That's an interesting point Roman, but I think that ship may have already sailed.
If a privacy law covers the registrant of an Org ID, presumably it also covers POC records as well, which are also published in WHOIS. Do we need to prohibit POC records from being natural persons as well (genuine question)? Given we also have at least 1 known case of a natural person(s) registering as an Org ID, ARIN would also either need to revoke any existing resources granted to natural persons, force them to transfer to a juridical person, or deal with the privacy/legal implications anyways. Finally, as you alluded to, RIPE does permit natural persons to receive resources despite having more jurisdictions under their purview, in addition to the GDPR to contend with. I think this is probably something where ARIN legal would need to chime in, but in the absence of a compelling legal reason why supporting natural persons is prohibitively difficult, I believe that ARIN should support the registration of resources to natural persons. Tyler On Sun, 2024-02-04 at 09:46 -0800, Roman Tatarnikov wrote: > Oh, that's a fun case. On one side restricting everything to > incorporated entities feels like creating barriers, but on the other > side there are Privacy Laws. > > Great example would be getting consent about sharing the information > of a particular person, and tracking what is shared and where, > ensuring that no PII was leaked out. While Europe has GDPR, in the > US, as far as I remember, there were only six states with privacy > laws. And a quick search shows that there has been a lot of new > developments: > https://www.dataguidance.com/comparisons/usa-privacy-laws And that's > just the US, where no federal law is in sight to address this. Canada > has PIPEDA, and the region that ARIN covers is much larger than just > those two. > > So if we're going to allow individuals to be listed under Org ID, > we'd need to ensure that RIR is tracking how it is used, where, and > taking measures to comply with all those emerging and quickly > changing privacy laws. It's going to be such a nightmare that I doubt > it's worth the hustle. Keeping Org ID defined as it is in the > proposal should avoid those issues. I believe very few individuals > hold resources, and registering as a Sole-Proprietorship or DBA > should be an easy work around. I am unaware of how RIPE is addressing > this, but it might be one of those topics to ask them about. > > I support the proposal as written. > _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.