<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Margie,</p>
<p>this is not quite what I meant. I proposed reframing it in the
affirmative in a clearly described circumstance:</p>
<p><b><span style="font-size:12.0pt;color:black">Updated Question 11</span></b><span
style="font-size:12.0pt;color:black">: Can legal counsel be
consulted to determine whether in [completely defined Scenario
X] a fast automated, and non-rate limited responses (as
described in SSAC 101) to nonpublic WHOIS data </span><span
style="color:black">f</span><span
style="font-size:12.0pt;color:black">or properly credentialed
security practitioners (as defined in SSAC 101), who have agreed
on appropriate safeguards would be permissable under the GDRP
and not cause any liability in data controllers/processors with
regard to unrightful disclosures? Or would any automated
disclosure carry a potential for liability of the disclosing
party? Can counsel provide examples of safeguards (such as
pseudonymization/anonymization) that should be considered? <br>
</span></p>
<p><span style="font-size:12.0pt;color:black">Best,</span></p>
<p><span style="font-size:12.0pt;color:black">Volker<br>
</span></p>
<div class="moz-cite-prefix">Am 09.08.2019 um 18:55 schrieb Margie
Milam:<br>
</div>
<blockquote type="cite"
cite="mid:8446889F-6C0B-441F-A6CC-93FBF6B6CD18@fb.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><span
style="font-size:12.0pt;color:black">Hi-<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><span
style="font-size:12.0pt;color:black">Following up on the
action items from Tuesday’s call - I added the use case we
discussed on yesterday’s call to Question 11.<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><b><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></b></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0in;margin-bottom:2.0pt;margin-left:0in"><b><span
style="font-size:12.0pt;color:black">Updated Question 11</span></b><span
style="font-size:12.0pt;color:black">: Can legal counsel be
consulted to determine whether GDPR prevents fast automated,
and non-rate limited responses (as described in SSAC 101) to
nonpublic WHOIS data <span
style="background:yellow;mso-highlight:yellow">with
regards to the SSAC use case (</span></span><span
style="color:black;background:yellow;mso-highlight:yellow">Overarching
Purpose: Crime and abuse investigation by non-law
enforcement parties)</span><span style="color:black"> f</span><span
style="font-size:12.0pt;color:black">or properly
credentialed security practitioners (as defined in SSAC
101), who have agreed on appropriate safeguards? If such
access is not prohibited, can counsel provide examples of
safeguards (such as pseudonymization) that should be
considered? (BC)</span><b><span style="color:black"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin-left:255.0pt"><span
style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal">All the best,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Margie<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:black">From: </span></b><span
style="font-size:12.0pt;color:black">Gnso-epdp-legal
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-legal-bounces@icann.org"><gnso-epdp-legal-bounces@icann.org></a> on behalf of
Caitlin Tubergen <a class="moz-txt-link-rfc2396E" href="mailto:caitlin.tubergen@icann.org"><caitlin.tubergen@icann.org></a><br>
<b>Date: </b>Tuesday, August 6, 2019 at 11:07 AM<br>
<b>To: </b><a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-legal@icann.org">"gnso-epdp-legal@icann.org"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-legal@icann.org"><gnso-epdp-legal@icann.org></a><br>
<b>Subject: </b>[Gnso-epdp-legal] Notes and action items
- EPDP Phase 2 Legal Committee Meeting #3<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal" style="margin-left:255.0pt;caret-color:
rgb(0, 0, 0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<b><span style="font-size:12.0pt;color:black">Updated Question<span
class="apple-converted-space"> </span>11</span></b><span
style="font-size:12.0pt;color:black">: Can legal counsel be
consulted to determine whether GDPR prevents fast automated,
and non-rate limited responses (as described in SSAC 101) to
nonpublic WHOIS data for properly credentialed security
practitioners (as defined in SSAC 101), who have agreed on
appropriate safeguards? If such access is not prohibited,
can counsel provide examples of safeguards (such as
pseudonymization) that should be considered? (BC)<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:255.0pt;caret-color:
rgb(0, 0, 0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-legal mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-legal@icann.org">Gnso-epdp-legal@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-legal">https://mm.icann.org/mailman/listinfo/gnso-epdp-legal</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>