Re: [Community-Discuss] AFRINIC and the GDPR

Owen, Firstly – AfriNIC does hold data on EU residents – that is without question – I know of a couple of cases of EU residents with their data held by AfriNIC without even thinking of it. Secondly – irrespective of if they are signatories or not – if AfriNIC chooses to do any business with RIP

Re: [Community-Discuss] AFRINIC and the GDPR

I think Andrew is right. I just found a short article that explains it: https://www.gdprandbeyond.com/blog-post/data-privacy/gdpr-affect-non-european-companies/ If you don’t want to read all the article, this is the key: “The short answer is: the regulation will affect firms both in

Re: [Community-Discuss] AFRINIC and the GDPR

Btw Owen, I might also point out – AfriNIC has EU territories that it services directly – which heightens this even further Andrew From: Andrew Alston [mailto:andrew.als...@liquidtelecom.com] Sent: 11 April 2018 13:06 To: Owen DeLong Cc: General ; AFRINIC Board of Directors' List Subject: R

Re: [Community-Discuss] AFRINIC and the GDPR

Dear Andrew, Members and the whole Afrinic community, Andrew has raised a very important issue for Afrinic operations - Thanks so much Andrew. The Board would like to inform you that the issue was discussed within the Board at the Afrinic 27 meeting in Lagos and the Management was tasked to

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Abibu, Considering that the board is facing a tabled and accepted motion of no confidence in Dakar – which has been accepted to the Agenda – and considering the GDPR comes into force on the 25th of May – is it not prudent of the board to do investigations and conclude them before the Dakar m

Re: [Community-Discuss] AFRINIC and the GDPR

Hi, > Considering that the board is facing a tabled and accepted motion of no > confidence in Dakar – which has been accepted to the Agenda Wait, what motion? I have seen the message from Sunday that he is stepping down as chair, and I of course have seen the allegations. I haven't seen a motio

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Sander, Mark tabled the following motion (and has agreed to let me send this to the community list on the phone just now) – this motion has also been accepted in emails to the members list from the board From Mark’s email to the member list I have been watching the mailing lists

Re: [Community-Discuss] AFRINIC and the GDPR

Oh boy... Interesting AGMM awaits in Dakar, as it seems :) ⁣Cheers, Jan Žorž --- Sent from mobile phone, please excuse brevity and top-posting...​ On Apr 11, 2018, 15:06, at 15:06, Andrew Alston wrote: >Hi Sander, > >Mark tabled the following motion (and has agreed to let me send this to >the c

Re: [Community-Discuss] AFRINIC and the GDPR

If I can add to this, there is as yet no clear direction from the European DPAs as a collective on how GDPR affects whois access in general. The RIPE NCC approach is premised on their interactions with the Dutch DPA, rather than a Europe wide approach. In addition, I am not sure I concur with M

[Community-Discuss] Perturbation d'Internet au Tchad

Merci de trouver ci-dessous les liens vers les déclarations de l’ISOC sur les perturbations des reseaux sociaux et internet au Tchad. Merci d'en faire large diffusion. English: https://www.internetsociety.org/blog/2018/ 04/internet-shutdowns-cannot-solution-political-challenges-chad/ French: http

Re: [Community-Discuss] AFRINIC and the GDPR

Thanks Mike, That’s actually pretty useful in some sense – but can I ask for an English interpretation of the last sentence for those of us that sadly don’t speak Lawyer ☺ Thanks Andrew From: Mike Silber Date: Wednesday, 11 April 2018 at 16:34 To: "Abibu R. Ntahigiye" Cc: Andrew Alston , G

Re: [Community-Discuss] AFRINIC and the GDPR

Mike, Also just to clarify – I believe this goes beyond whois data – there is far more data that AfriNIC holds than just the whois data that could be affected by this. I concede the whois portion I may well be wrong on that – the rest of it – as I said – I simply want to see from AfriNIC a rep

Re: [Community-Discuss] AFRINIC and the GDPR

No issue with doing a proper information audit (what there is, where it is stored, how it can be accessed and by whom). That is just good information security practice. However I am still not certain that holding any of that information actually makes AfriNIC a controller in terms of the GDPR.

Re: [Community-Discuss] AFRINIC and the GDPR

> On 11 Apr 2018, at 17:54, Mike Silber wrote: > > No issue with doing a proper information audit (what there is, where it is > stored, how it can be accessed and by whom). That is just good information > security practice. > > However I am still not certain that holding any of that informat

Re: [Community-Discuss] AFRINIC and the GDPR

Roughly translated: The ability of EU to inflict GDPR on those operators outside of EU is predicated on that operator having some business operation or presence within the EU which allows them to subject you to their jurisdiction. Determining that you have said presence re

Re: [Community-Discuss] AFRINIC and the GDPR

Can we get a clarification from staff whether the wording in this motion would permit or preclude electronic voting for the directors to be elected at the proposed SGMM? Thanks, Owen > On Apr 11, 2018, at 06:10 , Jan Zorz Go6 wrote: > > Oh boy... Interesting AGMM awaits in Dakar, as it seem

Re: [Community-Discuss] AFRINIC and the GDPR

I would agree with that completely The Mauritius DPA is actually aligned with the old EU Data Privacy Directive and not the GDPR. There are some interesting changes from the DPD to the GDPR. Most are quite minor in language (but could be more significant in application - time will tell). > O

Re: [Community-Discuss] AFRINIC and the GDPR

Owen, Would the fact that AfriNIC serves La Réunion and Mayotte not create such a nexus since both are formally part of the EU? In the same way – there are various EU members served by ARIN? Andrew From: Owen DeLong [mailto:o...@delong.com] Sent: 11 April 2018 17:12 To: Andrew Alston Cc: Mi

Re: [Community-Discuss] AFRINIC and the GDPR

Owen, I would presume that people could still vote for said directors – both before or after the vote is passed if it does indeed pass. I would however hope that if the vote passed – the directors who were part of the current board would do the honorable thing and honor the motion and step asi

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 03:51 , Andrew Alston > wrote: > > Btw Owen, > > I might also point out – AfriNIC has EU territories that it services directly > – which heightens this even further > > Andrew > > > From: Andrew Alston [mailto:andrew.als...@liquidtelecom.com >

Re: [Community-Discuss] AFRINIC and the GDPR

They are not Member States. And Owen is not really that accurate in his interpretation. He mixes up enforcement (real nexus through operations) with some theoretical applicability which is poorly defined and has no practical expression in the GDPR and will need national DPAs to provide teeth.

Re: [Community-Discuss] AFRINIC and the GDPR

Well the vote for board does not apply they are elected in this case by “Acclamation” does not need a vote per say as there are only one candidate up to PDWG. > On Apr 11, 2018, at 18:21, Andrew Alston > wrote: > > Owen, > > I would presume that people could still vote for said directors –

Re: [Community-Discuss] AFRINIC and the GDPR

First, that article is written very much from a US perspective and addresses concerns strictly from the US and in some cases UK perspective. Second, this paragraph is key: Taking this into account, he advises: “Organisations outside of Europe must first decide if they currently are – or are pla

Re: [Community-Discuss] AFRINIC and the GDPR

Mike Réunion and Mayotte are the outermost region of the European Union and, as an overseas department of France, part of the Eurozone

Re: [Community-Discuss] AFRINIC and the GDPR

Respectfully Kris - they are a French overseas territory and this subject to French law. They are not members of the EU in their own right. As such - we need to hear from the French DPA on their interpretation and not chasing a chimera. I would not worry unless and until the French DPA proclai

Re: [Community-Discuss] AFRINIC and the GDPR

> On 11 Apr 2018, at 18:19, Mike Silber wrote: > > The Mauritius DPA is actually aligned with the old EU Data Privacy Directive > and not the GDPR. There’s a 2017 revision to the Mauritius Data Protection Act. Alan Barrett ___ Community-Discuss m

Re: [Community-Discuss] AFRINIC and the GDPR

The GDPR language is very broad. In recital 23 the drafters give some hints about what sorts of non-Union controllers may actually be covered. The full wording indicates: (23) In order to ensure that natural persons are not deprived of the protection to which they are entitled under this Regula

Re: [Community-Discuss] AFRINIC and the GDPR

exactly….i would suggest all to not talk over something and the ceo already has on his plate.So i’d suggest we let him deal. It was a good question we discussed and if we continue we will end up like the RDS of ICANN over GDPR. Here, it is a clear cut advise from DPA. Let the CEO and his team do

Re: [Community-Discuss] AFRINIC and the GDPR

Which should in principle bring Mauritius adequacy in terms of GDPR. However, as the adequacy rules have yet to be finalised, it is difficult to say. On Wed, 11 Apr 2018 at 16:39, Alan Barrett wrote: > > > > On 11 Apr 2018, at 18:19, Mike Silber wrote: > > > > The Mauritius DPA is actually ali

Re: [Community-Discuss] AFRINIC and the GDPR

Yes… And even WRT whois, if you’re stuck going down the GDPR road, then it’s also about the data collected, the “voluntary” nature of the submission of the data, etc. It’s much more far-reaching than what is published. Owen > On Apr 11, 2018, at 06:47 , Andrew Alston > wrote: > > Mike, >

Re: [Community-Discuss] AFRINIC and the GDPR

Thanks Alan … i was going to point to that as i remember their was a need to align with DPA and Afrinic was registered as a data controller. But am sure we’ll get over the hurdle. > On Apr 11, 2018, at 18:00, Alan Barrett wrote: > > > >> On 11 Apr 2018, at 17:54, Mike Silber wrote: >> >> N

Re: [Community-Discuss] AFRINIC and the GDPR

 Interesting discussion. It seems many are not aware of the reality of the European Union's extent and how RIR divided the world: https://www.arin.net/vault/about_us/bot/bot2017_1005.html"Merike Kaeo indicated that due to General Data Protection Regulations (GDPR), organizations are going 'dark' wi

Re: [Community-Discuss] AFRINIC and the GDPR

Further, unless your in a silly country that was dumb enough to sign a treaty extending EU’s legal reach into your sovereignty, such as the stupid congress of the united States, then you can offer the EU a nice big Italian sign language gesture regarding their GDPR and continue on with business as

Re: [Community-Discuss] AFRINIC and the GDPR

+1 john... > On Apr 11, 2018, at 19:07, John Walu wrote: > > Further, unless your in a silly country that was dumb enough to sign a treaty > extending EU’s legal reach into your sovereignty, such as the stupid congress > of the united States, then you can offer the EU a nice big Italian sign

Re: [Community-Discuss] Community-Discuss Digest, Vol 296, Issue 1

nging before the 25th of May to ensure that when the GDPR comes into force AfriNIC is compliant. Considering that the regulation comes into force on the 25th of May 2018 - and AfriNIC is 100% holding data of EU Citizens, which makes them subject to the regulations irrespective of the fact tha

Re: [Community-Discuss] AFRINIC and the GDPR

Here is the ARIN blog post about it: https://teamarin.net/2018/03/20/personal-data-privacy-considerations-at-arin/ Rgds, McTim On Wed, Apr 11, 2018 at 11:00 AM, Dabu Sifiso wrote: > > Interesting discussion. > > It seems many are not aware of the reality of the European Union's extent > and h

Re: [Community-Discuss] AFRINIC and the GDPR

Well, then, that makes it just as bad for MU as it is for US. Owen > On Apr 10, 2018, at 23:18 , Kris Seeburn wrote: > > Mauritius is signatory that’s where the safe harbour was put In place years > back. All BPOs in mauritius are holding EU citizen / resident data. the Data > Protection off

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 07:19 , Andrew Alston > wrote: > > Owen, > > Would the fact that AfriNIC serves La Réunion and Mayotte not create such a > nexus since both are formally part of the EU? The answer is it depends. IANAL, but AIUI… La Réunion and Mayotte may think it does, but that doe

Re: [Community-Discuss] AFRINIC and the GDPR

Not quite bad it’s business and economic based. Most of the BPO companies are and have EU citizen /resident data and for the outsourcing to continue to operate within bounds and still survive. I do not think Mauritian government had any option than to go forward with this. Now the agreement with

Re: [Community-Discuss] AFRINIC and the GDPR

That isn’t the question. The question is… Since the wording of the motion specifically states “by ballot at the SGMM”, I am asking whether said ballot would include electronic voting leading up to the SGMM or not. It could be argued that the specific text of the motion precludes electronic vot

Re: [Community-Discuss] AFRINIC and the GDPR

In the past and by precedent voting at a meeting includes electronic votes cast during the course of a meeting. Of course the board must rule on this - but failure to open the electronic vote would be massively prejudicial to the majority of the member base. Andrew Get Outlook for iOS

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 08:07 , John Walu wrote: > > Further, unless your in a silly country that was dumb enough to sign a treaty > extending EU’s legal reach into your sovereignty, such as the stupid congress > of the united States, then you can offer the EU a nice big Italian sign > languag

Re: [Community-Discuss] AFRINIC and the GDPR

I didn’t say it was unnecessary. I said it was bad. GDPR is a bad regulation as far as I’m concerned and the more its grasp expands, the worse it is for all affected. If for no other reason than the incredible extra-territorial jurisdiction land-grab, this sets a terrible precedent. Owen > O

Re: [Community-Discuss] AFRINIC and the GDPR

Hi McTim, Thnx for posting the ARIN position. Obviously very detached - based on the valid reasons they give ;-) It may also be nice to read the RIPE position. I think it would be more relevant for Afrinic. Have a read. https://labs.ripe.net/Members/Athina/how-we-re-implementing-the-gdpr-the-

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Owen, At 09:05 AM 11-04-2018, Owen DeLong wrote: Since AfriNIC isn't actually present in either location, it's up to the government of Mauritius whether it would do any of the following: 1.Allow suit based on GDPR violation to be brought in an MU court. 2.Extradite AfriNIC for suit in a court

Re: [Community-Discuss] AFRINIC and the GDPR

> On Apr 11, 2018, at 09:47 , S Moonesamy wrote: > > Hi Owen, > At 09:05 AM 11-04-2018, Owen DeLong wrote: >> Since AfriNIC isn't actually present in either location, it's up to the >> government of Mauritius whether it would do any of the following: >> 1.Allow suit based on GDPR violation to

Re: [Community-Discuss] AFRINIC and the GDPR

Hi Owen, At 10:29 AM 11-04-2018, Owen DeLong wrote: I'm not referring to any specific treaty. I'm stating that the mechanism by which MU could subject its citizens to EU jurisdiction would be a treaty signed by EU and MU. Thank you for the clarification. Regards, S. Moonesamy