Re: [Community-Discuss] AFRINIC and the GDPR

Owen, Firstly – AfriNIC does hold data on EU residents – that is without question – I know of a couple of cases of EU residents with their data held by AfriNIC without even thinking of it. Secondly – irrespective of if they are signatories or not – if AfriNIC chooses to do any business with

Re: [Community-Discuss] AFRINIC and the GDPR

I think Andrew is right. I just found a short article that explains it: https://www.gdprandbeyond.com/blog-post/data-privacy/gdpr-affect-non-european-companies/ If you don’t want to read all the article, this is the key: “The short answer is: the regulation will affect firms both

Re: [Community-Discuss] AFRINIC and the GDPR

Btw Owen, I might also point out – AfriNIC has EU territories that it services directly – which heightens this even further Andrew From: Andrew Alston [mailto:andrew.als...@liquidtelecom.com] Sent: 11 April 2018 13:06 To: Owen DeLong Cc: General

Re: [Community-Discuss] AFRINIC and the GDPR

Dear Andrew, Members and the whole Afrinic community, Andrew has raised a very important issue for Afrinic operations - Thanks so much Andrew. The Board would like to inform you that the issue was discussed within the Board at the Afrinic 27 meeting in Lagos and the Management was tasked to

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Abibu, Considering that the board is facing a tabled and accepted motion of no confidence in Dakar – which has been accepted to the Agenda – and considering the GDPR comes into force on the 25th of May – is it not prudent of the board to do investigations and conclude them before the Dakar

Re: [Community-Discuss] AFRINIC and the GDPR

Owen, Would the fact that AfriNIC serves La Réunion and Mayotte not create such a nexus since both are formally part of the EU? In the same way – there are various EU members served by ARIN? Andrew From: Owen DeLong [mailto:o...@delong.com] Sent: 11 April 2018 17:12 To: Andrew Alston

[Community-Discuss] Perturbation d'Internet au Tchad

Merci de trouver ci-dessous les liens vers les déclarations de l’ISOC sur les perturbations des reseaux sociaux et internet au Tchad. Merci d'en faire large diffusion. English: https://www.internetsociety.org/blog/2018/ 04/internet-shutdowns-cannot-solution-political-challenges-chad/ French:

Re: [Community-Discuss] AFRINIC and the GDPR

They are not Member States. And Owen is not really that accurate in his interpretation. He mixes up enforcement (real nexus through operations) with some theoretical applicability which is poorly defined and has no practical expression in the GDPR and will need national DPAs to provide teeth.

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 03:51 , Andrew Alston > wrote: > > Btw Owen, > > I might also point out – AfriNIC has EU territories that it services directly > – which heightens this even further > > Andrew > > > From: Andrew Alston

Re: [Community-Discuss] AFRINIC and the GDPR

I would agree with that completely The Mauritius DPA is actually aligned with the old EU Data Privacy Directive and not the GDPR. There are some interesting changes from the DPD to the GDPR. Most are quite minor in language (but could be more significant in application - time will tell). >

Re: [Community-Discuss] AFRINIC and the GDPR

Oh boy... Interesting AGMM awaits in Dakar, as it seems :) ⁣Cheers, Jan Žorž --- Sent from mobile phone, please excuse brevity and top-posting...​ On Apr 11, 2018, 15:06, at 15:06, Andrew Alston wrote: >Hi Sander, > >Mark tabled the following motion (and has

Re: [Community-Discuss] AFRINIC and the GDPR

No issue with doing a proper information audit (what there is, where it is stored, how it can be accessed and by whom). That is just good information security practice. However I am still not certain that holding any of that information actually makes AfriNIC a controller in terms of the GDPR.

Re: [Community-Discuss] AFRINIC and the GDPR

Roughly translated: The ability of EU to inflict GDPR on those operators outside of EU is predicated on that operator having some business operation or presence within the EU which allows them to subject you to their jurisdiction. Determining that you have said presence

Re: [Community-Discuss] AFRINIC and the GDPR

Owen, I would presume that people could still vote for said directors – both before or after the vote is passed if it does indeed pass. I would however hope that if the vote passed – the directors who were part of the current board would do the honorable thing and honor the motion and step

Re: [Community-Discuss] AFRINIC and the GDPR

Thanks Mike, That’s actually pretty useful in some sense – but can I ask for an English interpretation of the last sentence for those of us that sadly don’t speak Lawyer ☺ Thanks Andrew From: Mike Silber Date: Wednesday, 11 April 2018 at 16:34 To: "Abibu R.

Re: [Community-Discuss] AFRINIC and the GDPR

> On 11 Apr 2018, at 17:54, Mike Silber wrote: > > No issue with doing a proper information audit (what there is, where it is > stored, how it can be accessed and by whom). That is just good information > security practice. > > However I am still not certain that

Re: [Community-Discuss] AFRINIC and the GDPR

Can we get a clarification from staff whether the wording in this motion would permit or preclude electronic voting for the directors to be elected at the proposed SGMM? Thanks, Owen > On Apr 11, 2018, at 06:10 , Jan Zorz Go6 wrote: > > Oh boy... Interesting AGMM awaits in

Re: [Community-Discuss] AFRINIC and the GDPR

If I can add to this, there is as yet no clear direction from the European DPAs as a collective on how GDPR affects whois access in general. The RIPE NCC approach is premised on their interactions with the Dutch DPA, rather than a Europe wide approach. In addition, I am not sure I concur with

Re: [Community-Discuss] AFRINIC and the GDPR

Mike, Also just to clarify – I believe this goes beyond whois data – there is far more data that AfriNIC holds than just the whois data that could be affected by this. I concede the whois portion I may well be wrong on that – the rest of it – as I said – I simply want to see from AfriNIC a

Re: [Community-Discuss] AFRINIC and the GDPR

Mike Réunion and Mayotte are the outermost region of the European Union and, as an overseas department of France, part of the Eurozone

Re: [Community-Discuss] AFRINIC and the GDPR

exactly….i would suggest all to not talk over something and the ceo already has on his plate.So i’d suggest we let him deal. It was a good question we discussed and if we continue we will end up like the RDS of ICANN over GDPR. Here, it is a clear cut advise from DPA. Let the CEO and his team

Re: [Community-Discuss] AFRINIC and the GDPR

Which should in principle bring Mauritius adequacy in terms of GDPR. However, as the adequacy rules have yet to be finalised, it is difficult to say. On Wed, 11 Apr 2018 at 16:39, Alan Barrett wrote: > > > > On 11 Apr 2018, at 18:19, Mike Silber

Re: [Community-Discuss] AFRINIC and the GDPR

Further, unless your in a silly country that was dumb enough to sign a treaty extending EU’s legal reach into your sovereignty, such as the stupid congress of the united States, then you can offer the EU a nice big Italian sign language gesture regarding their GDPR and continue on with business as

Re: [Community-Discuss] AFRINIC and the GDPR

That isn’t the question. The question is… Since the wording of the motion specifically states “by ballot at the SGMM”, I am asking whether said ballot would include electronic voting leading up to the SGMM or not. It could be argued that the specific text of the motion precludes electronic

Re: [Community-Discuss] AFRINIC and the GDPR

Hi McTim, Thnx for posting the ARIN position. Obviously very detached - based on the valid reasons they give ;-) It may also be nice to read the RIPE position. I think it would be more relevant for Afrinic. Have a read.

Re: [Community-Discuss] AFRINIC and the GDPR

> On 11 Apr 2018, at 18:19, Mike Silber wrote: > > The Mauritius DPA is actually aligned with the old EU Data Privacy Directive > and not the GDPR. There’s a 2017 revision to the Mauritius Data Protection Act. Alan Barrett

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 07:19 , Andrew Alston > wrote: > > Owen, > > Would the fact that AfriNIC serves La Réunion and Mayotte not create such a > nexus since both are formally part of the EU? The answer is it depends. IANAL, but AIUI… La Réunion and

Re: [Community-Discuss] AFRINIC and the GDPR

Here is the ARIN blog post about it: https://teamarin.net/2018/03/20/personal-data-privacy-considerations-at-arin/ Rgds, McTim On Wed, Apr 11, 2018 at 11:00 AM, Dabu Sifiso wrote: > > Interesting discussion. > > It seems many are not aware of the reality of the

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 08:07 , John Walu wrote: > > Further, unless your in a silly country that was dumb enough to sign a treaty > extending EU’s legal reach into your sovereignty, such as the stupid congress > of the united States, then you can offer the EU a nice big

Re: [Community-Discuss] AFRINIC and the GDPR

Respectfully Kris - they are a French overseas territory and this subject to French law. They are not members of the EU in their own right. As such - we need to hear from the French DPA on their interpretation and not chasing a chimera. I would not worry unless and until the French DPA

Re: [Community-Discuss] AFRINIC and the GDPR

Thanks Alan … i was going to point to that as i remember their was a need to align with DPA and Afrinic was registered as a data controller. But am sure we’ll get over the hurdle. > On Apr 11, 2018, at 18:00, Alan Barrett wrote: > > > >> On 11 Apr 2018, at 17:54,

Re: [Community-Discuss] Community-Discuss Digest, Vol 296, Issue 1

regulations irrespective of the fact that they are domiciled in Mauritius - this is an urgent and critical issue. It has direct impact on the whois database, abuse contact information, handling of data submitted during application process and potentially even the proposed review policy, just to name

Re: [Community-Discuss] AFRINIC and the GDPR

I didn’t say it was unnecessary. I said it was bad. GDPR is a bad regulation as far as I’m concerned and the more its grasp expands, the worse it is for all affected. If for no other reason than the incredible extra-territorial jurisdiction land-grab, this sets a terrible precedent. Owen >

Re: [Community-Discuss] AFRINIC and the GDPR

+1 john... > On Apr 11, 2018, at 19:07, John Walu wrote: > > Further, unless your in a silly country that was dumb enough to sign a treaty > extending EU’s legal reach into your sovereignty, such as the stupid congress > of the united States, then you can offer the EU a

Re: [Community-Discuss] AFRINIC and the GDPR

In the past and by precedent voting at a meeting includes electronic votes cast during the course of a meeting. Of course the board must rule on this - but failure to open the electronic vote would be massively prejudicial to the majority of the member base. Andrew Get Outlook for

Re: [Community-Discuss] AFRINIC and the GDPR

Yes… And even WRT whois, if you’re stuck going down the GDPR road, then it’s also about the data collected, the “voluntary” nature of the submission of the data, etc. It’s much more far-reaching than what is published. Owen > On Apr 11, 2018, at 06:47 , Andrew Alston

Re: [Community-Discuss] AFRINIC and the GDPR

Well, then, that makes it just as bad for MU as it is for US. Owen > On Apr 10, 2018, at 23:18 , Kris Seeburn wrote: > > Mauritius is signatory that’s where the safe harbour was put In place years > back. All BPOs in mauritius are holding EU citizen / resident data. the

Re: [Community-Discuss] AFRINIC and the GDPR

Not quite bad it’s business and economic based. Most of the BPO companies are and have EU citizen /resident data and for the outsourcing to continue to operate within bounds and still survive. I do not think Mauritian government had any option than to go forward with this. Now the agreement

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Owen, At 10:29 AM 11-04-2018, Owen DeLong wrote: I'm not referring to any specific treaty. I'm stating that the mechanism by which MU could subject its citizens to EU jurisdiction would be a treaty signed by EU and MU. Thank you for the clarification. Regards, S. Moonesamy

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 09:47 , S Moonesamy wrote: > > Hi Owen, > At 09:05 AM 11-04-2018, Owen DeLong wrote: >> Since AfriNIC isn't actually present in either location, it's up to the >> government of Mauritius whether it would do any of the following: >> 1.Allow suit

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Owen, At 09:05 AM 11-04-2018, Owen DeLong wrote: Since AfriNIC isn't actually present in either location, it's up to the government of Mauritius whether it would do any of the following: 1.Allow suit based on GDPR violation to be brought in an MU court. 2.Extradite AfriNIC for suit in a

Re: [Community-Discuss] AFRINIC and the GDPR

That is a good question and hope EU and a repealed safe harbour to an ICO equivalent will be going thru parliament approval soonest. Not only Whois but more is implied. Unless afrinic is waiting to see whether Eu and local govt will bite Kris > On 11 Apr 2018, at 09:42, Andrew Alston

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 10, 2018, at 22:42 , Andrew Alston > wrote: > > Hi AfriNIC Board, > > Can this board please *urgently* inform this community as to what > preparations they have made as regards to compliance with the General Data > Protection Regulations passed by

Re: [Community-Discuss] AFRINIC and the GDPR

Mauritius is signatory that’s where the safe harbour was put In place years back. All BPOs in mauritius are holding EU citizen / resident data. the Data Protection office will be fast tracking to look like ICO which is renamed GDPR anyways. Kris > On 11 Apr 2018, at 10:08, Owen DeLong

[Community-Discuss] processing personal data for Candidate Slate

Dear Noncom, As we see personally identifiable information (PII) published with the candidate slate, please let us know: 1- If the data collected (including CV) at the time of application was meant to be made available publicly, 2- if you received consent from candidates before making these