<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Ayden has summarized
my worries rather well. I have no doubt that a suit against
myself for not protecting the individuals' rights would
ultimately fail, but if (as has been whispered lately) various
parties are going to try suing for what they term
over-compliance, for "making WHOIS go dark", then those of us
who are volunteers acting in good faith could be sued and not
be seen to be acting in ICANN's best interest. Then all bets
are off. What we need is an explicit recognition, that those
who are working diligently in a multi-stakeholder fashion,
will be protected in the event of liability. Staff are
protected, Board members are protected, but those of us who
are volunteers are not explicitly protected, in my view. I
have, for instance, been saying that ICANN is a data
controller for the past five years. Some parties in ICANN
might not believe that this position is in ICANN's best
interest, but it is a sound interpretation of the law and
recognizing that fact appears in my view and in the view of
privacy scholars I could muster, (and risk managers, for that
matter) a very responsible position to take. Noting how
tempers are fraying lately, I think this question regarding
this particular language "</font></font><font size="+1"><font
face="Lucida Grande"><span class="highlight"
style="background-color:rgba(255, 255, 255, 0)">provided
that the indemnified person's acts were done in good faith
and in a manner that the indemnified person reasonably
believed to be in ICANN's best interests and not criminal" </span>is
a valid concern. This is of course of particular concern for
those of us in civil society who embrace unpopular views, and
are not being paid or backed by a company whose interests we
are advancing at ICANN.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Kind regards</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Stephanie Perrin</font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-05-05 10:14, Ayden Férdeline
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:Dv9m2zFvAS9fe7Qe_4Me0kzz58aZhvrTmLFRwMFc6gOeviHoUFPW8eNzUbgMhftDDRL8GlLd8ochfTNwQyDsyado2Y2jJXakSZzddg6o1l8=@ferdeline.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>Thanks, Marika-<br>
</div>
<div><br>
</div>
<div>At first glance this extract from the Bylaws does appear
relevant, although the language around what could constitute
"ICANN's best interests" is very much open to interpretation.<br>
</div>
<div><br>
</div>
<div> I have also observed a <a
href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en"
target="_blank"
title="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en"
rel="nofollow" moz-do-not-send="true">new FAQ</a> on the
website of the European Commission, which in response to the
question, "What should I do if I think that my personal data
protection rights haven’t been respected?" advises three
options, one of which is: "Take legal action against the company
or organisation. File an action directly in court against a
company/organisation if you believe that it has violated your
data protection rights. This doesn’t stop you lodging a
complaint with the national DPA if you so wish." <br>
</div>
<div><br>
</div>
<div>From what I remember - and I am going off of my memory here,
as the question that Stephanie asked in Abu Dhabi is absent from
the meeting transcripts that I reviewed - Stephanie thought we
in the community might not be protected under the GDPR from
civil litigation by a contracted party negatively impacted by a
policy we recommend or a data subject whose privacy rights are
not respected. If we launch an EPDP and rapidly develop
something which ultimately does not adhere to the letter of the
GDPR (which is very plausible, given ICANN's policies for 18
years now have not adhered to European data protection law),
could those in the community who participate in the EPDP be held
liable in some way? I would like a firm commitment from ICANN as
to what constitutes "ICANN's best interests" - I presume
advocating for compliance with the law would be seen as acting
in good faith, but a clarification would be appreciated...<br>
</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>Best wishes,</div>
<div><br>
</div>
<div class="protonmail_signature_block">
<div class="protonmail_signature_block-user">
<div>Ayden Férdeline <br>
</div>
</div>
<div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br>
</div>
</div>
<div><br>
</div>
<div>‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐<br>
</div>
<div> On 30 April 2018 4:18 AM, Marika Konings
<a class="moz-txt-link-rfc2396E" href="mailto:marika.konings@icann.org"><marika.konings@icann.org></a> wrote:<br>
</div>
<div> <br>
</div>
<blockquote class="protonmail_quote" type="cite">
<div><br>
</div>
<div>Ayden, the following provision of the ICANN Bylaws will
hopefully address your concern: <br>
</div>
<div><br>
</div>
<div>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><b
style="background-color: rgba(255, 255, 255, 0);">ARTICLE
20 <a name="_Toc451769378" moz-do-not-send="true"></a><a
name="_Ref444611460" moz-do-not-send="true"></a>INDEMNIFICATION
OF DIRECTORS, OFFICERS, EMPLOYEES, AND OTHER AGENTS</b><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="colour" style="color:#000000"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)"><a name="_Ref444447456" moz-do-not-send="true"></a><b>Section
20.1. INDEMNIFICATION GENERALLY</b></span></span><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)">ICANN shall, to the maximum extent permitted by
the CCC, indemnify each of its agents against expenses,
judgments, fines, settlements, and other amounts actually
and reasonably incurred in connection with any proceeding
arising by reason of the fact that any such person is or
was an agent of ICANN, provided that the indemnified
person's acts were done in good faith and in a manner that
the indemnified person reasonably believed to be
in ICANN's best interests and not criminal. For purposes
of this <u>Article 20</u>, an "agent" of ICANN includes
any person who is or was a Director, Officer, employee, or
any other agent of ICANN (including a member of the EC,
the EC Administration, any Supporting Organization,
any Advisory Committee, the Nominating Committee, any
other ICANN committee, or the Technical Liaison Group)
acting within the scope of his or her responsibility; or
is or was serving at the request of ICANN as a Director,
Officer, employee, or agent of another corporation,
partnership, joint venture, trust, or other enterprise.
The Board may adopt a resolution authorizing the purchase
and maintenance of insurance on behalf of any agent
of ICANN against any liability asserted against or
incurred by the agent in such capacity or arising out of
the agent's status as such, whether or not ICANN would
have the power to indemnify the agent against that
liability under the provisions of this <u>Article 20</u>.</span><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)"></span><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)">Best regards,</span><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)"></span><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)">Marika</span><br>
</p>
<p style="margin: 0in 0in 0.0001pt;" class="MsoNormal"><span
class="highlight" style="background-color:rgba(255, 255,
255, 0)"></span><br>
</p>
<div>On 29 Apr 2018, at 07:44, Ayden Férdeline <<a
href="mailto:icann@ferdeline.com" moz-do-not-send="true">icann@ferdeline.com</a>>
wrote:<br>
</div>
<div> <br>
</div>
</div>
<blockquote type="cite">
<div>
<div>Thanks, Martín-<br>
</div>
<div><br>
</div>
<div>However I would like to receive a similar confirmation
from ICANN's General Counsel that, in the event of civil
litigation against ICANN under, say, the GDPR, ICANN will
defend community members and not just directors and staff.<br>
</div>
<div><br>
</div>
<div>I am not a lawyer; I'm not sure whether this is a
reassurance we should receive from ICANN org, or whether
we should be obtaining this from our own, independent
counsel, but I think this is something that we do need to
receive advice on.<br>
</div>
<div><br>
</div>
<div>If we are about to embark, potentially, on an Expedited
PDP, where the community will be under a tight time crunch
to develop a policy that could well result in legal action
(from potentially a wide range of unsatisfied
stakeholders!), I think we in the community need
assurances that we are not absorbing any personal
liability in participating in the EPDP.<br>
</div>
<div><br>
</div>
<div>Best wishes,<br>
</div>
<div><br>
</div>
<div>Ayden<br>
</div>
<div class="protonmail_signature_block">
<div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br>
</div>
</div>
<div><br>
</div>
<div>‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐<br>
</div>
<div>On 28 April 2018 7:54 PM, Martin Pablo Silva Valent
<<a href="mailto:mpsilvavalent@gmail.com"
moz-do-not-send="true">mpsilvavalent@gmail.com</a>>
wrote:<br>
</div>
<div><br>
</div>
<blockquote class="protonmail_quote" type="cite">
<div dir="auto">
<div>Ayden, at least from my perspective as lawyer,
there is no reason to bealive there could be such
liability, ever. Not in this PDP nor any others. We
the policy making members are not to worry about that.<br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Cheers,<br>
</div>
<div dir="auto">Martín Silva<br>
</div>
</div>
<div><br>
</div>
<div class="gmail_quote">
<div dir="ltr">On Sat, Apr 28, 2018, 11:40 AM Ayden
Férdeline <<a href="mailto:icann@ferdeline.com"
moz-do-not-send="true">icann@ferdeline.com</a>>
wrote:<br>
</div>
<blockquote style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex" class="gmail_quote">
<div>Dear all,<br>
</div>
<div><br>
</div>
<div>As we enter into discussions around next steps
re: RDS/GDPR and entertain the possibility of an
Expedited PDP, I wanted to re-raise a question that
Stephanie Perrin asked in Abu Dhabi, and to ask
whether or not a response to it was received. And if
the answer is we did not receive a response, I think
it is important we obtain one urgently. If, in order
to receive a response, we must put this question on
Council letterhead and submit it as a formal piece
of correspondence, I would like to suggest that we
do so.<br>
</div>
<div><br>
</div>
<div>In Abu Dhabi, Stephanie asked the CEO whether
community members who participate in Policy
Development Processes could be held liable in the
event of civil litigation following on from the
policies which we develop. She noted that board
members, as directors, and employees, as agents of
ICANN, have immunity, but wanted to know if ICANN
was absorbing this liability too for the community
members who participate in the activities of the
multistakeholder community. She said we need
protection too. <br>
</div>
<div><br>
</div>
<div>I would like to be able to pull out a transcript
and to quote Stephanie directly, however I have
reviewed many of them today and cannot find her
question in there. However, I do distinctly remember
it being asked and a follow-up question coming from
another member of the Council. Maybe I missed it in
the transcripts; if so, I would appreciate if
someone could please link to this transcript and
provide the page number. Thanks!<br>
</div>
<div><br>
</div>
<div>Best wishes,<br>
</div>
<div><br>
</div>
<div>Ayden Férdeline<br>
</div>
<div>_______________________________________________<br>
</div>
<div>council mailing list<br>
</div>
<div><a rel="noreferrer" target="_blank"
href="mailto:council@gnso.icann.org"
moz-do-not-send="true">council@gnso.icann.org</a><br>
</div>
<div><a target="_blank" rel="noreferrer noreferrer"
href="https://mm.icann.org/mailman/listinfo/council"
moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/council</a><br>
</div>
</blockquote>
</div>
</blockquote>
<div><br>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div>
<div><span>_______________________________________________</span><br>
</div>
<div> <span>council mailing list</span><br>
</div>
<div> <span><a href="mailto:council@gnso.icann.org"
moz-do-not-send="true">council@gnso.icann.org</a></span><br>
</div>
<div> <span><a
href="https://mm.icann.org/mailman/listinfo/council"
moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/council</a></span><br>
</div>
</div>
</blockquote>
</blockquote>
<div><br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
council mailing list
<a class="moz-txt-link-abbreviated" href="mailto:council@gnso.icann.org">council@gnso.icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/council">https://mm.icann.org/mailman/listinfo/council</a>
</pre>
</blockquote>
</body>
</html>