<div dir="ltr">Thomas, Brian, Margie - <div><br></div><div>Con you confirm Volker's concern that the test in the agenda is not your current agreed upon version and, if so, can you circulate your agreed upon test for our consideration this morning? Thanks.</div><div><br></div><div>Becky</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 15, 2019 at 1:07 AM Volker Greimann <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Terri,</p>
<p> I see that you completely ignored/missed my edits which had been
agreed in general by Margie as well. I had sent that on Oct 1.
Maybe you missd my attachment?</p>
<p>In any case, the below is not the latest nor generally approved
version.<br>
</p>
<p>Best Volker<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div>Am 14.10.2019 um 20:26 schrieb Terri
Agnew:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal" style="margin-bottom:12pt"><b><span style="color:black">EPDP Phase 2 Legal Committee Meeting #</span>9</b><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12pt;font-variant-caps:normal;text-align:start;word-spacing:0px">
<b><span style="color:black">Tuesday, </span>15<span style="color:black"> October at 14:00 UTC</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12pt;font-variant-caps:normal;text-align:start;word-spacing:0px">
<b><span style="color:black">Proposed Annotated Agenda</span></b><u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12pt"><b>EPDP Phase
2 Legal Committee Meeting #9</b><b><u></u><u></u></b></p>
<p class="MsoNormal" style="margin-bottom:12pt"><b>Tuesday, 15
October at 14:00 UTC<u></u><u></u></b></p>
<p class="MsoNormal" style="margin-bottom:12pt"><b>Proposed
Annotated Agenda<u></u><u></u></b></p>
<ol style="margin-top:0in" start="1" type="1">
<li style="color:black;margin-top:0in;margin-bottom:12pt">
<b>Roll Call & SOI Updates <u></u><u></u></b></li>
</ol>
<p style="margin-left:73pt"><b><span style="color:black"><u></u> <u></u></span></b></p>
<ol style="margin-top:0in" start="2" type="1">
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
<b>Continued Substantive Review of Priority 1 (SSAD) Legal
Questions Submitted to Date</b><u></u><u></u></li>
</ol>
<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>
<p style="margin-right:0in;margin-left:73pt;margin-bottom:0.0001pt">
<span style="color:black"><span>a)<span style="font:7pt "Times New Roman"">
</span></span></span><span style="color:black">Substantive review of SSAD questions
(beginning where LC left off during last LC meeting)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><u><span style="color:black">Updated
Question 11<span style="border:1pt solid windowtext;padding:0in">
</span></span></u></b><u><span style="color:black;border:1pt solid windowtext;padding:0in"> <b> </b></span></u><u><u></u><u></u></u></p>
<p style="margin-left:1in"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><i><span style="color:black">Status:
Thomas, Volker, Brian and Margie to work together on
refining this question in advance of the next LC call on
Tuesday, 15 October.<u></u><u></u></span></i></p>
<p style="margin-left:1in"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:black">(Text proposed by
Margie)<i>: </i>
Is it permissible under GDPR to provide fast, automated, and
non-rate limited responses (as described in SSAC 101) to
nonpublic WHOIS data for properly credentialed security
practitioners<sup>1
</sup>(as defined in SSAC 101) who are responsible for
defense against e-crimes (including network operators,
providers of online services, commercial security services,
cyber-crime investigators) for use in investigations and
mitigation activities to protect their network, information
systems or services (as referenced in GDPR Recital 49) and
have agreed on appropriate safeguards? Or would any
automated disclosure carry a potential for liability of the
disclosing party, or the controllers or processors of such
data? Can counsel provide examples of safeguards (such as
pseudonymization/anonymization) that should be considered?</span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="color:black">For purposes of
this question, please assume the following safeguards are in
place:
<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:71.25pt"><span style="color:black"><u></u> <u></u></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li style="color:black;margin-top:0in;margin-left:0.5in;margin-bottom:0.0001pt">
Disclosure is required under CP’s contract with ICANN
(resulting from Phase 2 EPDP policy).<u></u><u></u></li>
<li style="color:black;margin-top:0in;margin-left:0.5in;margin-bottom:0.0001pt">
CP’s contract with ICANN requires CP to notify the data
subject of the purposes for which, and types of entities
by which, personal data may be processed. CP is required
to notify data subject of this with the opportunity to opt
out before the data subject enters into the registration
agreement with the CP, and again annually via the
ICANN-required registration data accuracy reminder. CP has
done so.<u></u><u></u></li>
<li style="color:black;margin-top:0in;margin-left:0.5in;margin-bottom:0.0001pt">
<span style="color:windowtext">ICANN or its designee has
validated/verified the requestor’s identity, and
required in each instance that the requestor: </span><u></u><u></u></li>
</ul>
</ul>
<p style="margin-right:0in;margin-left:163pt;margin-bottom:0.0001pt;vertical-align:baseline">
<span style="color:black"><span>•<span style="font:7pt "Times New Roman"">
</span></span></span>represents that it has
a lawful basis for requesting and processing the data, <span style="color:black"><u></u><u></u></span></p>
<p style="margin-right:0in;margin-left:163pt;margin-bottom:0.0001pt;vertical-align:baseline">
<span style="color:black"><span>•<span style="font:7pt "Times New Roman"">
</span></span></span>provides its lawful
basis, <span style="color:black"><u></u><u></u></span></p>
<p style="margin-right:0in;margin-left:163pt;margin-bottom:0.0001pt;vertical-align:baseline">
<span style="color:black"><span>•<span style="font:7pt "Times New Roman"">
</span></span></span>represents that it is
requesting only the data necessary for its purpose, <span style="color:black"><u></u><u></u></span></p>
<p style="margin-right:0in;margin-left:163pt;margin-bottom:0.0001pt;vertical-align:baseline">
<span style="color:black"><span>•<span style="font:7pt "Times New Roman"">
</span></span></span>agrees to process the
data in accordance with GDPR, and <span style="color:black"><u></u><u></u></span></p>
<p style="margin-right:0in;margin-left:163pt;margin-bottom:0.0001pt;vertical-align:baseline">
<span style="color:black"><span>•<span style="font:7pt "Times New Roman"">
</span></span></span>agrees to EU standard
contractual clauses for the data transfer. <span style="color:black"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:1in"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-left:1in"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-left:1in"><span style="color:black">Footnote 1: SSAC defines “security
practitioners” in SSAC 101 as those who have a
responsibility to perform specific types of functions (as
specified in Section 3) related to the identification and
mitigation of malicious activity, and the correction of
problems that negatively affect services and users online.<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.25in"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><u><span style="color:black">Updated
Question 12 and 13<u></u><u></u></span></u></b></p>
<p class="MsoNormal"><i><span style="color:black">Status: Brian and Matthew to summarize
the two positions re: questions 12 and 13 and propose
whether Bird & Bird should opine on this. Legal
Committee to discuss the positions during its next
meeting. </span></i><span style="color:black">(Previous
text proposed by Margie)
<u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="color:black"><u></u> <u></u></span></b></p>
<p class="MsoNormal"><b><span style="color:black">Background:<span> </span></span></b><span style="color:black">The<span> </span></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_odonohue-2Dto-2Dmarby-2D03may19-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=QByFqrfGsimsUqARjmh9tGVvwXBjAR0IbkSD0eVdiYg&s=EdXqx7ByC1uX-5j8DO06GVnRLxI1FCbAryQMnKVef7Q&e=" target="_blank"><span style="color:rgb(149,79,114)">recent EC
Letter [icann.org]</span></a><span><span style="color:black"> </span></span><span style="color:black">provides clarification regarding the
possible legal bases for disclosure of non-public
registration data to in the section entitled “Legal Bases
for Processing”, and noted:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:black"> <u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><i><span style="color:black">“As explained in our comments, Art.
6(1)f GDPR (legitimate interest) is one of the six
possible legal bases provided under Art. 6(1) GDPR. For
instance, disclosure of nonpublic gTLD registration data
could be necessary for compliance with a legal obligation
to which the contracted parties are subject (see Art.
6(1)c GDPR).</span></i><span style="color:black">”<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="color:black"> <u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="color:black">and<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="color:black"> <u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><i><span style="color:black">“With regard to the formulation of
purpose two, the European Commission acknowledges ICANN’s
central role and responsibility for ensuring the security,
stability and resilience of the Internet Domain Name
System and that in doing so it acts in the public
interest.”</span></i><span style="color:black"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="color:black"> <u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="color:black">Questions:</span></b><span style="color:black"><u></u><u></u></span></p>
<ul type="disc">
<li style="color:black">
In light of these statements from the EC, are there any
updates to the prior memos submitted by B&B regarding
the applicable bases for disclosure of non-public
registration data to third parties for the purposes
identified in EPDP Phase 1 Final Report Rec. 1 (Final
Report), such as the memo on 6(1)(b)? <u></u><u></u></li>
<li style="color:black">
To what extent can disclosures of non-public registration
data to third parties for the purposes identified in the
Final Report Rec. 1 be justified under GDPR’ Article 6(1)e
(public interest), in light of the EC’s recognition that:
<i>“With regard to the formulation of purpose two, the
European Commission acknowledges ICANN’s central role and
responsibility for ensuring the security, stability and
resilience of the Internet Domain Name System and that in
doing so it acts in the public interest.”</i><u></u><u></u></li>
</ul>
<ol start="3" type="1">
<li style="color:black">
<b>Questions previously put on hold pending further legal
advice and/or EPDP Team discussion<u></u><u></u></b></li>
</ol>
<p><b><span style="color:black"><u></u> <u></u></span></b></p>
<p style="margin-right:0in;margin-left:73pt;margin-bottom:0.0001pt">
<span style="color:black"><span>a)<span style="font:7pt "Times New Roman"">
</span></span></span><b><span style="color:black">Additional topics noted in plenary
sessions, where an EPDP Member requested the topic be
considered by the Legal Committee</span></b><span style="color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li style="color:black;margin-top:0in;margin-left:0.5in;margin-bottom:0.0001pt">
<b>Domain names based on identical contact information</b>:<b>
</b>If a requestor obtains contact information for a
domain name engaged in bad activity, is accessing contact
information from other domain names with identical contact
information permissible? (topic introduced by Brian K.
during 6 September plenary meeting)<u></u><u></u></li>
</ul>
</ul>
<p style="margin-left:2.5in"><span style="color:black"><u></u> <u></u></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="circle">
<li style="color:black;margin-top:0in;margin-left:0.5in;margin-bottom:0.0001pt">
<b>ccTLD operators offering reverse WHOIS look-up services
</b>(topic introduced by Margie during F2F – requested
legal advice)
<u></u><u></u></li>
</ul>
</ul>
<p class="MsoNormal" style="margin-left:1.25in"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-left:1in"><i><span style="color:black">Status: Thomas, Volker, Brian and
Margie to consider these items in their review of Q11.
<u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:1in"><i><span style="color:black"><u></u> <u></u></span></i></p>
<ul style="margin-top:0in" type="disc">
<li style="color:black;margin-top:0in;margin-left:0.75in;margin-bottom:0.0001pt">
<b>BALANCING, AND RIGHT TO OBJECT</b>: The defense of
networks, the prevention of fraud, resisting cybercrime, and
indicating possible criminal acts or threats to public
security to a competent authority are tasks performed by
third parties who are not law enforcement or government
agencies. Such parties have legitimate interests in making
data requests under GDPR, notably under Article 6(1)f; see
also Recitals 47, 49, and 50. We are considering balancing
where the data subject may be infringing upon the rights of
others, and the safety of third-party requestors who deal
with cybercrime. The third-party purposes above also
require timely responses to data requests.<u></u><u></u></li>
</ul>
<p style="margin-left:1.25in"><span style="color:black">Assume that registrars notify their
registrants up-front of the purposes of data collection,
under what circumstances the data may be released, the right
to object, etc. <u></u><u></u></span></p>
<ol style="margin-top:0in" start="1" type="1">
<ol style="margin-top:0in" start="1" type="a">
<ol style="margin-top:0in" start="1" type="1">
<ol style="margin-top:0in" start="1" type="a">
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
When a data controller receives a legitimate
third-party data request, under what circumstances is
the controller required under GDPR to explicitly
notify the data subject that a request has occurred,
and/or that it has provided data to a third party?<span> </span><u></u><u></u></li>
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
Under what circumstances do data subjects have the
right to object under GDPR to the release of their
data to third parties? Per Bird & Bird's Question
3 memo, ICANN's use cases do not involve profiling or
highly sensitive data categories (race, political
affiliation, etc.), and "a decision to release
information via the SSAD is would not in itself have
legal effect on the data subject."<u></u><u></u></li>
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
Are data controllers ever required to notify the data
subject of the<span> </span><i>identity</i><span> </span>of a
third-party requestor?<u></u><u></u></li>
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
Please confirm: when a data subject objects to
processing, the decision to release the data resides
with the data controller?<u></u><u></u></li>
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
If a registrant must be notified of a request and then
be given the opportunity to object, please explain how
this process can be reconciled with or integrated into
a SSAD that is designed to provide timely data
exchange when possible and does not involve "a
decision based solely on automated processing". (See
Bird & Bird's Question 3 memo, paragraph 1.12.) <u></u><u></u></li>
</ol>
</ol>
</ol>
</ol>
<p style="margin-left:1.25in"><span style="color:black"> <u></u><u></u></span></p>
<ul style="margin-top:0in" type="disc">
<li style="color:black;margin-top:0in;margin-left:0.75in;margin-bottom:0.0001pt">
<b>Google Right to be Forgotten: </b>(Proposed by Margie)
In light of last week’s landmark Right to Be Forgotten Case
regarding the reach of GDPR:<u></u><u></u></li>
</ul>
<p class="MsoNormal" style="margin-left:1.25in"><a href="https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-09/cp190112en.pdf" target="_blank">https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-09/cp190112en.pdf</a><span><span style="color:black"> </span></span><span style="color:black">, where the Court clarified the
applicability of GDPR outside of the EU, and stated:<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:1.25in"><i><span style="color:black">“However, it states that numerous
third States do not recognise the right to dereferencing
or have a different approach to that right. The Court adds
that the right to the protection of personal data is not
an absolute right, but must be considered in relation to
its function in society and be balanced against other
fundamental rights, in accordance with the principle of
proportionality. In addition, the balance between the
right to privacy and the protection of personal data, on
the one hand, and the freedom of information of internet
users, on the other, is likely to vary significantly
around the world.”</span></i><span style="color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:black"> <u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:0.75in;text-indent:0.5in"><span style="color:black">Does this ruling affect:<u></u><u></u></span></p>
<ol start="1" type="1">
<li style="color:black;margin-left:1in">
The advice given in<span> </span><span style="color:windowtext"><a href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fcommunity.icann.org-252Fdownload-252Fattachments-252F102138857-252FICANN-252520-2D-252520Memo-252520on-252520Territorial-252520Scope-252520.docx-253Fversion-253D1-2526modificationDate-253D1552176561000-2526api-253Dv2-26data-3D02-257C01-257CMarksv-2540microsoft.com-257C0fc10369b86b4fb54cdb08d745d81ad8-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C1-257C637054666773951714-26sdata-3D85hB3n-252BgHO5zltdzTm5Pmd-252FUeu0T7OL-252F4bywkCcb7dg-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DOGmtg_3SI10Cogwk-ShFiw%26r%3DqQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA%26m%3DqgqaikAoSyJzElcg7C-u09feQBWajzhT1JT2LBv05jg%26s%3D8TCbK69KiXCKrPpNO-KL9rKcsRkCISjzvCof8uKQBRs%26e%3D&data=02%7C01%7CMarksv%40microsoft.com%7C2925832daae546b63e0408d745f74dba%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637054800792839937&sdata=exadgrNqqCKVQ%2FLTBKZXXJMnBkfDjA9SNSTaJuX%2FH4Q%3D&reserved=0" title="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fcommunity.icann.org-252Fdownload-252Fattachments-252F102138857-252FI" target="_blank"><span style="color:rgb(149,79,114)">Phase
1 Regarding Territorial Scope</span></a></span>?<u></u><u></u></li>
<li style="color:black;margin-left:1in">
The advice given in Q1-2 with respect to liability (Section
4 of the memo)?<u></u><u></u></li>
</ol>
<p class="MsoNormal" style="margin-left:1.25in"><span style="color:black">In light of this ECJ decision, using the
same assumptions identified for Q1 and Q2, would there be
less risk under GDPR to contracted parties if:<u></u><u></u></span></p>
<ol start="2" type="1">
<ol start="1" type="1">
<ol start="1" type="a">
<li style="color:black">
the SSAD allowed automated disclosure responses to
requests submitted by accredited entities for redacted
data of registrants and/or controllers located outside
of the EU, for legitimate purposes (such as
cybersecurity investigations and mitigation)<span><b> </b></span>and/or
other fundamental rights<span> </span>such as<span> </span>intellectual
property<span> </span>infringement
investigations<span> </span>(See
Article 17, Section 2<span> </span><span style="color:windowtext"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Feur-2Dlex.europa.eu-252Flegal-2Dcontent-252FEN-252FTXT-252F-253Furi-253DCELEX-253A12012P-252FTXT-26data-3D02-257C01-257CMarksv-2540microsoft.com-257C2925832daae546b63e0408d745f74dba-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C1-257C637054800792819948-26sdata-3DRxgqL9eYdRavnaFqIDjzDOT4GPHJRSsmQ1-252Favz10vKw-253D-26reserved-3D0&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=VLG2NlF9SKlO5Br01dwddo_lA4oncgv7PkSSSsw8ZV4&s=fPD2dxvOeBSKNBXQT0rUNkNPmaova0kNQcFCii_4G6Y&e=" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Feur-2Dlex.europa.eu-252Flegal-2Dcontent-252FEN-252FTXT-252F-253Furi-253DCELEX-253A12012P-252FTXT-26data-3D02-257C01-257CMarksv-2540mic" target="_blank"><span style="color:rgb(149,79,114)">https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT</span></a></span>);<span> </span>and/or <u></u><u></u></li>
</ol>
</ol>
</ol>
<ol start="2" type="1">
<ol start="1" type="1">
<ol start="2" type="a">
<li style="color:black">
ICANN served as the sole entity making disclosure
decisions for the SSAD, and directly provided access to
the redacted data from a processing center outside of
the EU (such as from ICANN’s Los Angeles Headquarters)?<u></u><u></u></li>
</ol>
</ol>
</ol>
<p class="MsoNormal"><b><span style="color:black"><u></u> <u></u></span></b></p>
<p style="margin-right:0in;margin-left:73pt;margin-bottom:0.0001pt">
<b><span style="color:black"><span>b)<span style="font:7pt "Times New Roman"">
</span></span></span></b><b><span style="color:black">Agree on next steps<u></u><u></u></span></b></p>
<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>
<ol style="margin-top:0in" start="4" type="1">
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
<b>Presentation of high-level summaries of legal memos <u></u><u></u></b></li>
</ol>
<p><b><span style="color:black"><u></u> <u></u></span></b></p>
<ol style="margin-top:0in" start="5" type="1">
<li style="color:black;margin-top:0in;margin-bottom:0.0001pt">
<b>Wrap and confirm next meeting to be scheduled <u></u><u></u></b></li>
</ol>
<p style="margin-right:0in;margin-left:73pt;margin-bottom:0.0001pt">
<span style="color:black"><span>a)<span style="font:7pt "Times New Roman"">
</span></span></span><span style="color:black">Confirm action items<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Gnso-epdp-legal mailing list
<a href="mailto:Gnso-epdp-legal@icann.org" target="_blank">Gnso-epdp-legal@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-legal" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-legal</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<div>-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom:3px solid rgb(92,70,181)">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</div>
_______________________________________________<br>
Gnso-epdp-legal mailing list<br>
<a href="mailto:Gnso-epdp-legal@icann.org" target="_blank">Gnso-epdp-legal@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-legal" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-legal</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div>