[arin-ppml] Draft Policy ARIN-2024-1: Definition of Organization ID/Org ID

[Roman Tatarnikov]

Oh, that's a fun case. On one side restricting everything to incorporated entities feels like creating barriers, but on the other side there are Privacy Laws.

Great example would be getting consent about sharing the information of a particular person, and tracking what is shared and where, ensuring that no PII was leaked out. While Europe has GDPR, in the US, as far as I remember, there were only six states with privacy laws. And a quick search shows that there has been a lot of new developments: https://www.dataguidance.com/comparisons/usa-privacy-laws And that's just the US, where no federal law is in sight to address this. Canada has PIPEDA, and the region that ARIN covers is much larger than just those two.

So if we're going to allow individuals to be listed under Org ID, we'd need to ensure that RIR is tracking how it is used, where, and taking measures to comply with all those emerging and quickly changing privacy laws. It's going to be such a nightmare that I doubt it's worth the hustle. Keeping Org ID defined as it is in the proposal should avoid those issues. I believe very few individuals hold resources, and registering as a Sole-Proprietorship or DBA should be an easy work around. I am unaware of how RIPE is addressing this, but it might be one of those topics to ask them about.

I support the proposal as written.

-- 
Roman V Tatarnikov | https://linkedin.com/in/rtatarnikov