[Community-Discuss] AFRINIC Borad Elections
John Walu
walu.john at gmail.com
Wed Jul 10 07:51:28 UTC 2019
@ Owen
GDPR territorial scope extends beyond Europe since its is EU citizen
specific rather than geo-specific.
https://gdpr-info.eu/art-3-gdpr/
In other words, anyone (Data controller/processor) handling EU citizen data
is automatically subject to the GDPR in the event of a data breach -
irrespective of their geo-locality.
Ofcourse the main issue will be if the affected EU citizen will actually
file a complaint in the EU Courts or not. The second issue is whether the
EU courts will find the data controller guilty and if the fined/penalized
entity will to pay up or ignore given their remoteness to EU centers of
power. (nb:Facebook and Google have so far been paying up ;-)
Is AfriNIC bound by GDPR?
The simple answer is - it depends.
Do Afrinic processes and systems at any one point collect, store or process
data that contains EU citizens?
If the answer is NO. Then they are not bound by GDPR.
If the answer is YES. Then they are potentially bound by GDPR to the extent
that if that data is abused/breached, then they potentially face
sanctions/penalties from EU courts.
Either way, Mauritius has one of the most comprehensive Data Protection
legislation on the continent
<http://dataprotection.govmu.org/English/Legislation/Pages/default.aspx>
and any data breach can actually be litigated locally (without the need for
GDPR) with penalties to AfriNIC (if for example it is determined that email
targets/addresses were harvested from Afrinic digital resources without
consent from the data subjects).
walu.
On Wed, Jul 10, 2019 at 8:04 AM Owen DeLong <owen at delong.com> wrote:
>
>
> > On Jul 5, 2019, at 14:13 , JORDI PALET MARTINEZ via Community-Discuss <
> community-discuss at afrinic.net> wrote:
> >
> > Hi Alan,
> >
> > If the board can't investigate that, we may have a problem, because
> Afrinic has to comply with GDPR.
>
> Why? AfriNIC is not located in the EU and does not solicit business with
> EU persons.
>
> AfriNIC is not, by my reading, subject to the GDPR.
>
> Even if they were, AfriNIC did not violate GDPR here. Wafa might have, but
> I don’t think she is subject to GDPR, either. Last I looked, Tunisia was
> outside EU jurisdiction.
>
>
> > I don't know if those emails come from whois or something else, but some
> logs may tell.
>
> Why is this relevant?
>
> > I my opinion it will be nicer to get a response from Wafa, and I'm sure
> the community will be happy to forgive her. My intent is not to punish
> anyone, just to make sure that we find solutions to possible problems and
> mistakes and avoid repeating them.
>
> I have no issue with the use of the email addresses. I think the far more
> important issue here is the message sent under color of authority which
> authority likely was not authorized to Wafa at the time.
>
> Owen
>
> >
> > Regards,
> > Jordi
> > @jordipalet
> >
> >
> >
> > El 5/7/19 10:16, "Alan Barrett" <alan.barrett at afrinic.net> escribió:
> >
> >
> >
> >> On 3 Jul 2019, at 15:50, JORDI PALET MARTINEZ via Community-Discuss <
> community-discuss at afrinic.net> wrote:
> >>
> >> I’m angrier about this as much as I think on it again.
> >>
> >> Can the board and the staff investigate this?
> >>
> >> Can all the people that got those emails confirm if they have provided
> voluntarily their emails or if they have participated in Afrinic lists, or
> if those emails are part of their Afrinic contacts, in order to understand
> if this personal data (emails are personal data), have been collected from
> Afrinic internal databases.
> >
> > There is no reasonable way for AFRINIC staff to investigate whether
> the recipients had agreed to receive the messages sent by Wafa Dahmani.
> There is also no reasonable way for staff to investigate whether email
> addresses were collected from the public WHOIS database. There is no
> non-public AFRINIC database that could have been used.
> >
> > Regards,
> > Alan Barrett
> >
> >
> > _______________________________________________
> > Community-Discuss mailing list
> > Community-Discuss at afrinic.net
> > https://lists.afrinic.net/mailman/listinfo/community-discuss
> >
> >
> >
> >
> > **********************************************
> > IPv4 is over
> > Are you ready for the new Internet ?
> > http://www.theipv6company.com
> > The IPv6 Company
> >
> > This electronic message contains information which may be privileged or
> confidential. The information is intended to be for the exclusive use of
> the individual(s) named above and further non-explicilty authorized
> disclosure, copying, distribution or use of the contents of this
> information, even if partially, including attached files, is strictly
> prohibited and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying, distribution or
> use of the contents of this information, even if partially, including
> attached files, is strictly prohibited, will be considered a criminal
> offense, so you must reply to the original sender to inform about this
> communication and delete it.
> >
> >
> >
> >
> > _______________________________________________
> > Community-Discuss mailing list
> > Community-Discuss at afrinic.net
> > https://lists.afrinic.net/mailman/listinfo/community-discuss
>
>
> _______________________________________________
> Community-Discuss mailing list
> Community-Discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/community-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20190710/7521f321/attachment.html>
More information about the Community-Discuss
mailing list