On Wed, May 05, 2021 at 04:01:58PM +0000, Mueller, Milton L ([log in to unmask]) wrote:

> As I explained, no differentiation is _not_ an option anymore.

What kind of differentiation?

One kind that *cannot* be done is assuming that if a registrant is a
legal person (regardless of how that is determined) their data is not
personally identifiable information and out of scope of GDPR and other
similar privacy laws.

(That can't really be determined on a registrant-by-registrant basis
at all, it may differ for each individual data point, and may change
whenever the data is changed. There's nothing to stop Google from
changing one of their contacts to a named individual whenever they
choose, for example.)

I'm not sure what other purpose differentiation the legal vs. natural
personhood of a registrant would be useful for, but perhaps there is
something I'm missing.

On Thu, May 06, 2021 at 01:36:15AM +0000, Mueller, Milton L ([log in to unmask]) wrote:

> registrars who let registrants consensually put personal information
> into the registration record of a legal person are not going to be
> sued and are not violating the law.

Key word here is _consensually_. With registrants' consent that can
be done, regardless of whether they're natural or legal persons.

What does the legal vs natural distinction buy here?

-- 
Tapani Tarvainen