
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hi Margie,</p>

    <p>this is not quite what I meant. I proposed reframing it in the

      affirmative in a clearly described circumstance:</p>

    <p><b><span style="font-size:12.0pt;color:black">Updated Question 11</span></b><span

        style="font-size:12.0pt;color:black">: Can legal counsel be

        consulted to determine whether in [completely defined Scenario

        X] a fast automated, and non-rate limited responses (as

        described in SSAC 101) to nonpublic WHOIS data </span><span

        style="color:black">f</span><span

        style="font-size:12.0pt;color:black">or properly credentialed

        security practitioners (as defined in SSAC 101), who have agreed

        on appropriate safeguards would be permissable under the GDRP

        and not cause any liability in data controllers/processors with

        regard to unrightful disclosures? Or would any automated

        disclosure carry a potential for liability of the disclosing

        party? Can counsel provide examples of safeguards (such as

        pseudonymization/anonymization) that should be considered? <br>

      </span></p>

    <p><span style="font-size:12.0pt;color:black">Best,</span></p>

    <p><span style="font-size:12.0pt;color:black">Volker<br>

      </span></p>

    <div class="moz-cite-prefix">Am 09.08.2019 um 18:55 schrieb Margie

      Milam:<br>

    </div>

    <blockquote type="cite"

      cite="mid:8446889F-6C0B-441F-A6CC-93FBF6B6CD18@fb.com">

      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

      <meta name="Generator" content="Microsoft Word 15 (filtered

        medium)">

      <style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:#954F72;

        text-decoration:underline;}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

span.apple-converted-space

        {mso-style-name:apple-converted-space;}

span.EmailStyle19

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style>

      <div class="WordSection1">

        <p class="MsoNormal"

style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><span

            style="font-size:12.0pt;color:black">Hi-<o:p></o:p></span></p>

        <p class="MsoNormal"

style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><span

            style="font-size:12.0pt;color:black">Following up on the

            action items from Tuesday’s call -  I added the use case we

            discussed on yesterday’s call to Question 11.<o:p></o:p></span></p>

        <p class="MsoNormal"

style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><b><span

              style="font-size:12.0pt;color:black"><o:p> </o:p></span></b></p>

        <p class="MsoNormal"

style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><b><span

              style="font-size:12.0pt;color:black">Updated Question 11</span></b><span

            style="font-size:12.0pt;color:black">: Can legal counsel be

            consulted to determine whether GDPR prevents fast automated,

            and non-rate limited responses (as described in SSAC 101) to

            nonpublic WHOIS data <span

              style="background:yellow;mso-highlight:yellow">with

              regards to the SSAC use case (</span></span><span

            style="color:black;background:yellow;mso-highlight:yellow">Overarching

            Purpose: Crime and abuse investigation by non-law

            enforcement parties)</span><span style="color:black"> f</span><span

            style="font-size:12.0pt;color:black">or properly

            credentialed security practitioners (as defined in SSAC

            101), who have agreed on appropriate safeguards?  If such

            access is not prohibited, can counsel provide examples of

            safeguards (such as pseudonymization) that should be

            considered? (BC)</span><b><span style="color:black"><o:p></o:p></span></b></p>

        <p class="MsoNormal" style="margin-left:255.0pt"><span

            style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>

        <p class="MsoNormal">All the best,<o:p></o:p></p>

        <p class="MsoNormal"><o:p> </o:p></p>

        <p class="MsoNormal">Margie<o:p></o:p></p>

        <p class="MsoNormal"><o:p> </o:p></p>

        <div style="border:none;border-top:solid #B5C4DF

          1.0pt;padding:3.0pt 0in 0in 0in">

          <p class="MsoNormal"><b><span

                style="font-size:12.0pt;color:black">From: </span></b><span

              style="font-size:12.0pt;color:black">Gnso-epdp-legal

              <a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-legal-bounces@icann.org"><gnso-epdp-legal-bounces@icann.org></a> on behalf of

              Caitlin Tubergen <a class="moz-txt-link-rfc2396E" href="mailto:caitlin.tubergen@icann.org"><caitlin.tubergen@icann.org></a><br>

              <b>Date: </b>Tuesday, August 6, 2019 at 11:07 AM<br>

              <b>To: </b><a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-legal@icann.org">"gnso-epdp-legal@icann.org"</a>

              <a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-legal@icann.org"><gnso-epdp-legal@icann.org></a><br>

              <b>Subject: </b>[Gnso-epdp-legal] Notes and action items

              - EPDP Phase 2 Legal Committee Meeting #3<o:p></o:p></span></p>

        </div>

        <div>

          <p class="MsoNormal"><o:p> </o:p></p>

        </div>

        <p class="MsoNormal" style="margin-left:255.0pt;caret-color:

          rgb(0, 0, 0);font-variant-caps: normal;orphans:

          auto;text-align:start;widows: auto;-webkit-text-size-adjust:

          auto;-webkit-text-stroke-width: 0px;word-spacing:0px">

          <b><span style="font-size:12.0pt;color:black">Updated Question<span

                class="apple-converted-space"> </span>11</span></b><span

            style="font-size:12.0pt;color:black">: Can legal counsel be

            consulted to determine whether GDPR prevents fast automated,

            and non-rate limited responses (as described in SSAC 101) to

            nonpublic WHOIS data for properly credentialed security

            practitioners (as defined in SSAC 101), who have agreed on

            appropriate safeguards?  If such access is not prohibited,

            can counsel provide examples of safeguards (such as

            pseudonymization) that should be considered? (BC)<o:p></o:p></span></p>

        <p class="MsoNormal" style="margin-left:255.0pt;caret-color:

          rgb(0, 0, 0);font-variant-caps: normal;orphans:

          auto;text-align:start;widows: auto;-webkit-text-size-adjust:

          auto;-webkit-text-stroke-width: 0px;word-spacing:0px">

          <span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Gnso-epdp-legal mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-legal@icann.org">Gnso-epdp-legal@icann.org</a>

<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-legal">https://mm.icann.org/mailman/listinfo/gnso-epdp-legal</a>

_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>

    </blockquote>

    <div class="moz-signature">-- <br>

      Volker A. Greimann<br>

      General Counsel and Policy Manager<br>

      <strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>

      <br>

      T: +49 6894 9396901<br>

      M: +49 6894 9396851<br>

      F: +49 6894 9396851<br>

      W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>

      <br>

      Key-Systems GmbH is a company registered at the local court of

      Saarbruecken, Germany with the registration no. HR B 18835<br>

      CEO: Alexander Siffrin<br>

      <br>

      Part of the CentralNic Group PLC (LON: CNIC) a company registered

      in England and Wales with company number 8576358.</div>

  </body>

</html>