[arin-ppml] Draft Policy ARIN-2024-1: Definition of Organization ID/Org ID

Tyler O'Meara arin at tyleromeara.com
Sun Feb 4 14:21:59 EST 2024


That's an interesting point Roman, but I think that ship may have
already sailed.

If a privacy law covers the registrant of an Org ID, presumably it also
covers POC records as well, which are also published in WHOIS. Do we
need to prohibit POC records from being natural persons as well
(genuine question)?

Given we also have at least 1 known case of a natural person(s)
registering as an Org ID, ARIN would also either need to revoke any
existing resources granted to natural persons, force them to transfer
to a juridical person, or deal with the privacy/legal implications
anyways.

Finally, as you alluded to, RIPE does permit natural persons to receive
resources despite having more jurisdictions under their purview, in
addition to the GDPR to contend with.

I think this is probably something where ARIN legal would need to chime
in, but in the absence of a compelling legal reason why supporting
natural persons is prohibitively difficult, I believe that ARIN should
support the registration of resources to natural persons.

Tyler

On Sun, 2024-02-04 at 09:46 -0800, Roman Tatarnikov wrote:
> Oh, that's a fun case. On one side restricting everything to
> incorporated entities feels like creating barriers, but on the other
> side there are Privacy Laws.
> 
> Great example would be getting consent about sharing the information
> of a particular person, and tracking what is shared and where,
> ensuring that no PII was leaked out. While Europe has GDPR, in the
> US, as far as I remember, there were only six states with privacy
> laws. And a quick search shows that there has been a lot of new
> developments:
> https://www.dataguidance.com/comparisons/usa-privacy-laws And that's
> just the US, where no federal law is in sight to address this. Canada
> has PIPEDA, and the region that ARIN covers is much larger than just
> those two.
> 
> So if we're going to allow individuals to be listed under Org ID,
> we'd need to ensure that RIR is tracking how it is used, where, and
> taking measures to comply with all those emerging and quickly
> changing privacy laws. It's going to be such a nightmare that I doubt
> it's worth the hustle. Keeping Org ID defined as it is in the
> proposal should avoid those issues. I believe very few individuals
> hold resources, and registering as a Sole-Proprietorship or DBA
> should be an easy work around. I am unaware of how RIPE is addressing
> this, but it might be one of those topics to ask them about.
> 
> I support the proposal as written.
> 




More information about the ARIN-PPML mailing list