[arin-ppml] Draft Policy ARIN-2024-1: Definition of Organization ID/Org ID

Mon Feb 5 11:21:15 EST 2024

Unfortunately, legal person is also problematic as it would eliminate unincorporated business entities. 

Suggest adding legal person as an additional term to the proposed language rather than replacing it. 

Owen

> On Feb 4, 2024, at 11:22, Tyler O'Meara via ARIN-PPML <arin-ppml at arin.net> wrote:
> 
> That's an interesting point Roman, but I think that ship may have
> already sailed.
> 
> If a privacy law covers the registrant of an Org ID, presumably it also
> covers POC records as well, which are also published in WHOIS. Do we
> need to prohibit POC records from being natural persons as well
> (genuine question)?
> 
> Given we also have at least 1 known case of a natural person(s)
> registering as an Org ID, ARIN would also either need to revoke any
> existing resources granted to natural persons, force them to transfer
> to a juridical person, or deal with the privacy/legal implications
> anyways.
> 
> Finally, as you alluded to, RIPE does permit natural persons to receive
> resources despite having more jurisdictions under their purview, in
> addition to the GDPR to contend with.
> 
> I think this is probably something where ARIN legal would need to chime
> in, but in the absence of a compelling legal reason why supporting
> natural persons is prohibitively difficult, I believe that ARIN should
> support the registration of resources to natural persons.
> 
> Tyler
> 
>> On Sun, 2024-02-04 at 09:46 -0800, Roman Tatarnikov wrote:
>> Oh, that's a fun case. On one side restricting everything to
>> incorporated entities feels like creating barriers, but on the other
>> side there are Privacy Laws.
>> 
>> Great example would be getting consent about sharing the information
>> of a particular person, and tracking what is shared and where,
>> ensuring that no PII was leaked out. While Europe has GDPR, in the
>> US, as far as I remember, there were only six states with privacy
>> laws. And a quick search shows that there has been a lot of new
>> developments:
>> https://www.dataguidance.com/comparisons/usa-privacy-laws And that's
>> just the US, where no federal law is in sight to address this. Canada
>> has PIPEDA, and the region that ARIN covers is much larger than just
>> those two.
>> 
>> So if we're going to allow individuals to be listed under Org ID,
>> we'd need to ensure that RIR is tracking how it is used, where, and
>> taking measures to comply with all those emerging and quickly
>> changing privacy laws. It's going to be such a nightmare that I doubt
>> it's worth the hustle. Keeping Org ID defined as it is in the
>> proposal should avoid those issues. I believe very few individuals
>> hold resources, and registering as a Sole-Proprietorship or DBA
>> should be an easy work around. I am unaware of how RIPE is addressing
>> this, but it might be one of those topics to ask them about.
>> 
>> I support the proposal as written.
>> 
> 
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.