[Gnso-epdp-team] RrSG proposed Recommendation #11

Fri Jan 25 21:13:37 UTC 2019

Hello All,

For Recommendation 11, the RrSG has the following proposed new text and
comments:

*New text:*

1)  The EPDP team recommends that ICANN, as soon as is practicable,
undertakes a review of all its active processes and procedures so as to
identify and document the instances in which personal data are requested
from a registrar beyond the period of the 'life of the registration'.
Retention periods for specific data elements should then be identified
and documented, and relied upon to establish the required relevant and
specific minimum data retention expectations for registrars.

2) In the interim, the EPDP team has recognized that the Transfer
Dispute Resolution Policy (“TDRP”) has been identified as one such
process. The EPDP team therefore recommends that ICANN should direct
registrars to retain only those data elements deemed necessary for the
purposes of the TDRP, for a period of one year following the life of the
registration. This retention is grounded on the stated policy
stipulation within the TDRP that claims under the policy may only be
raised for a period of 12 months after the alleged breach (FN: see TDRP
section 2.2) of the Transfer Policy (FN: see Section 1.15 of TDRP). Such
retained data may only be used in relation to a specific TDRP complaint;
should a Registrar use the retained data for any other purpose, they
would do so under their own Controllership.

3) The EPDP team recognizes that Contracted Parties may have needs or
requirements for different retention periods in line with local law or
other requirements. The EPDP team recommends that nothing in this
recommendation, or in separate ICANN-mandated policy, should prohibit
contracted parties from setting their own retention periods beyond that
which is expected in ICANN policy. Similarly, should local law prevent
retention for the minimum period as set by ICANN, the ePDP team
recommends that a suitable waiver procedure is put in place that can
address such situations. In addition, the waiver procedure should be
reviewed to determine if it would be appropriate for other CPs to “join”
themselves to an existing waiver upon demonstration of being subject to
the same law or other requirement that grounded the original waiver
application.

*Notes:*

- incorporates suggested new text & comments from email list discussion
(thanks Alan W for your insights!)
- spells out that the data can only be used for specified retention
purposes (or, if used for other purpose, that would be a separate
Controller decision)

-- 
Sarah Wyld
Domains Product Team
Tucows
+1.416 535 0123 Ext. 1392

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190125/7d5e3fe9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190125/7d5e3fe9/signature.asc>