
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>

</head>

<body dir="ltr">

<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">

<p style="margin-top:0;margin-bottom:0">I've always assumed that determination of a civil or criminal violation, assignment of a penalty, and enforcement of the penalty were the responsibility of appropriate agencies within the appropriate jurisdictions of

 EEA, and therefore outside of the scope of ICANN.  The same assumption would apply to any potential future privacy laws created and enforced elsewhere in the world.  The only role I could see for ICANN is possible removal of accreditation according to a TBD

 process after such a penalty is assigned. (per IV.F)</p>

<p style="margin-top:0;margin-bottom:0"><br>

</p>

<p style="margin-top:0;margin-bottom:0"><br>

</p>

</div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Accred-Model <accred-model-bounces@icann.org> on behalf of Cyntia King <cking@modernip.com><br>

<b>Sent:</b> Tuesday, June 19, 2018 11:26:57 AM<br>

<b>To:</b> 'Rubens Kuhl'<br>

<b>Cc:</b> 'John R. Levine'; accred-model@icann.org<br>

<b>Subject:</b> Re: [Accred-Model] Version 1.6 of the Accreditation and Access Model</font>

<div> </div>

</div>

<meta content="text/html; charset=utf-8">

<meta name="x_Generator" content="Microsoft Word 15 (filtered medium)">

<style>

<!--

@font-face

        {font-family:Helvetica}

@font-face

        {font-family:Wingdings}

@font-face

        {font-family:"Cambria Math"}

@font-face

        {font-family:Calibri}

@font-face

        {font-family:"Century Gothic"}

p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif}

a:x_link, span.x_MsoHyperlink

        {color:blue;

        text-decoration:underline}

a:x_visited, span.x_MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline}

p.x_MsoListParagraph, li.x_MsoListParagraph, div.x_MsoListParagraph

        {margin-top:0in;

        margin-right:0in;

        margin-bottom:0in;

        margin-left:.5in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif}

p.x_msonormal0, li.x_msonormal0, div.x_msonormal0

        {margin-right:0in;

        margin-left:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif}

span.x_apple-converted-space

        {}

span.x_EmailStyle19

        {font-family:"Century Gothic",sans-serif;

        color:#0D0D0D;

        font-weight:normal;

        font-style:normal}

span.x_EmailStyle20

        {font-family:"Century Gothic",sans-serif;

        color:#0D0D0D;

        font-weight:normal;

        font-style:normal}

.x_MsoChpDefault

        {font-size:10.0pt}

@page WordSection1

        {margin:1.0in 1.0in 1.0in 1.0in}

div.x_WordSection1

        {}

ol

        {margin-bottom:0in}

ul

        {margin-bottom:0in}

-->

</style>

<div lang="EN-US" link="blue" vlink="purple">

<div class="x_WordSection1">

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">This would be an enforcement nightmare.</span></p>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

<p class="x_MsoNormal" style="margin-bottom:6.0pt"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">Multiple enforcement mechanisms for ICANN Whois accreditation policy including govt agencies - potentially many govts around the world.</span></p>

<ul type="disc" style="margin-top:0in">

<li class="x_MsoListParagraph" style="color:#0D0D0D; margin-bottom:6.0pt; margin-left:0in">

<span style="font-family:"Century Gothic",sans-serif">Could we implement standardized penalties?  Or would it vary govt-to-govt?</span></li><li class="x_MsoListParagraph" style="color:#0D0D0D; margin-bottom:6.0pt; margin-left:0in">

<span style="font-family:"Century Gothic",sans-serif">Would there also be private, for-profit enforcement entities?</span></li><li class="x_MsoListParagraph" style="color:#0D0D0D; margin-bottom:6.0pt; margin-left:0in">

<span style="font-family:"Century Gothic",sans-serif">Would each entity be able to charge whatever they want?</span></li><li class="x_MsoListParagraph" style="color:#0D0D0D; margin-left:0in"><span style="font-family:"Century Gothic",sans-serif">What would happen if a govt wasn’t following the rules themselves - would they have provider contracts w/ ICANN?</span></li></ul>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">Unfortunately, this proposition sounds like an unmanageable, expensive & fragmented mess to me.</span></p>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

<p class="x_MsoNormal"><b><span style="font-size:12.0pt; font-family:"Century Gothic",sans-serif; color:#0D0D0D">Cyntia King</span></b></p>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">O:  +1 816.633.7647</span></p>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">C:  +1 818.209.6088</span></p>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"><img width="129" height="58" id="x_Picture_x0020_1" alt="Email Logo5" style="width:1.3437in; height:.6041in" data-outlook-trace="F:1|T:1" src="cid:image001.jpg@01D407CE.2D258CC0"></span></p>

</div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

<div>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">

<p class="x_MsoNormal"><b>From:</b> Rubens Kuhl <rubensk@nic.br> <br>

<b>Sent:</b> Tuesday, June 19, 2018 1:03 PM<br>

<b>To:</b> Cyntia King <cking@modernip.com><br>

<b>Cc:</b> John R. Levine <johnl@iecc.com>; accred-model@icann.org<br>

<b>Subject:</b> Re: [Accred-Model] Version 1.6 of the Accreditation and Access Model</p>

</div>

</div>

<p class="x_MsoNormal"> </p>

<p class="x_MsoNormal">Cyntia,</p>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">Just to be clear, the initial suggestion by Michael Palage incorporated in itself a mechanism, instead of relying on Privacy Shield. Perhaps Privacy Shield certification could be use to achieve some of its requirements in order to save

 for organizations already subscribed for it, instead of being the only option. </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal"> </p>

</div>

<div>

<p class="x_MsoNormal">Rubens</p>

</div>

<div>

<p class="x_MsoNormal"> </p>

<div>

<div>

<p class="x_MsoNormal"><br>

<br>

</p>

<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">

<div>

<p class="x_MsoNormal">Em 19 de jun de 2018, à(s) 14:58:000, Cyntia King <<a href="mailto:cking@modernip.com">cking@modernip.com</a>> escreveu:</p>

</div>

<p class="x_MsoNormal"> </p>

<div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">Easy for whom?<br>

I'm a small business owner & this is daunting, to say the least.<br>

And there are multiple fees involved.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">Are we suggesting that this should be ICANN’s enforcement mechanism for accessing Whois data?  This would be on top of the accreditation & fees we’re already discussing,

 right?</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">What about ‘foreign’ companies - are we asking non-US companies to self-certify w/ the Us govt?</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">I don’t see how this solves much of anything, but it would certainly make accreditation more difficult & expensive.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><b><span style="font-size:12.0pt; font-family:"Century Gothic",sans-serif; color:#0D0D0D">Cyntia King</span></b></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">O:  +1 816.633.7647</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">C:  +1 818.209.6088</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"><image001.jpg></span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">-----Original Message-----<br>

From: Accred-Model <</span><a href="mailto:accred-model-bounces@icann.org"><span style="font-family:"Century Gothic",sans-serif">accred-model-bounces@icann.org</span></a><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">> On Behalf Of Rubens

 Kuhl<br>

Sent: Tuesday, June 19, 2018 12:48 PM<br>

To: John R. Levine <</span><a href="mailto:johnl@iecc.com"><span style="font-family:"Century Gothic",sans-serif">johnl@iecc.com</span></a><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">><br>

Cc: </span><a href="mailto:accred-model@icann.org"><span style="font-family:"Century Gothic",sans-serif">accred-model@icann.org</span></a><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"><br>

Subject: Re: [Accred-Model] Version 1.6 of the Accreditation and Access Model</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">> Em 19 de jun de 2018, à(s) 14:32:000, John R. Levine <</span><a href="mailto:johnl@iecc.com"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D; text-decoration:none">johnl@iecc.com</span></a><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">>

 escreveu:</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">><span class="x_apple-converted-space"> </span></span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">>> It's great when there is actually an easy solution.  At least for the many US companies, law firms, cybersecurity firms, and others (and this a huge part of the group

 seeking access), they should "self-certify" to the EU-US Privacy Shield, via procedures set up by the US Department of Commerce and Federal Trade Commission.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">><span class="x_apple-converted-space"> </span></span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">> Well, at least until the EU courts kill privacy shield like they did Safe Harbor.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">><span class="x_apple-converted-space"> </span></span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">> Banks and non-profits such as CAUCE are not eligible for Privacy Shield (they're not regulated by the FTC or DOT.)  For small organizations the PS rules are extremely

 conplex and there's a mandatory annual payment to cover potential arbitration costs.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">><span class="x_apple-converted-space"> </span></span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">> Can we back up and explain what problem this overcomplex "solution" is supposed to be solving here?</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">Having redress mechanisms for data subjects that have their data privacy rights violated. With great power, there must also come great responsibility.</span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D"> </span></p>

</div>

<div>

<p class="x_MsoNormal"><span style="font-family:"Century Gothic",sans-serif; color:#0D0D0D">Rubens</span></p>

</div>

</div>

</blockquote>

</div>

<p class="x_MsoNormal"> </p>

</div>

</div>

</div>

</div>

</body>

</html>