<div dir="ltr">Dear Collin, all,<div><br></div><div>This is indeed timely and I find the call to "holisticism" (if there is such a thing, or is it holism?) quite relevant. </div><div><br></div><div>That being said I also think it is important to remain as focus and concrete as possible, which I do not think is incompatible with being holistic. Certainly, the Californian CPA will provide, on a theoretical and practical level, an interesting comparative perspective, contrasting with the GDPR. </div><div><br></div><div>I suppose the most rational and straightforward path here is that ICANN (org and comm) should hold itself to the highest of standards, in case anyone else besides the EU and California would have the idea to follow up with further developments of data protection law...</div><div><br></div><div>Best, </div></div><div class="gmail_extra"><br><div class="gmail_quote">On 5 July 2018 at 17:41, Collin Kurre <span dir="ltr"><<a href="mailto:collin@article19.org" target="_blank">collin@article19.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>Dear colleagues,</div><div><br></div><div>You might be interested to hear that the California passed new data protection legislation last week, the 2018 Consumer Privacy Act. For those interested, the International Association of Privacy Professionals (IAPP) has produced a comprehensive overview of the new law: <a href="https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/" target="_blank">https://iapp.org/news/a/<wbr>analysis-the-california-<wbr>consumer-privacy-act-of-2018/</a> </div><div><span class="m_-5427024155238519717md"><p>I found the following excerpt from their analysis particularly relevant to ICANN:</p></span></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><span class="m_-5427024155238519717md"><p>"Some companies implemented many of their new privacy
protection measures worldwide in the hopes of being able to avoid
having to make further jurisdiction-specific updates for a while. The
passage of the California Consumer Privacy Act has now raised the
question as to whether these measures will be sufficient to the extent
they reach California residents with their GDPR-related compliance
measures. Unfortunately, the answer is largely, ‘No.’ </p><p><i>Global companies can and should try to address the requirements of
the California Consumer Privacy Act, EU GDPR and other privacy regimes simultaneously and holistically in the interest of efficiency</i>.” </p></span></div></blockquote><div><div>The <a href="https://www.icann.org/resources/pages/governance/bylaws-en" target="_blank">Human Rights Bylaw</a> (which will come into effect when the WS2 recommendations are approved, likely in Q4 of this year) states that ICANN should be guided by the core value of “respecting internationally recognized human rights as required by applicable law.” </div><div><br></div><div>The <a href="https://community.icann.org/display/WEIA/Documents?preview=/59641302/79437270/CCWG-Accountability-WS2-HumanRight-FinalReport-20171106%5B1%5D.pdf" target="_blank">HR FoI</a> recognizes that the notion of applicable law “is a dynamic concept inasmuch as laws, regulations, etcetera, change over time.” However, based on the GDPR experience, it seems like waiting for rights-related laws to become applicable may not be the best strategy in the long run. </div><div><br></div><div>Once the bylaw comes into effect, ICANN org and each SO and AC will be required to develop policies and frameworks to take human rights into account and avoid human rights violations in policy-development and decision-making processes. Some have perceived this as an additional administrative burden, though it’s hard to contest the bylaw's relevance given the amount of time the community has spent discussing access, accreditation, EPDPs, and other topics spawned by GDPR, a piece of privacy — and therefore human rights-related — legislation.</div><div><br></div><div>I therefore see <b>strategic potential in developing new compliance mechanisms for the human rights bylaw.</b> Just as corporate human rights impact assessments serve to identify gaps and mitigate risks, multistakeholder ICANN HRIAs should be devised and incorporated to promote more holistic, efficient, and proactive self-governance.</div><div><br></div><div>Thoughts and comments are certainly welcome! And as a reminder, you can find a few resources on related work on the ICANN Human Rights website, here: <a href="https://icannhumanrights.net/documents/" target="_blank">https://<wbr>icannhumanrights.net/<wbr>documents/</a> </div><div><br></div><div><br class="m_-5427024155238519717webkit-block-placeholder"></div><div>Warm regards,</div><div>Collin</div><div>
<div style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div><div><br class="m_-5427024155238519717Apple-interchange-newline">--</div>Collin Kurre<br><div>ARTICLE 19</div></div><div><br></div></div><br class="m_-5427024155238519717Apple-interchange-newline" style="color:rgb(0,0,0);font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br class="m_-5427024155238519717Apple-interchange-newline">
</div>
<br></div></div><br>______________________________<wbr>_________________<br>
cc-humanrights mailing list<br>
<a href="mailto:cc-humanrights@icann.org">cc-humanrights@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/cc-humanrights" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/cc-humanrights</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr">Raphaël Beauregard-Lacroix<div><a href="https://www.linkedin.com/in/rapha%C3%ABl-beauregard-lacroix-88733786/" style="font-size:12.8px" target="_blank">LinkedIn</a><span style="font-size:12.8px"> - </span><a href="https://twitter.com/rbl0112" style="font-size:12.8px" target="_blank">@rbl0012</a></div></div></div></div></div></div></div></div></div>
</div>