In message <f4fd7e89-f816-a3b4-471a-b405632bf2f6@key-systems.net>, Volker Greimann <vgreimann@key-systems.net> wrote:
If you buy land, there is a legal requirement to get yourself registered. This legal basis is sufficient grounds for data processing under the GDPR under Art 6 I c) ("processing is necessary for compliance with a legal obligation to which the controller is subject").
I am very glad that you have explicitly clarified this exception to the GDPR rules, as it allows me to ask a question which has, quite frankly, befuddled me ever since this whole GDPR versus WHOIS lunacy began. As I understand it, the binding contractual obligations which all individual domain name registrants have committed to include the requirment to provide accurate WHOIS data, with the understanding that this information will be published. Also and similarly, as I understand it, domain name registrars and registries (with the exception of the ccTLDs) have all contractually committed themselves (to ICANN) to actually publish this data. Could someone please explain to me then how these pre-existing contractual obligations somehow fall outside of the exception stated in GDPR Art 6 I c? In what sense are these pre-existing contractual obligations not "legal obligations", as defined, presumably, within the GDPR framework? Regards, rfg