the convention about data protection.


Regards,
S. Moonesamy

1. https://lists.afrinic.net/pipermail/community-discuss/2018-April/002093.html
2. 
https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0916808ac91a  



___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss

Re: [Community-Discuss] AFRINIC Borad Elections

[Mathieu Paonessa]

Dear all,

Just a quick reminder that many have forgotten:   
    - Réunion and Mayotte are part of the Afrinic service region.
    - There is members in both those territories that hold ressources
from Afrinic (IPv4, IPv6, AS).
    - Both territories are French and fully belong to the EU.

I think this closes the debate whether Afrinic is or isn't bound to GDPR.

Mathieu


On 10/07/2019 09:51, John Walu wrote:
> @ Owen 
>
> GDPR territorial scope extends beyond Europe since its is EU citizen
> specific rather than geo-specific.
>
> https://gdpr-info.eu/art-3-gdpr/
>
> In other words, anyone (Data controller/processor) handling EU citizen
> data is automatically subject to the GDPR in the event of a data
> breach - irrespective of their geo-locality.
>
>  Ofcourse the main issue will be if the affected EU citizen will
> actually file a complaint in the EU Courts or not.  The second issue
> is whether the EU courts will find the data controller guilty and if
> the fined/penalized entity will to pay up or ignore given their
> remoteness to EU centers of power. (nb:Facebook and Google have so far
> been paying up ;-)
>
> Is AfriNIC bound by GDPR?
>
> The simple answer is -  it depends. 
> Do Afrinic processes and systems at any one point collect, store or
> process data that contains EU citizens?
>
> If the answer is NO. Then they are not bound by GDPR.
> If the answer is YES. Then they are potentially bound by GDPR to the
> extent that if that data is abused/breached, then they potentially
> face sanctions/penalties from EU courts.
>
> Either way, Mauritius has one of the most comprehensive Data
> Protection legislation on the continent
> 
> and any data breach can actually be litigated locally (without the
> need for GDPR) with penalties to AfriNIC (if for example it is
> determined that email targets/addresses were harvested from Afrinic
> digital resources without consent from the data subjects).
>
> walu.
>
> On Wed, Jul 10, 2019 at 8:04 AM Owen DeLong  > wrote:
>
>
>
> > On Jul 5, 2019, at 14:13 , JORDI PALET MARTINEZ via
> Community-Discuss  > wrote:
> >
> > Hi Alan,
> >
> > If the board can't investigate that, we may have a problem,
> because Afrinic has to comply with GDPR.
>
> Why? AfriNIC is not located in the EU and does not solicit
> business with EU persons.
>
> AfriNIC is not, by my reading, subject to the GDPR.
>
> Even if they were, AfriNIC did not violate GDPR here. Wafa might
> have, but I don’t think she is subject to GDPR, either. Last I
> looked, Tunisia was outside EU jurisdiction.
>
>
> > I don't know if those emails come from whois or something else,
> but some logs may tell.
>
> Why is this relevant?
>
> > I my opinion it will be nicer to get a response from Wafa, and
> I'm sure the community will be happy to forgive her. My intent is
> not to punish anyone, just to make sure that we find solutions to
> possible problems and mistakes and avoid repeating them.
>
> I have no issue with the use of the email addresses. I think the
> far more important issue here is the message sent under color of
> authority which authority likely was not authorized to Wafa at the
> time.
>
> Owen
>
> >
> > Regards,
> > Jordi
> > @jordipalet
> >
> >
> >
> > El 5/7/19 10:16, "Alan Barrett"  > escribió:
> >
> >
> >
> >> On 3 Jul 2019, at 15:50, JORDI PALET MARTINEZ via
> Community-Discuss  > wrote:
> >>
> >> I’m angrier about this as much as I think on it again.
> >>
> >> Can the board and the staff investigate this?
> >>
> >> Can all the people that got those emails confirm if they have
> provided voluntarily their emails or if they have participated in
> Afrinic lists, or if those emails are part of their Afrinic
> contacts, in order to understand if this personal data (emails are
> personal data), have been collected from Afrinic internal databases.
> >
> >    There is no reasonable way for AFRINIC staff to investigate
> whether the recipients had agreed to receive the messages sent by
> Wafa Dahmani.  There is also no reasonable way for staff to
> investigate whether email addresses were collected from the public
> WHOIS database.  There is no non-public AFRINIC database that
> could have been used.
> >
> >    Regards,
> >    Alan Barrett
> >
> >
> >    ___
> >    Community-Discuss mailing list
> >    Community-Discuss@afrinic.net
> 
> >    https://lists.afrinic.net/mailman/listinfo/community-discuss
> >
> >
> >
> >
> > 

Re: [Community-Discuss] AFRINIC Borad Elections

[Ousmane M. TESSA]

Great to AfriNIC staff to have on the table this will to be up-dated,  
relating to such world-wide important issues!


Looking forward to seeing sound proposals  & actions, among them  
"education kits" for the readiness of our community to complain with  
these nowadays "acceptable rules" of Internet beyond continents, as  
Internet is ONE!


Merci beaucoup Alan

Dr Ousmane TESSA


Alan Barrett  a écrit :

On 10 Jul 2019, at 12:22, JORDI PALET MARTINEZ via  
Community-Discuss  wrote:


Right now, I just checked the privacy statement in the web site  
(https://afrinic.net/privacy). Sadly, I don’t think this is  
consistent with the latest GDPR (even for the Mauritius regulation).


We recognise the need to update the privacy statement, and we have  
been working on that.


Alan Barrett


___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss




--
**
Dr Ousmane MOUSSA TESSA
Département de mathématiques et d'informatique
Université A. Moumouni, Niamey, NIGER

Adresse postale: B.P. 10.111 Niamey, NIGER
Téléphone (domicile): +227 20 31 52 28
  (mobile) :  +227 93 77 74 93 /  91 49 16  39 / 96 27 99 92

E-mail: ousmane(at)musatesa.net ou musatesa(at)yahoo.com
Skype : musatesa



___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss

Re: [Community-Discuss] AFRINIC Borad Elections

[Alan Barrett]

> On 10 Jul 2019, at 12:22, JORDI PALET MARTINEZ via Community-Discuss 
>  wrote:
>  
> Right now, I just checked the privacy statement in the web site 
> (https://afrinic.net/privacy). Sadly, I don’t think this is consistent with 
> the latest GDPR (even for the Mauritius regulation).

We recognise the need to update the privacy statement, and we have been working 
on that.

Alan Barrett


___
Community-Discuss mailing list
Community-Discuss@afrinic.net
https://lists.afrinic.net/mailman/listinfo/community-discuss

Re: [Community-Discuss] AFRINIC Borad Elections

[JORDI PALET MARTINEZ via Community-Discuss]

Hi John,

 

Right, those are the points that most of the people is missing:
Citizens and Residents of the EU are protected, never mind the infringement is 
committed outside that territory. You may decide not to pay the fine, but then 
that person/organization will not be able to continue doing business with the 
EU persons/organizations, and even more, if you at some point come to the EU, 
you can get detained until you pay the fine.
Mauritius signed an agreement with the EU about GDPR, so all the Mauritius 
organizations are also bound (Afrinic in our case). The same happened with 
Uruguay (so it happens the same with LACNIC).
 

Further, there is no need for a citizen to file a complaint in the courts (of 
course it can be done and it can claim even damages).

 

The process is much simpler. Any citizen/resident can file a free complaint, 
even via a web site if you have a digital certificate or equivalent (or by 
postal mail if you don’t have it), to the Data Protection Agency (of any EU 
country or equivalent entity in countries that signed the agreement with the 
EU). I’ve done that myself (even before GDPR), already about 2.000 times in the 
last 5 years, and I can tell that it works (and the companies pay fines), so 
I’m not talking about “smoke”.

 

The point is that in many cases, the Data Protection Agencies will open the 
case automatically by themselves. Before GDPR the maximum fine (for almost 
equivalent data protection breaches and spam) was 600.000 euros. Now is 20 
million euros or up to 4% of the worldwide annual revenue of the prior 
financial year, whichever is higher.

 

So, just make sure that if you are managing phone numbers or emails from EU 
citizens, you comply with the GDPR, and don’t provide those data to “others” 
even to friends or colleagues, unless you have a previous and explicit consent 
from the owner.

 

One recent example (this week) about a big fine:

 

https://www.theverge.com/2019/7/8/20685830/british-airways-data-breach-fine-information-commissioners-office-gdpr

 

I just hope that Afrinic has already took sufficient measures to comply with 
GDPR. Those fines aren’t peanuts!

 

Right now, I just checked the privacy statement in the web site 
(https://afrinic.net/privacy). Sadly, I don’t think this is consistent with the 
latest GDPR (even for the Mauritius regulation).

 

The board meeting on 6th May 2018 talks about that and confirms that it will be 
resolved before 24th May 2018 (25th was the strict deadline). If that really 
happened, the web site doesn’t state that. Minutes from the April 2019 still 
keep talking about that, but nothing clear from my reading.

 

This needs to be corrected immediately, or Afrinic can be subjected to 
very high fines.

 

Regards,

Jordi

@jordipalet

 

 

 

El 10/7/19 9:51, "John Walu"  escribió:

 

@ Owen 

 

GDPR territorial scope extends beyond Europe since its is EU citizen specific 
rather than geo-specific.

 

https://gdpr-info.eu/art-3-gdpr/

 

In other words, anyone (Data controller/processor) handling EU citizen data is 
automatically subject to the GDPR in the event of a data breach - irrespective 
of their geo-locality.

 

 Ofcourse the main issue will be if the affected EU citizen will actually file 
a complaint in the EU Courts or not.  The second issue is whether the EU courts 
will find the data controller guilty and if the fined/penalized entity will to 
pay up or ignore given their remoteness to EU centers of power. (nb:Facebook 
and Google have so far been paying up ;-)

 

Is AfriNIC bound by GDPR?

 

The simple answer is -  it depends. 

Do Afrinic processes and systems at any one point collect, store or process 
data that contains EU citizens?

 

If the answer is NO. Then they are not bound by GDPR.

If the answer is YES. Then they are potentially bound by GDPR to the extent 
that if that data is abused/breached, then they potentially face 
sanctions/penalties from EU courts.

 

Either way, Mauritius has one of the most comprehensive Data Protection 
legislation on the continent and any data breach can actually be litigated 
locally (without the need for GDPR) with penalties to AfriNIC (if for example 
it is determined that email targets/addresses were harvested from Afrinic 
digital resources without consent from the data subjects).

 

walu.

 

On Wed, Jul 10, 2019 at 8:04 AM Owen DeLong  wrote:



> On Jul 5, 2019, at 14:13 , JORDI PALET MARTINEZ via Community-Discuss 
>  wrote:
> 
> Hi Alan,
> 
> If the board can't investigate that, we may have a problem, because Afrinic 
> has to comply with GDPR.

Why? AfriNIC is not located in the EU and does not solicit business with EU 
persons.

AfriNIC is not, by my reading, subject to the GDPR.

Even if they were, AfriNIC did not violate GDPR here. Wafa might have, but I 
don’t think she is subject to GDPR, either. Last I looked, Tunisia was outside 
EU jurisdiction.


> I don't know if those emails come from whois or something else, 

Re: [Community-Discuss] AFRINIC Borad Elections

[Kris Seeburn]

Well said walu

But the Parliament in Mauritius is about to pass the privacy law at some point 
which is very close to GDPR. Which is to protect the Mauritius citizens equally 
so I would say as I keep saying this let us just use the most not lenient laws 
so we have a compass to ensure compliance with the harshest one which makes it 
more difficult to miss out on things. 



Kris Seeburn
Email: seebur...@gmail.com 
Linkedin: linkedin.com/in/kseeburn/ 
Twitter: twitter.com/seeburnk 

 


> On Jul 10, 2019, at 11:51 AM, John Walu  wrote:
> 
> @ Owen 
> 
> GDPR territorial scope extends beyond Europe since its is EU citizen specific 
> rather than geo-specific.
> 
> https://gdpr-info.eu/art-3-gdpr/ 
> 
> In other words, anyone (Data controller/processor) handling EU citizen data 
> is automatically subject to the GDPR in the event of a data breach - 
> irrespective of their geo-locality.
> 
>  Ofcourse the main issue will be if the affected EU citizen will actually 
> file a complaint in the EU Courts or not.  The second issue is whether the EU 
> courts will find the data controller guilty and if the fined/penalized entity 
> will to pay up or ignore given their remoteness to EU centers of power. 
> (nb:Facebook and Google have so far been paying up ;-)
> 
> Is AfriNIC bound by GDPR?
> 
> The simple answer is -  it depends. 
> Do Afrinic processes and systems at any one point collect, store or process 
> data that contains EU citizens?
> 
> If the answer is NO. Then they are not bound by GDPR.
> If the answer is YES. Then they are potentially bound by GDPR to the extent 
> that if that data is abused/breached, then they potentially face 
> sanctions/penalties from EU courts.
> 
> Either way, Mauritius has one of the most comprehensive Data Protection 
> legislation on the continent 
>  and 
> any data breach can actually be litigated locally (without the need for GDPR) 
> with penalties to AfriNIC (if for example it is determined that email 
> targets/addresses were harvested from Afrinic digital resources without 
> consent from the data subjects).
> 
> walu.
> 
> On Wed, Jul 10, 2019 at 8:04 AM Owen DeLong  > wrote:
> 
> 
> > On Jul 5, 2019, at 14:13 , JORDI PALET MARTINEZ via Community-Discuss 
> > mailto:community-discuss@afrinic.net>> 
> > wrote:
> > 
> > Hi Alan,
> > 
> > If the board can't investigate that, we may have a problem, because Afrinic 
> > has to comply with GDPR.
> 
> Why? AfriNIC is not located in the EU and does not solicit business with EU 
> persons.
> 
> AfriNIC is not, by my reading, subject to the GDPR.
> 
> Even if they were, AfriNIC did not violate GDPR here. Wafa might have, but I 
> don’t think she is subject to GDPR, either. Last I looked, Tunisia was 
> outside EU jurisdiction.
> 
> 
> > I don't know if those emails come from whois or something else, but some 
> > logs may tell.
> 
> Why is this relevant?
> 
> > I my opinion it will be nicer to get a response from Wafa, and I'm sure the 
> > community will be happy to forgive her. My intent is not to punish anyone, 
> > just to make sure that we find solutions to possible problems and mistakes 
> > and avoid repeating them.
> 
> I have no issue with the use of the email addresses. I think the far more 
> important issue here is the message sent under color of authority which 
> authority likely was not authorized to Wafa at the time.
> 
> Owen
> 
> > 
> > Regards,
> > Jordi
> > @jordipalet
> > 
> > 
> > 
> > El 5/7/19 10:16, "Alan Barrett"  > > escribió:
> > 
> > 
> > 
> >> On 3 Jul 2019, at 15:50, JORDI PALET MARTINEZ via Community-Discuss 
> >> mailto:community-discuss@afrinic.net>> 
> >> wrote:
> >> 
> >> I’m angrier about this as much as I think on it again.
> >> 
> >> Can the board and the staff investigate this?
> >> 
> >> Can all the people that got those emails confirm if they have provided 
> >> voluntarily their emails or if they have participated in Afrinic lists, or 
> >> if those emails are part of their Afrinic contacts, in order to understand 
> >> if this personal data (emails are personal data), have been collected from 
> >> Afrinic internal databases.
> > 
> >There is no reasonable way for AFRINIC staff to investigate whether the 
> > recipients had agreed to receive the messages sent by Wafa Dahmani.  There 
> > is also no reasonable way for staff to investigate whether email addresses 
> > were collected from the public WHOIS database.  There is no non-public 
> > AFRINIC database that could have been used.
> > 
> >Regards,
> >Alan Barrett
> > 
> > 
> >___
> >Community-Discuss mailing list
> >Community-Discuss@afrinic.net 

Re: [Community-Discuss] AFRINIC Borad Elections

[John Walu]

@ Owen

GDPR territorial scope extends beyond Europe since its is EU citizen
specific rather than geo-specific.

https://gdpr-info.eu/art-3-gdpr/

In other words, anyone (Data controller/processor) handling EU citizen data
is automatically subject to the GDPR in the event of a data breach -
irrespective of their geo-locality.

 Ofcourse the main issue will be if the affected EU citizen will actually
file a complaint in the EU Courts or not.  The second issue is whether the
EU courts will find the data controller guilty and if the fined/penalized
entity will to pay up or ignore given their remoteness to EU centers of
power. (nb:Facebook and Google have so far been paying up ;-)

Is AfriNIC bound by GDPR?

The simple answer is -  it depends.
Do Afrinic processes and systems at any one point collect, store or process
data that contains EU citizens?

If the answer is NO. Then they are not bound by GDPR.
If the answer is YES. Then they are potentially bound by GDPR to the extent
that if that data is abused/breached, then they potentially face
sanctions/penalties from EU courts.

Either way, Mauritius has one of the most comprehensive Data Protection
legislation on the continent

and any data breach can actually be litigated locally (without the need for
GDPR) with penalties to AfriNIC (if for example it is determined that email
targets/addresses were harvested from Afrinic digital resources without
consent from the data subjects).

walu.

On Wed, Jul 10, 2019 at 8:04 AM Owen DeLong  wrote:

>
>
> > On Jul 5, 2019, at 14:13 , JORDI PALET MARTINEZ via Community-Discuss <
> community-discuss@afrinic.net> wrote:
> >
> > Hi Alan,
> >
> > If the board can't investigate that, we may have a problem, because
> Afrinic has to comply with GDPR.
>
> Why? AfriNIC is not located in the EU and does not solicit business with
> EU persons.
>
> AfriNIC is not, by my reading, subject to the GDPR.
>
> Even if they were, AfriNIC did not violate GDPR here. Wafa might have, but
> I don’t think she is subject to GDPR, either. Last I looked, Tunisia was
> outside EU jurisdiction.
>
>
> > I don't know if those emails come from whois or something else, but some
> logs may tell.
>
> Why is this relevant?
>
> > I my opinion it will be nicer to get a response from Wafa, and I'm sure
> the community will be happy to forgive her. My intent is not to punish
> anyone, just to make sure that we find solutions to possible problems and
> mistakes and avoid repeating them.
>
> I have no issue with the use of the email addresses. I think the far more
> important issue here is the message sent under color of authority which
> authority likely was not authorized to Wafa at the time.
>
> Owen
>
> >
> > Regards,
> > Jordi
> > @jordipalet
> >
> >
> >
> > El 5/7/19 10:16, "Alan Barrett"  escribió:
> >
> >
> >
> >> On 3 Jul 2019, at 15:50, JORDI PALET MARTINEZ via Community-Discuss <
> community-discuss@afrinic.net> wrote:
> >>
> >> I’m angrier about this as much as I think on it again.
> >>
> >> Can the board and the staff investigate this?
> >>
> >> Can all the people that got those emails confirm if they have provided
> voluntarily their emails or if they have participated in Afrinic lists, or
> if those emails are part of their Afrinic contacts, in order to understand
> if this personal data (emails are personal data), have been collected from
> Afrinic internal databases.
> >
> >There is no reasonable way for AFRINIC staff to investigate whether
> the recipients had agreed to receive the messages sent by Wafa Dahmani.
> There is also no reasonable way for staff to investigate whether email
> addresses were collected from the public WHOIS database.  There is no
> non-public AFRINIC database that could have been used.
> >
> >Regards,
> >Alan Barrett
> >
> >
> >___
> >Community-Discuss mailing list
> >Community-Discuss@afrinic.net
> >https://lists.afrinic.net/mailman/listinfo/community-discuss
> >
> >
> >
> >
> > **
> > IPv4 is over
> > Are you ready for the new Internet ?
> > http://www.theipv6company.com
> > The IPv6 Company
> >
> > This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and