<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
{mso-style-priority:99;
mso-style-link:"Fußnotentext Zchn";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
mso-add-space:auto;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.FunotentextZchn
{mso-style-name:"Fußnotentext Zchn";
mso-style-priority:99;
mso-style-link:Fußnotentext;
font-family:"Calibri",sans-serif;}
span.FootnoteTextChar
{mso-style-name:"Footnote Text Char";
mso-style-priority:99;
mso-style-link:"Footnote Text";
font-family:"Calibri",sans-serif;}
p.FootnoteText, li.FootnoteText, div.FootnoteText
{mso-style-name:"Footnote Text";
mso-style-link:"Footnote Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
span.E-MailFormatvorlage23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.E-MailFormatvorlage25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:10567286;
mso-list-template-ids:-941831928;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:163862009;
mso-list-template-ids:-274068732;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:355161539;
mso-list-template-ids:447755236;}
@list l2:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-text:"%2\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level3
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level4
{mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l2:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3
{mso-list-id:583146561;
mso-list-template-ids:899343574;}
@list l3:level1
{mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-weight:bold;
mso-bidi-font-weight:bold;}
@list l3:level2
{mso-level-number-format:alpha-lower;
mso-level-text:"%2\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:73.0pt;
text-indent:-19.0pt;}
@list l3:level3
{mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level4
{mso-level-text:"\(%4\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level5
{mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level6
{mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level7
{mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level8
{mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l3:level9
{mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l4
{mso-list-id:777717004;
mso-list-type:hybrid;
mso-list-template-ids:1187794470 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:72.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:108.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:144.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:180.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:216.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:252.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:288.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:324.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:360.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l5
{mso-list-id:797800939;
mso-list-type:hybrid;
mso-list-template-ids:99092266 -655824862 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l6
{mso-list-id:1396203690;
mso-list-template-ids:1167374274;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l6:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7
{mso-list-id:1620255252;
mso-list-template-ids:602695500;}
@list l7:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l7:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Hi all,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>let me quote a bit more from SSAC 101:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>***<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>3 Uses of Domain Registration Data for Security and Stability Purposes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Access to domain name registration records is vital for a variety of legitimate uses. Specifically, TLD RDDS are critical for the stability and security of the Internet because they allow for the identification and mitigation of malicious activity, and the correction of problems that negatively affect services and users online. Such uses related to security and stability include but are not limited to: <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● investigation of cybercrime and fraud, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● mitigation of DNS abuse, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● detection and correction of technical problems and security breaches related to domain names, name servers, and the services that depend upon them, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● maintenance of protective systems, such as Reputation Block Lists (RBLs) and domain reputation scoring mechanisms to combat spam and other threats, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● awarding digital certificates, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● ensuring the deliverability of valid email, and <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>● research on topics such as DNS traffic, botnets, distributed denial of service (DDoS) attacks, and Internet adoption and use. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>We use the term "security practitioners" to designate those who have a responsibility to perform the above types of functions. These include network operators; those running commercially available products and services; registry operators who run anti-abuse programs in their TLDs; law enforcement personnel and other investigators; and academic researchers.</span><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>***<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>This definition of security practitioners is very broad, particularly with the “including, but not limited” language. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>I understand the intention of SSAC 101, but can someone help me understand what the limitation of the definition is? Who does not qualify as a security practitioner if you can simply state you are researching let’s say Internet use (last bullet point) or mention something that is not on the list? <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Is there another SSAC document narrowing this down or adding criteria?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Thanks and sorry if I have missed something.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Best,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'>Thomas<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:11.0pt'>Von:</span></b><span style='font-size:11.0pt'> Gnso-epdp-legal <gnso-epdp-legal-bounces@icann.org> <b>Im Auftrag von </b>Margie Milam<br><b>Gesendet:</b> Dienstag, 20. </span><span lang=EN-US style='font-size:11.0pt'>August 2019 20:21<br><b>An:</b> Caitlin Tubergen <caitlin.tubergen@icann.org>; gnso-epdp-legal@icann.org<br><b>Betreff:</b> Re: [Gnso-epdp-legal] Notes and action items from EPDP Phase 2 Legal Committee Meeting #4 - 20 August 2019<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>Per my homework below- here is the footnote I suggest:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>SSAC defines “security practitioners” in SSAC 101 as those who have a responsibility to perform specific types of functions (as specified in Section 3) related to the identification and mitigation of malicious activity, and the correction of problems that negatively affect services and users online. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>All the best,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>Margie<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='color:black'>From: </span></b><span lang=EN-US style='color:black'>Gnso-epdp-legal <</span><a href="mailto:gnso-epdp-legal-bounces@icann.org"><span lang=EN-US>gnso-epdp-legal-bounces@icann.org</span></a><span lang=EN-US style='color:black'>> on behalf of Caitlin Tubergen <</span><a href="mailto:caitlin.tubergen@icann.org"><span lang=EN-US>caitlin.tubergen@icann.org</span></a><span lang=EN-US style='color:black'>><br><b>Date: </b>Tuesday, August 20, 2019 at 9:24 AM<br><b>To: </b>"</span><a href="mailto:gnso-epdp-legal@icann.org"><span lang=EN-US>gnso-epdp-legal@icann.org</span></a><span lang=EN-US style='color:black'>" <</span><a href="mailto:gnso-epdp-legal@icann.org"><span lang=EN-US>gnso-epdp-legal@icann.org</span></a><span lang=EN-US style='color:black'>><br><b>Subject: </b>[Gnso-epdp-legal] Notes and action items from EPDP Phase 2 Legal Committee Meeting #4 - 20 August 2019<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-US>Dear EPDP Phase 2 Legal Committee,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Below, please find the notes and action items from today’s call.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>As a reminder, the next EPDP Phase 2 Legal Committee meeting will be <b>Tuesday, 27 August at 14:00 UTC</b>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Thank you.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><br>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Marika, Berry, and Caitlin<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.5pt;color:black'>--</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.5pt;color:black'> </span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><b><span lang=EN-US>EPDP Phase 2 Legal Committee Meeting #4</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><b><span lang=EN-US>Tuesday, 20 August 14:00 UTC</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><b><u><span lang=EN-US>Action Items</span></u></b><span lang=EN-US><o:p></o:p></span></p><ol style='margin-top:0cm' start=1 type=1><li class=MsoListParagraphCxSpFirst style='margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-list:l2 level1 lfo1'><span lang=EN-US style='color:black'>Brian to clarify the language regarding “opt out” in the second bullet point of Question 2/5.</span><span lang=EN-US><o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l2 level1 lfo1'><span lang=EN-US>Brian and Thomas to review Question 2/5, taking into account today’s conversation, and propose new language and distribute to the Team in advance of the next Legal Committee call on Tuesday, 27 September. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l2 level1 lfo1'><span lang=EN-US>Thomas to submit additional language for Question 4 with respect to whether 6(1)(f) can be deployed by non-European authorities or public authorities in the disclosure of data to them. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-list:l2 level1 lfo1'><span lang=EN-US style='color:black'>Support Staff to add the safeguard bullet points from Q2/5 to Q9 and submit this to the legal list for final review by the group off-line.</span><span lang=EN-US><o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-list:l2 level1 lfo1'><span lang=EN-US style='color:black'>Margie to add a footnote to question 11, regarding SSAC-defined security practitioners. Following Margie’s addition to question 11, Support Staff to add the bullets from Q2/5 to Q11 and submit this to the Legal list for final review by the group off-line. </span><span lang=EN-US><o:p></o:p></span></li><li class=MsoListParagraphCxSpLast style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l2 level1 lfo1'><span lang=EN-US>Support Staff to build the first batch of questions to be submitted to the EPDP Team for final sign-off. <o:p></o:p></span></li></ol><p class=MsoNormal><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><u><span lang=EN-US style='color:black'>Notes</span></u></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraphCxSpFirst style='margin-bottom:12.0pt;mso-add-space:auto'><span lang=EN-US> <o:p></o:p></span></p><ol style='margin-top:0cm' start=1 type=1><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-list:l3 level1 lfo2'><b><span lang=EN-US>Roll Call & SOI Updates </span></b><span lang=EN-US><o:p></o:p></span></li><li class=MsoListParagraphCxSpLast style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l3 level1 lfo2'><b><span lang=EN-US>Continued Substantive Review of Priority 1 (SSAD) Legal Questions Submitted to Date</span></b><span lang=EN-US><o:p></o:p></span></li></ol><p class=MsoNormal><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraphCxSpFirst style='margin-left:73.0pt;mso-add-space:auto;text-indent:-19.0pt;mso-list:l3 level2 lfo2'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>a)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US style='color:black'>Substantive review of SSAD questions (beginning where LC left off last week)</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraphCxSpMiddle style='margin-left:73.0pt;mso-add-space:auto'><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpLast style='color:black;margin-bottom:12.0pt;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l4 level1 lfo3'><b><span lang=EN-US>Updated Merged Questions 2 and 5</span></b><span lang=EN-US>: LC to continue reviewing the updated text and suggest changes (if any) in advance of the next LC meeting on Tuesday, 20 August 2019. LC to be prepared to discuss the text and proposed updates during next LC call.<o:p></o:p></span></li></ul><p class=MsoNormal style='margin-left:72.0pt'><b><i><span lang=EN-US style='color:black'>Updated Merged Questions 2 and 5</span></i></b><i><span lang=EN-US style='color:black'>: Consider a System for Standardized Access/Disclosure where contracted parties “CPs” are required to disclose personal data over RDAP to requestors either directly or through an intermediary request accreditation/authorization body. Assuming the following safeguards are in place, what risk, if any, would the CP face for the processing activity of disclosure in this context? If any risk exists, what improved or additional safeguards would eliminate</span></i><a name="_ftnref1"></a><a href="applewebdata://DC36EABD-CD08-4C99-90BB-7C993390CFCA#_ftn1"><span style='mso-bookmark:_ftnref1'><i><sup><span lang=EN-US style='color:#954F72'>[1]</span></sup></i></span><span style='mso-bookmark:_ftnref1'></span></a><span style='mso-bookmark:_ftnref1'></span><i><span lang=EN-US style='color:black'> this risk. In this scenario, would the CP be a controller or a processor</span></i><a name="_ftnref2"></a><a href="applewebdata://DC36EABD-CD08-4C99-90BB-7C993390CFCA#_ftn2"><span style='mso-bookmark:_ftnref2'><i><sup><span lang=EN-US style='color:#954F72'>[2]</span></sup></i></span><span style='mso-bookmark:_ftnref2'></span></a><span style='mso-bookmark:_ftnref2'></span><i><span lang=EN-US style='color:black'>, and to what extent, if at all, is the CP’s liability impacted by this controller/processor distinction? </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:91.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l6 level1 lfo4'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>Disclosure is required under CP’s contract with ICANN (resulting from Phase 2 EPDP policy).</span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;mso-line-height-alt:11.65pt'><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:91.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l1 level1 lfo5'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>CP’s contract with ICANN requires CP to notify the data subject of the purposes for which, and types of entities by which, personal data may be processed. CP is required to notify data subject of this with the opportunity to opt out before the data subject enters into the registration agreement with the CP, and again annually via the ICANN-required registration data accuracy reminder. CP has done so. </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;mso-line-height-alt:11.65pt'><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:91.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l0 level1 lfo6'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>ICANN or its designee has validated the requestor’s identity, and required that the requestor: </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:127.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l0 level2 lfo6'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>represents that it has a lawful basis for requesting and processing the data, </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:127.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l0 level2 lfo6'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>provides its lawful basis,</span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:127.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l0 level2 lfo6'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>represents that it is requesting only the data necessary for its purpose, </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:127.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l0 level2 lfo6'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>agrees to process the data in accordance with GDPR, and </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:127.0pt;text-indent:-18.0pt;mso-line-height-alt:11.65pt;mso-list:l0 level2 lfo6'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>agrees to standard contractual clauses for the data transfer. </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;mso-line-height-alt:11.65pt'><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:91.0pt;text-indent:-18.0pt;mso-list:l7 level1 lfo7'><![if !supportLists]><span lang=EN-US style='font-size:10.0pt;font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US>ICANN or its designee logs requests for non-public registration data, regularly audits these logs, takes compliance action against suspected abuse, and makes these logs available upon request by the data subject.</span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;mso-line-height-alt:11.65pt'><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt;mso-line-height-alt:11.65pt'><b><span lang=EN-US style='color:black'>Notes from Call</span></b><span lang=EN-US style='color:black'>: </span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpFirst style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>The intent of the safeguards list was to be extensive but not exhaustive. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>The detailed background on the safeguards is helpful. It may be helpful to add Question 9 to this question. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>It may be helpful to add the bullets to the last version Question 9. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Action item: Support Staff to add the bullets from Question 2/5 to the end of Question 9.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Safeguards is a loaded term – there are legal safeguards, procedural safeguards, and IT safeguards. Not sure how the terms safeguards is used in the GDPR – should the safeguards be desegregated in this way?<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>The safeguards list is not meant to be comprehensive, but rather, to provide background to outside counsel. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>The question was designed to include legal safeguards and procedural safeguards. Technical safeguards were purposely omitted from this list as technical safeguards would likely require a lot of work on every contracted party. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>With respect to the second bullet regarding “opt out” – could registrant opt out of having its data provided to law enforcement? What is this meant to mean?<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>The concept that was trying to be captured is that a registrant knows going into registering a domain name that data will be processed, so the registrant could choose to use P/P services or not register a domain name at all. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Proposed edit: If any risks exist, what safeguards could be implemented to mitigate this risk? <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Risk can never be eliminated but could be mitigated. If you ask for legal advice and ask for a laundry list of safeguards – what are we really asking here? Are we asking legal counsel to tell us what we have to do to mitigate the risk enough to remove liability? If that is the case, we need to sort the safeguards since legal counsel is unlikely to provide guidance on technical safeguards. Here, we are talking about processing that is quite vague, i.e., disclosure to a party. The registrant has no choice when a legal actor comes for data, but we do not what other use cases are relevant. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>What we are trying to ask here – under a scenario in which a standardized access/disclosure model is adopted, and safeguards are in place, what are the risks for contracted parties in this scenario? <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Objections to signing off this question and sending to the plenary for outside counsel? <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Suggest that the text should be clarified re: what opt out means (that a registrant knows going into registering a domain name that data may will be processed, so the registrant could choose to use P/P services or not register a domain name at all).<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Action: Brian to clarify the language regarding “opt out” in the second bullet of this question.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>What are we trying to get as an answer to this question? No lawyer in the world would be able to give you an answer that there is no risk if the criteria mentioned in the question are met. If the risk for the data subject stemming from certain processing activities is low, the measures are low for safeguard. If the risks are high, you have to take extraordinary measures to protect the data subject. Without spelling out concrete scenarios, it is unlikely we will get a positive response to this question.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Would it be best if instead of asking what the risk level outside counsel perceives under this scenario? <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Spell out what data is being requested and what safeguards are being used to protect the request – to see if the safeguards we are considering are correspondent to the risk.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>For the sake of brevity, assumed outside counsel would know some facts, like the type of data that would be in play. Does it make sense to take this back once more to think about what other facts and safeguards are appropriate to add to this question. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Adding data that is disclosed is helpful, but also discuss the grounds upon which the data is requested.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>Action item: Brian and Thomas to review this question again, taking into account today’s conversation and finetune the language.<o:p></o:p></span></li></ul><p class=MsoListParagraphCxSpMiddle style='margin-bottom:12.0pt;mso-add-space:auto;mso-line-height-alt:11.65pt'><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpLast style='color:black;mso-list:l4 level1 lfo3'><b><i><span lang=EN-US>Updated Question 4 </span></i></b><span lang=EN-US>(proposed by Brian and Volker)<i>: Under the GDPR, a data controller can disclose personal data to law enforcement of competent authority under Art 6 1 c GDPR provided the law enforcement authority has the legal authority to create a legal obligation under applicable law.</i><o:p></o:p></span></li></ul><p class=MsoNormal style='margin-left:91.0pt'><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><ol style='margin-top:0cm' start=6 type=1><ol style='margin-top:0cm' start=1 type=a><ol style='margin-top:0cm' start=1 type=a><li class=MsoListParagraphCxSpFirst style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l2 level3 lfo1'><i><span lang=EN-US>Can law enforcement agencies of other jurisdictions than the data controller/processor therefore not rely on Art 6 1 c GDPR as a legal basis for the data controller to disclose protected data? Under what circumstances could Art 6 1 c GDPR apply to the disclosure of data in such a context?</span></i><span lang=EN-US><o:p></o:p></span></li><li class=MsoListParagraphCxSpLast style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l2 level3 lfo1'><i><span lang=EN-US>Do other legal bases for disclosure exist, besides Art 6I f), that the data controller/processor can rely on for such "foreign" LEAs that lack power to legally compel the data controller/processor?</span></i><span lang=EN-US><o:p></o:p></span></li></ol></ol></ol><p class=MsoNormal><b><span lang=EN-US style='color:black'>Notes from Call:</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'> </span></b><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpFirst style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Propose adding one question on whether 6(1)(f) can be deployed at all by non-European authorities or public authorities in the disclosure of data to them at all. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Action: Thomas to submit additional language with respect to whether 6(1)(f) can be deployed by non-European authorities or public authorities in the disclosure of data to them. <o:p></o:p></span></li></ul><p class=MsoListParagraphCxSpMiddle style='margin-left:73.0pt;mso-add-space:auto'><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpMiddle style='color:black;mso-line-height-alt:11.65pt;mso-list:l4 level1 lfo3'><b><span lang=EN-US>Updated Question 9 </span></b><span lang=EN-US>(proposed by Margie): <i>Assuming that there is a policy that allows accredited parties to access non-public WHOIS data through an SSAD (and requires the accredited party to commit to certain reasonable safeguards similar to a code of conduct), is it legally permissible under Article 6(1)(f) to:</i><o:p></o:p></span></li></ul><p class=MsoListParagraphCxSpMiddle style='margin-left:90.0pt;mso-add-space:auto;text-indent:-18.0pt;mso-list:l4 level1 lfo3'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>define specific categories of requests from accredited parties (e.g. rapid response to a malware attack or contacting a non-responsive IP infringer), for which there can be automated submissions for non-public WHOIS data, without having to manually verify the qualifications of the accredited parties for each individual disclosure request, and/or</span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraphCxSpLast style='margin-left:90.0pt;mso-add-space:auto;text-indent:-18.0pt;mso-list:l4 level1 lfo3'><![if !supportLists]><span lang=EN-US style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><i><span lang=EN-US style='color:black'>enable automated disclosures of such data, without requiring a manual review by the controller or processor of each individual disclosure request.</span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:90.0pt;text-indent:3.0pt'><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:72.0pt'><i><span lang=EN-US style='color:black'>In addition, if it is not possible to automate any of these steps, please provide any guidance for how to perform the balancing test under Article 6(1)(f).</span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><i><span lang=EN-US style='color:black'> </span></i><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Notes from Call:</span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'> </span></b><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpFirst style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Propose adding a bullet under the first bullet – automatically conduct the balancing test under 6(1)(f)<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>How does this question differ from 2/5? Is this focused more on an automatic 6(1)(f) determination? Is this better as a direct piggyback question? This seems to rely on the same background information on questions 2/5.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Maybe make the first question focus on the legality of an accreditation system and the second question focusing on the types of requests being made <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>The difference b/w the two questions – the first one relates more to risk, but this question was written specifically to focus on automated and high-volume requests.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>If this scenario is permissible, it should be that this would be automated, otherwise the system could be intentionally slowing down. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>You can automate accreditation and authentication and decide reputationally that certain third parties can be trusted more than others, but not sure how you can meet the requirements of any data protection legislation. You have to look at the precise case – you cannot automate the question. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>We cannot create a system that is abuse-proof, and this is not something we can try to create or that the law requires.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>It is important to spell out the automation of the 6(1)(f) balancing test<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>There is no one-size-fits-all solution- what we are trying to find the solution for – can we have a pre-fabricated balancing test for certain scenarios? Is this is feasible, and how can it be operationalized? <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>There is value in keeping questions 2/5 separate from Question 9. After adding bullets from Q2/5, will this question be ready for the plenary? <o:p></o:p></span></li><li class=MsoListParagraphCxSpLast style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Action: Support staff to add the bullets from Q2/5 to Q9 and submit this to the Legal list for final review by the group off-line. <o:p></o:p></span></li></ul><p class=MsoNormal style='margin-left:72.0pt'><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraph style='mso-list:l4 level1 lfo3'><b><i><span lang=EN-US style='color:black'>Updated Question 11</span></i></b><span lang=EN-US style='color:black'> (proposed by Margie)<i>: Is it permissible under GDPR to provide fast, automated, and non-rate limited responses (as described in SSAC 101) to nonpublic WHOIS data for properly credentialed security practitioners (as defined in SSAC 101) <span style='background:yellow'>who are responsible for defense against e-crimes (including network operators, providers of online services, commercial security services, cyber-crime investigators) for use in investigations and mitigation activities to protect their network, information systems or services (as referenced in GDPR Recital 49)</span> and have agreed on appropriate safeguards? Or would any automated disclosure carry a potential for liability of the disclosing party, or the controllers or processors of such data? Can counsel provide examples of safeguards (such as pseudonymization/anonymization) that should be considered?</i></span><span lang=EN-US><o:p></o:p></span></li></ul><p class=MsoNormal><span lang=EN-US style='font-family:"Times New Roman",serif'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Notes from Call: </span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'> </span></b><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpFirst style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>The same safeguards included in Q2/5 should be repeated here.<o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>The description of who would be able to access this automated system is too broad – it could apply to anyone. This needs to be limited to specifically-defined circle of users that has to be tightly controlled. <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>This concern is more of a policy question, rather than a legal question. Would it help to remove the “including text”?<o:p></o:p></span></li><li class=MsoListParagraphCxSpLast style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Action: Margie to add a footnote to the question regarding security practitioners. Following Margie’s added footnote, Support Staff to add the bullets from Q2/5 to Q11 and submit this to the Legal list for final review by the group off-line. <o:p></o:p></span></li></ul><p class=MsoNormal><b><span lang=EN-US style='font-family:"Times New Roman",serif'> </span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='margin-left:54.0pt'><span lang=EN-US> <o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpFirst style='color:black;margin-bottom:12.0pt;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l4 level1 lfo3'><b><span lang=EN-US>Updated Question 12 and 13</span></b><span lang=EN-US>: LC to review simplified question before sending to EPDP Team for sign off: In light of the<span class=apple-converted-space> </span></span><a href="https://www.icann.org/en/system/files/correspondence/odonohue-to-marby-03may19-en.pdf" title="https://www.icann.org/en/system/files/correspondence/odonohue-to-marby-03may19-en.pdf"><span lang=EN-US style='color:#954F72'>3 May 2019 correspondence from the European Commission</span></a><span lang=EN-US>, are any updates on the<span class=apple-converted-space> </span></span><a href="https://community.icann.org/download/attachments/102138857/6%281%29%28b%29%20Memo.docx?version=1&modificationDate=1548874809000&api=v2"><span lang=EN-US style='color:#954F72'>previous memo on 6(1)(b)</span></a><span class=apple-converted-space><span lang=EN-US> </span></span><span lang=EN-US>necessary?<span class=apple-converted-space> </span><o:p></o:p></span></li></ul><p class=MsoListParagraphCxSpMiddle style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:72.0pt;mso-add-space:auto;mso-line-height-alt:11.65pt'><span class=apple-converted-space><span lang=EN-US style='color:black'> </span></span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpMiddle style='color:black;margin-bottom:12.0pt;margin-left:0cm;mso-add-space:auto;mso-line-height-alt:11.65pt;mso-list:l5 level1 lfo8'><span lang=EN-US>This question will be sent to the EPDP Team for final sign-off. <o:p></o:p></span></li></ul><p class=MsoListParagraphCxSpMiddle style='margin-bottom:12.0pt;mso-add-space:auto;mso-line-height-alt:11.65pt'><b><span lang=EN-US> </span></b><span lang=EN-US><o:p></o:p></span></p><ul type=disc><li class=MsoListParagraphCxSpLast style='color:black;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-add-space:auto;mso-list:l4 level1 lfo3'><b><i><span lang=EN-US>Question 6: </span></i></b><i><span lang=EN-US>Within the context of an SSAD, in addition to determining its own lawful basis for disclosing data, does the requestee (entity that houses the requested data) need to assess the lawful basis of the third-party requestor? (Question from ICANN65 from GAC/IPC)</span></i><span lang=EN-US><o:p></o:p></span></li></ul><p class=MsoNormal style='margin-bottom:12.0pt;mso-line-height-alt:11.65pt'><b><span lang=EN-US style='color:black'> </span></b><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoFootnoteText style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:310.0pt;margin-bottom:.0001pt'><a name="_ftn1"></a><a href="applewebdata://68B0E022-B472-4D73-B3D4-09BBCC4682C7#_ftnref1"><span style='mso-bookmark:_ftn1'><span class=MsoFootnoteReference><sup><span lang=EN-US style='font-size:12.0pt;font-family:"Calibri",sans-serif;color:#954F72'>[1]</span></sup></span></span><span style='mso-bookmark:_ftn1'></span></a><span style='mso-bookmark:_ftn1'></span><span class=apple-converted-space><span lang=EN-US style='font-size:12.0pt;color:black'> </span></span><span lang=EN-US style='font-size:12.0pt;color:black'>“Here it is important to highlight the special role that safeguards may play in reducing the undue impact on the data subjects, and thereby changing the balance of rights and interests to the extent that the data controller’s legitimate interests will not be overridden.“ (</span><a href="https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf" title="https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf"><span lang=EN-US style='font-size:12.0pt;color:#954F72'>https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf</span></a><span lang=EN-US style='font-size:12.0pt;color:black'>)</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoFootnoteText style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:0cm;margin-left:310.0pt;margin-bottom:.0001pt'><a name="_ftn2"></a><a href="applewebdata://68B0E022-B472-4D73-B3D4-09BBCC4682C7#_ftnref2"><span style='mso-bookmark:_ftn2'><span class=MsoFootnoteReference><sup><span lang=EN-US style='font-size:12.0pt;font-family:"Calibri",sans-serif;color:#954F72'>[2]</span></sup></span></span><span style='mso-bookmark:_ftn2'></span></a><span style='mso-bookmark:_ftn2'></span><span class=apple-converted-space><span lang=EN-US style='font-size:12.0pt;color:black'> </span></span><a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en" title="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en"><span lang=EN-US style='font-size:12.0pt;color:#954F72'>https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en</span></a><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal style='margin-left:72.0pt'><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraphCxSpFirst style='margin-left:73.0pt;mso-add-space:auto;text-indent:-19.0pt;mso-list:l3 level2 lfo2'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>b)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US style='color:black'>Discussion on submission of questions – submit as complete batch or as available?</span><span lang=EN-US><o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Is there an objection to submit questions in batches, or should they be submitted in batches? <o:p></o:p></span></li><li class=MsoListParagraphCxSpMiddle style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l5 level1 lfo8'><span lang=EN-US>Action: Support Staff to build the first batch of questions to be submitted to the EPDP Team. <o:p></o:p></span></li></ul><p class=MsoListParagraphCxSpLast style='margin-left:73.0pt;mso-add-space:auto;text-indent:-19.0pt;mso-list:l3 level2 lfo2'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>c)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US style='color:black'>Agree on next steps</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='color:black'> </span><span lang=EN-US><o:p></o:p></span></p><ol style='margin-top:0cm' start=3 type=1><li class=MsoListParagraphCxSpFirst style='color:black;margin-left:0cm;mso-add-space:auto;mso-list:l3 level1 lfo2'><b><span lang=EN-US>Wrap and confirm next meeting to be scheduled </span></b><span lang=EN-US><o:p></o:p></span></li></ol><p class=MsoListParagraphCxSpMiddle style='margin-left:73.0pt;mso-add-space:auto;text-indent:-19.0pt;mso-list:l3 level2 lfo2'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>a)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US style='color:black'>Confirm action items</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoListParagraphCxSpLast style='margin-left:73.0pt;mso-add-space:auto;text-indent:-19.0pt;mso-list:l3 level2 lfo2'><![if !supportLists]><span lang=EN-US><span style='mso-list:Ignore'>b)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span lang=EN-US style='color:black'>The next LC Meeting will take place on Tuesday, 27 August at 14:00 UTC.</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Times New Roman",serif;color:black'> </span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div></body></html>