[cc-humanrights] Fwd: [Accred-Model] Codes of conduct

Collin Kurre collin at article19.org
Tue Jul 17 17:09:11 UTC 2018

Dear colleagues,

Forwarding the message below in case you hadn't seen it (emphasis mine). 

This is a very exciting time for human rights in ICANN! The mandate for impact assessments becomes clearer every day in light of GDPR debates, and the (hopefully) imminent approval of the HR Bylaw Framework of Interpretation <https://community.icann.org/display/WEIA/Documents?preview=/59641302/79437270/CCWG-Accountability-WS2-HumanRight-FinalReport-20171106%5B1%5D.pdf> will add institutional weight to the requirement for ICANN to respect internationally recognized human rights. 

Looking forward to monitoring the EPDP process, supporting the NCSG delegates, and carrying out our first multistakeholder HRIA <https://icannhumanrights.net/wp-content/uploads/2018/05/DRAFT-ICANN-HRIA-questionnaire-model.pdf> in parallel once the EPDP kicks off.

On the administrative side of things, we’re working to schedule a CCWP-HR call to discuss these and other developments in a few weeks time, most likely on 31 July. An agenda will be circulated in the coming days once we’ve secured the meeting time.

Kind regards,

Collin Kurre

> Begin forwarded message:
> From: jonathan m <jonathan.matkowsky at riskiq.net>
> Subject: Re: [Accred-Model] Codes of conduct
> Date: July 16, 2018 at 11:54:18 PM GMT+1
> To: "accred-model at icann.org" <accred-model at icann.org>
> Cc: "gdpr at icann.org" <gdpr at icann.org>
> Reply-To: jdm at riskiq.net
> All,
> Any model that doesn’t take into account for transparency of processing that a data subject has the right to typically object and freeze the processing is not compliant with GDPR. I think the registrar as a controller must also have the right to object. That doesn’t mean that the processing won’t eventually continue if it is compelling and overrides the rights and freedoms of the individual but subject to Chapter 7 of the GDPR.
> When safety is a concern, then as long as the data subject knows which supervisory authority is overseeing the code of conduct under which the request is being made, it’s possible to protect the identity of the requestor. This should be relatively rare. 
> Not every legitimate interest outweighs the rights and freedoms of the data subject, and a privacy impact assessment is required. Not every legitimate interest is entitled to the same weight under GDPR, and the risks and severity of harm to the person must be considered especially when certain interests at stake aren’t the same as those of the controller. 
> We need RDAP to accommodate these concerns. When law enforcement has legitimate interests, they can use the same RDAP tier of access, but when pursuing a criminal offense or investigation, a different model of access must be accommodated under the LED etc.
> Ignoring these issues won’t make them go away.  I hope that truly consensus-building voices participate in the EPDP, because it’s time we stop trying to keep Whois to the greatest extent possible and instead design the next generation to be better—more accurate, with more accountability and integrity but also consistent with data protection laws and internationally recognized norms. It makes sense to generally treat all people — regardless of where they reside, with the same inherent rights and freedoms that European laws are attempting to protect.
> Jonathan Matkowsky
> VP - Cybersecurity, Privacy & IP
> RiskIQ, Inc.
> -- 
> Jonathan Matkowsky
> *******************************************************************
> This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
> *******************************************************************_______________________________________________
> Accred-Model mailing list
> Accred-Model at icann.org
> https://mm.icann.org/mailman/listinfo/accred-model

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cc-humanrights/attachments/20180717/64e584b1/attachment.html>

More information about the cc-humanrights mailing list