<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Kurt, I think the
point is that these processing practices were not adequate.
The fact that ICANN got away with them should not be construed
as an acceptance that they were legal. We need to examine
ICANN's scope and bylaws to determine how far they overreach.
Many actors on this EPDP are arguing that ICANN has a duty to
support law enforcement access, for instance, and trademark
enforcement. This is a matter that a court would examine
rather closely, it would not simply take ICANN's word for it
that producing a repository of personal information for
informal access is a role that ICANN properly plays. <br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I attach two letters
from the former Chair of the Article 29 Working Party, sent at
the time of the consultation of the 2013 RAA consultations.
While they focus on the new data retention requirements, the
reasoning still applies. Please note the penultimate
paragraph on page 4 of the 2012 letter. Page two of the
second letter specifically notes that law enforcement needs
should be addressed through national law.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Stephanie Perrin</font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-09-06 02:31, Kurt Pritz wrote:<br>
</div>
<blockquote type="cite"
cite="mid:B2F2A681-D4EE-4898-8C57-A22B5DDB724C@kjpritz.com"><font
class="" face="Helvetica Neue" color="#454545">Given that we
have existing data collection and processing practices that were
adequate pre-GDPR, it seems better to weigh those practices
against GDPR and see what remains.</font></blockquote>
</body>
</html>