<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Dear all,<br>
<br>
Just a quick reminder that many have forgotten: <br>
- Réunion and Mayotte are part of the Afrinic service region.<br>
- There is members in both those territories that hold
ressources from Afrinic (IPv4, IPv6, AS).<br>
- Both territories are French and fully belong to the EU.<br>
<br>
I think this closes the debate whether Afrinic is or isn't bound
to GDPR.<br>
<br>
Mathieu<br>
<br>
<br>
On 10/07/2019 09:51, John Walu wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHt2V=_=41+5_=eWm_Y+wEvFRmNm0rex7zQ2XiD64H5o=SXLAw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">@ Owen
<div><br>
</div>
<div>GDPR territorial scope extends beyond Europe since its is
EU citizen specific rather than geo-specific.</div>
<div><br>
</div>
<div><a href="https://gdpr-info.eu/art-3-gdpr/"
moz-do-not-send="true">https://gdpr-info.eu/art-3-gdpr/</a><br>
</div>
<div><br>
</div>
<div>In other words, anyone (Data controller/processor) handling
EU citizen data is automatically subject to the GDPR in the
event of a data breach - irrespective of their geo-locality.</div>
<div><br>
</div>
<div> Ofcourse the main issue will be if the affected EU citizen
will actually file a complaint in the EU Courts or not. The
second issue is whether the EU courts will find the data
controller guilty and if the fined/penalized entity will to
pay up or ignore given their remoteness to EU centers of
power. (nb:Facebook and Google have so far been paying up ;-)</div>
<div><br>
</div>
<div>Is AfriNIC bound by GDPR?</div>
<div><br>
</div>
<div>The simple answer is - it depends. </div>
<div>Do Afrinic processes and systems at any one point collect,
store or process data that contains EU citizens?</div>
<div><br>
</div>
<div>If the answer is NO. Then they are not bound by GDPR.</div>
<div>If the answer is YES. Then they are potentially bound by
GDPR to the extent that if that data is abused/breached, then
they potentially face sanctions/penalties from EU courts.</div>
<div><br>
</div>
<div>Either way, Mauritius has one of the <a
href="http://dataprotection.govmu.org/English/Legislation/Pages/default.aspx"
moz-do-not-send="true">most comprehensive Data Protection
legislation on the continent</a> and any data breach can
actually be litigated locally (without the need for GDPR) with
penalties to AfriNIC (if for example it is determined that
email targets/addresses were harvested from Afrinic digital
resources without consent from the data subjects).</div>
<div><br>
</div>
<div>walu.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Jul 10, 2019 at 8:04
AM Owen DeLong <<a href="mailto:owen@delong.com"
moz-do-not-send="true">owen@delong.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
> On Jul 5, 2019, at 14:13 , JORDI PALET MARTINEZ via
Community-Discuss <<a
href="mailto:community-discuss@afrinic.net" target="_blank"
moz-do-not-send="true">community-discuss@afrinic.net</a>>
wrote:<br>
> <br>
> Hi Alan,<br>
> <br>
> If the board can't investigate that, we may have a
problem, because Afrinic has to comply with GDPR.<br>
<br>
Why? AfriNIC is not located in the EU and does not solicit
business with EU persons.<br>
<br>
AfriNIC is not, by my reading, subject to the GDPR.<br>
<br>
Even if they were, AfriNIC did not violate GDPR here. Wafa
might have, but I don’t think she is subject to GDPR, either.
Last I looked, Tunisia was outside EU jurisdiction.<br>
<br>
<br>
> I don't know if those emails come from whois or something
else, but some logs may tell.<br>
<br>
Why is this relevant?<br>
<br>
> I my opinion it will be nicer to get a response from
Wafa, and I'm sure the community will be happy to forgive her.
My intent is not to punish anyone, just to make sure that we
find solutions to possible problems and mistakes and avoid
repeating them.<br>
<br>
I have no issue with the use of the email addresses. I think
the far more important issue here is the message sent under
color of authority which authority likely was not authorized
to Wafa at the time.<br>
<br>
Owen<br>
<br>
> <br>
> Regards,<br>
> Jordi<br>
> @jordipalet<br>
> <br>
> <br>
> <br>
> El 5/7/19 10:16, "Alan Barrett" <<a
href="mailto:alan.barrett@afrinic.net" target="_blank"
moz-do-not-send="true">alan.barrett@afrinic.net</a>>
escribió:<br>
> <br>
> <br>
> <br>
>> On 3 Jul 2019, at 15:50, JORDI PALET MARTINEZ via
Community-Discuss <<a
href="mailto:community-discuss@afrinic.net" target="_blank"
moz-do-not-send="true">community-discuss@afrinic.net</a>>
wrote:<br>
>> <br>
>> I’m angrier about this as much as I think on it
again.<br>
>> <br>
>> Can the board and the staff investigate this?<br>
>> <br>
>> Can all the people that got those emails confirm if
they have provided voluntarily their emails or if they have
participated in Afrinic lists, or if those emails are part of
their Afrinic contacts, in order to understand if this
personal data (emails are personal data), have been collected
from Afrinic internal databases.<br>
> <br>
> There is no reasonable way for AFRINIC staff to
investigate whether the recipients had agreed to receive the
messages sent by Wafa Dahmani. There is also no reasonable
way for staff to investigate whether email addresses were
collected from the public WHOIS database. There is no
non-public AFRINIC database that could have been used.<br>
> <br>
> Regards,<br>
> Alan Barrett<br>
> <br>
> <br>
> _______________________________________________<br>
> Community-Discuss mailing list<br>
> <a href="mailto:Community-Discuss@afrinic.net"
target="_blank" moz-do-not-send="true">Community-Discuss@afrinic.net</a><br>
> <a
href="https://lists.afrinic.net/mailman/listinfo/community-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/community-discuss</a><br>
> <br>
> <br>
> <br>
> <br>
> **********************************************<br>
> IPv4 is over<br>
> Are you ready for the new Internet ?<br>
> <a href="http://www.theipv6company.com" rel="noreferrer"
target="_blank" moz-do-not-send="true">http://www.theipv6company.com</a><br>
> The IPv6 Company<br>
> <br>
> This electronic message contains information which may be
privileged or confidential. The information is intended to be
for the exclusive use of the individual(s) named above and
further non-explicilty authorized disclosure, copying,
distribution or use of the contents of this information, even
if partially, including attached files, is strictly prohibited
and will be considered a criminal offense. If you are not the
intended recipient be aware that any disclosure, copying,
distribution or use of the contents of this information, even
if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must
reply to the original sender to inform about this
communication and delete it.<br>
> <br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> Community-Discuss mailing list<br>
> <a href="mailto:Community-Discuss@afrinic.net"
target="_blank" moz-do-not-send="true">Community-Discuss@afrinic.net</a><br>
> <a
href="https://lists.afrinic.net/mailman/listinfo/community-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/community-discuss</a><br>
<br>
<br>
_______________________________________________<br>
Community-Discuss mailing list<br>
<a href="mailto:Community-Discuss@afrinic.net" target="_blank"
moz-do-not-send="true">Community-Discuss@afrinic.net</a><br>
<a
href="https://lists.afrinic.net/mailman/listinfo/community-discuss"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.afrinic.net/mailman/listinfo/community-discuss</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Community-Discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Community-Discuss@afrinic.net">Community-Discuss@afrinic.net</a>
<a class="moz-txt-link-freetext" href="https://lists.afrinic.net/mailman/listinfo/community-discuss">https://lists.afrinic.net/mailman/listinfo/community-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>