[gdpr-discuss] delegated authority
Moritz Bartl
moritz at techcultivation.org
Sat Apr 14 17:14:48 BST 2018
> I see those as different things. With domain registration, someone at
> CCC is the registered agent for ccc.de. It seems that such a person
> would be ultimately responsible for what happens at, say, the
> jabber.ccc.de service. Yet probably the folks at Automattic don't want
> to take ultimate responsibility for what gets posted or (via WooCommerce
> plugins, sold) at foobar.wordpress.com.
Careful. There is a big legal difference between username.wordpress.com,
where Automattic _is_ in fact operating the service behind that
subdomain, and merely being in control of the DNS entries, with someone
else operating the service behind that entry.
This reminds me of the case of a friend some years ago. He owned (owns?)
a domain that is pointing to web servers operated by Wikileaks, and got
sued over some illegal content on that site. The court agreed that he
was not in control of the content, and that it was _not_ proportionate
for him to take down the whole domain (and *all* its content, most of
which is legitimate/legal). And here we're even talking about the
second-level domain, not a subdomain! We can include link shorteners and
(sub)domain forwarding/dyndns services in this line of thinking to make
it clear that there is a legal difference.
So, you can own a domain, and not be responsible for the content of a
(sub)domain. Remember, all this is evaluated on a case-by-case basis in
civil law countries.
-- moritz
More information about the gdpr-discuss
mailing list