[Gnso-epdp-team] Consensus: more granular approach needed

Thu Aug 9 10:52:49 UTC 2018

Dear all,
My name is Tatiana Tropina, I'm an alternate for Milton Mueller for the
next few days because he can't attend today's call. I would like to forward
his comments (which I fully agree with) on the approach to consensus.
Please see below.

===================

In determining whether consensus exists on certain key elements of the temp
spec, I think we are suffering from the way items were grouped. Some SG’s
said “No” because they objected to one thing in the group, but a more
granular approach might find wider agreement on certain elements within
that grouping.

My example here is the responses to Appendix A 2.4., 2.5., 2.5.1. -
2.5.1.3., 2.5.2., 2.6., which deals with how the temp spec redacts certain
PII from public Whois. NCSG strongly supports those redactions, and in fact
we think ICANN has little choice about it because of the GDPR. However, on
the survey we see only 2 SGs supporting that question. If we look closer,
however, there is actually not much disagreement with the redaction.

Registrars support redaction “but questions whether this data should
continue to be collected as they are not necessary, and do not comply with
data minimization principle.”

So the registrars are conflating the collection issue with the public
display issue here. They do support redaction of the data elements listed
in the temp spec. So do the Registries. Ry SG comments call attention to
the litigation around collection of the redacted data and has some other
comments unrelated to the question whether the temp spec’s redaction
requirements are acceptable. So again we have a debate about collection
rather than display.

Even the GAC comments do not dispute that the data should be redacted. They
call for changing “redacted for privacy” to “redacted for data protection”
in the display, and call for additional text with instructions about how to
get access to redacted data.

Both SSAC and IPC also do not question that redaction is required for GDPR
compliance but question the scope of the redaction, saying that it may not
be necessary in cases where GDPR does not apply (however they overlook or
ignore the existence of similar data protection laws in other
jurisdictions). SSAC also make a somewhat irrelevant call for 2 years data
retention (which the EDPB has already questioned).

In short, a careful review of the comments shows that there is almost no
opposition to the selection of data that the temp spec asks to be redacted.
We are close to consensus on that vital issue. If it is lumped in with a
bunch of other issues, however, more SGs and ACs can find something they
don’t like. Since the redaction is fundamental to the temp spec, let’s pull
that out and indicate something close to consensus on it.

Dr. Milton L. Mueller
Professor, School of Public Policy
Georgia Institute of Technology

=========
Warm regards,
Tatiana
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180809/52122c8d/attachment.html>