[Community-Discuss] AFRINIC and the GDPR

John Walu walu.john at gmail.com
Wed Apr 11 15:07:27 UTC 2018 

Further, unless your in a silly country that was dumb enough to sign a
treaty extending EU’s legal reach into your sovereignty, such as the stupid
congress of the united States, then you can offer the EU a nice big Italian
sign language gesture regarding their GDPR and continue on with business as
usual.

@Owen, the above is not entirely true.

EU regulation/GDPR does affect African countries in general.  Or at least
those wishing to remain trade partners  with European Countries.

Most of Africa has little or no Data Protection/Privacy laws (with a few
exception being Ghana, Mauritius, SA, etc). Kenya for example doesn't have
one.

Should Kenya show the EU the middle finger?

Yes they could. But essentially, that middle finger will translate into
losing money.

A European Union Company would for example NOTdare engage
(Data-wise/Business wise) with a Kenyan partner/subsidiary that for example
sells flowers to European destinations/customers since Kenyan privacy /data
protection environment would be suspect.

Whereas the EU cannot directly hold the Kenyan company liable for breaches,
it will penalize the European company thoroughly. The net effect is that
most European companies would review their risk profiles with African
partners and basically cut linkages or open new ones -  only with
'compliant' countries in Africa.

Unlike US, Africa does need EU Euros ;-). And so we will have to improve
our Data protection regimes. Though it would have been good if we did it
out of our own volition.

Now more specifically for the Afrinic registry,

The board  just need to do an impact analysis of the GDPR on the Afrinic
Company and share with members.

Just off my head, the data within the registry (IP, Whois, etc) would need
to be protected. Essentially, if we have some data sitting in our
Mauritius/SA registries and it relates to European citizens/subject then we
need to review it in light of the GDPR requirements.  Essentially EU
citizens/residents have a whole list of rights to the data (consent,
delete, etc) and whoever is hosting it also has some obligations.

That's my 1bitcoin on the matter ;-)

walu.





On Wed, Apr 11, 2018 at 9:08 AM, Owen DeLong <owen at delong.com> wrote:

>
>
> On Apr 10, 2018, at 22:42 , Andrew Alston <Andrew.Alston at liquidtelecom.com>
> wrote:
>
> Hi AfriNIC Board,
>
> Can this board please **urgently** inform this community as to what
> preparations they have made as regards to compliance with the General Data
> Protection Regulations passed by the European Commision and the board will
> be in a position to give this community a full and complete report as to
> their GDPR compliance status and what will be changing before the 25th of
> May to ensure that when the GDPR comes into force AfriNIC is compliant.
>
>
> Is Mauritius signatory to some treaty making them subject to GDPR?
>
>
> Considering that the regulation comes into force on the 25th of May 2018
> – and AfriNIC is 100% holding data of EU Citizens, which makes them subject
> to the regulations irrespective of the fact that they are domiciled in
> Mauritius – this is an urgent and critical issue.  It has direct impact on
> the whois database, abuse contact information, handling of data submitted
> during application process and potentially even the proposed review policy,
> just to name a few things that I can think of off the top of my head – and
> cannot be ignored.  I would in fact have liked to have seen discussions by
> the board in the minutes that have been published about the GDPR long
> before now – considering the impact – but failing that – the question is
> now being asked.
>
>
> It’s not about EU Citizens. It’s about EU Residents. (Common misconception
> about GDPR).
>
> Further, unless your in a silly country that was dumb enough to sign a
> treaty extending EU’s legal reach into your sovereignty, such as the stupid
> congress of the united States, then you can offer the EU a nice big Italian
> sign language gesture regarding their GDPR and continue on with business as
> usual.
>
> Owen
>
>
> _______________________________________________
> Community-Discuss mailing list
> Community-Discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/community-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20180411/45a3a21d/attachment.html>

More information about the Community-Discuss mailing list