<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Thanks Mark! I am not
the lawyer here (cough cough Thomas please jump in) but I
would think that registrars would have to be extremely
cautious about just accepting a tick box that says "I am a
legal person". Definitions of who is an individual, and when
you cease to have privacy rights as an individual, are not
always clear, nor do people necessarily understand them. It
is one thing for Procter and Gamble or Facebook to say they
are a legal person and give a valid address, but small
business folks and sole contractors are another matter.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Stephanie</font></font><br>
</p>
<div class="moz-cite-prefix">On 2018-09-15 17:33, Mark Svancarek
(CELA) via Gnso-epdp-team wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BN6PR21MB0130296051471907E80ACC6AD1180@BN6PR21MB0130.namprd21.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:JA">Right.
If you flip the default to “ registrant is a natural person
“ and allow legal persons to opt out (hence permitting their
contact info to be unredacted), it’s still an extra datum.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Alan Greenberg
<a class="moz-txt-link-rfc2396E" href="mailto:alan.greenberg@mcgill.ca"><alan.greenberg@mcgill.ca></a> <br>
<b>Sent:</b> Saturday, September 15, 2018 2:13 PM<br>
<b>To:</b> Mark Svancarek (CELA)
<a class="moz-txt-link-rfc2396E" href="mailto:marksv@microsoft.com"><marksv@microsoft.com></a>; Kapin, Laureen
<a class="moz-txt-link-rfc2396E" href="mailto:LKAPIN@ftc.gov"><LKAPIN@ftc.gov></a>; Heineman, Ashley
<a class="moz-txt-link-rfc2396E" href="mailto:AHeineman@ntia.doc.gov"><AHeineman@ntia.doc.gov></a>; <a class="moz-txt-link-abbreviated" href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> RE: [Gnso-epdp-team] 4.4.9 (and 4.4.2)<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I agree Mark.<br>
<br>
Registrars have told us how inventive registrants have been
using the Organization field. Although it may ultimately be
reasonable to use this field being filled in as a default
value for a Legal/Natural Person field, there is no question
in my mind that we need such a field given the way privacy
regulation/legislation such as GDPR is worded.<br>
<br>
Alan<br>
<br>
At 15/09/2018 05:04 PM, Mark Svancarek (CELA) wrote:<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">I also agree
with Laureen.<br>
<br>
However, regarding this - <br>
“That being said, let it be clear that we are <i>not
seeking the collection of additional WHOIS data
elementsâ€<br>
</i> <br>
I do note that we have briefly discussed the possibility of
collecting an “I attest that I am a natural person and not
a legal person†flag, which would be an additional WhoIs
data element.<br>
Similarly, if we determine that we require explicit consent
in order to continue using the admin or tech fields, that
consent would be collected at the time that the WhoIs data
is validated by the registrar, and would also constitute
additional data element(s).<br>
<br>
I have already apologized to Stephanie for declaring that
“no one is asking for additional data elements†and then
subsequently discovering these two potential examples
<br>
<br>
/marksv<br>
<br>
<b>From:</b> Gnso-epdp-team <<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Alan Greenberg<br>
<b>Sent:</b> Friday, September 14, 2018 7:56 PM<br>
<b>To:</b> Kapin, Laureen <<a
href="mailto:LKAPIN@ftc.gov" moz-do-not-send="true">LKAPIN@ftc.gov</a>>;
Heineman, Ashley <<a href="mailto:AHeineman@ntia.doc.gov"
moz-do-not-send="true">AHeineman@ntia.doc.gov</a>>;
<a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] 4.4.9 (and 4.4.2)<br>
<br>
Thanks Laureen. Well said. I definitely agree.<br>
<br>
Alan<br>
<br>
At 13/09/2018 03:24 PM, Kapin, Laureen via Gnso-epdp-team
wrote:<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Dear colleagues:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Following up on
Tuesday’s discussion, I wanted to focus on the range of
legitimate purposes for the ICANN organization. As there
continues to be confusion and disagreement on the
distinction between third party interests and ICANN
purposes, and we’ve been asked to weigh on a proposed
chart that lists legitimate purposes, I thought it would be
helpful to set out our views in more detail. Simply put,
ICANN’s Bylaws show that ICANN’s legitimate purposes in
processing gTLD registration data include the following:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">·
facilitating the resilience, security, and/or stability of
the DNS (Section 1.1, Mission)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">·
preserving and enhancing the operational stability,
reliability, security, global interoperability, resilience,
and openness of the DNS and the Internet (Section 1.2 (a)
Commitments)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">· address
issues of competition, consumer protection, malicious abuse,
sovereignty concerns, and rights protection (Section 4.6
(d), Specific Reviews, Competition, Consumer Trust and
Consumer Choice)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">· assess
whether registry directory service implementation:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">o meets the
legitimate needs of law enforcement<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">o promotes
consumer trust<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">o safeguards
registrant data (Section 4.6 (e), Specific Reviews,
Registration Directory Service Review)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">As a result,
ICANN’s own legitimate purposes must include processing
registrant data to meet ICANN’s mission, mandate,
commitments and responsibilities set forth in the Bylaws.
Therefore, while Ashley’s proposed language for Temp.
Spec. 4.4.9 --<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Enabling the
prevention and detection of cybercrime and illegal DNS abuse
to promote the resilience, security, stability and/or
reliability of the DNS and the Internet. Enabling the
prevention of unlawful conduct to meet the legitimate needs
of law enforcement and public authorities promoting consumer
trust in the DNS and the Internet and safeguarding
registrant data.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">-- relates to
third parties, such as those involved in detecting
cybercrime, investigating DNS abuse and other unlawful
conduct, it does NOT constitute a third-party purpose.
Rather, the proposal reflects ICANN’s Bylaw-mandated
responsibility to (among other tasks) facilitate the
security and stability of the DNS and the Internet which
includes processing a defined set of RDS information which
may under certain circumstances, be disclosed to
third-parties.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">I also note that
ICANN commits to duly taking into account the public policy
advice of governments and public authorities (among other
stakeholders) and that ICANN must act for the benefit of the
public. (Art. 1.2 (a) Commitments). The Bylaw mandated
responsibilities to protect the security and stability of
the DNS and the Internet, address issues of consumer
protection and DNS abuse, promote consumer trust, and
safeguard registrant data go to the heart of the public
interest. <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Best regards,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Laureen Kapin<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Counsel for
International Consumer Protection<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Office of
International Affairs<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Federal Trade
Commission<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a
href="tel:(202)%20326-3237" moz-do-not-send="true">(202)
326-3237</a><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in"><a
href="mailto:lkapin@ftc.gov" moz-do-not-send="true">lkapin@ftc.gov</a><br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">On: 05 September
2018 16:47,<o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">"Heineman,
Ashley" <<a href="mailto:AHeineman@ntia.doc.gov"
moz-do-not-send="true">AHeineman@ntia.doc.gov</a> >
wrote:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Dear all.
Please find below proposed edits to 4.4.9, which should be
considered initial input as further discussion is welcomed.
Also included below are some recommended edits to 4.4.2,
which I realize is being reviewed/modified by someone else.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Regarding 4.4.9,
the proposed text is:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Enabling the
prevention and detection of cybercrime and illegal DNS abuse
to promote the resilience, security, stability and/or
reliability of the DNS and the Internet. Enabling the
prevention of unlawful conduct to meet the legitimate needs
of law enforcement and public authorities promoting consumer
trust in the DNS and the Internet and safeguarding
registrant data.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">After a lot of
deliberation and thought, we decided that this text should
remain under section 4.4 (not be moved) as this section is a
list of ICANN’s and the Contracted Parties’ legitimate
purposes for processing data and accordingly we want a
reference to this purpose as we believe it
influences/touches upon at least two stages of their
processing (collection and disclosure).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">That being said,
let it be clear that we are not seeking the collection of
additional WHOIS data elements. However, we do want to
ensure that the collection of existing WHOIS data fields
continue to be maintained.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Further, it is
our view that the collection and disclosure of information,
as it aligns with efforts to combat cybercrime and other
illegal DNS abuse, is fully consistent with ICANN bylaws and
therefore fits within ICANN’s purposes. (see specific
bylaw references below).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Lastly, our
initial text reflects a concerted effort not to conflate
ICANN’s purposes with that of LEA/government authorities.
It is our view that the interests and lawful basis of third
parties (such as LEA/government authorities) should be
articulated elsewhere as appropriate. <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">ICANN Bylaws
(excerpts)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Section 1.2.
COMMITMENTS AND CORE VALUES<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">In performing
its Mission, ICANN will act in a manner that complies with
and reflects ICANN’s Commitments and respects ICANN’s
Core Values, each as described below.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">(a)
COMMITMENTS<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">***<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">(i) Preserve and
enhance the administration of the DNS and the operational
stability, reliability, security, global interoperability,
resilience, and openness of the DNS and the Internet.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Section 4.6.
SPECIFIC REVIEWS<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">***<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> (e)
Registration Directory Service Review<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">(ii) The Board
shall cause a periodic review to assess the effectiveness of
the then current gTLD registry directory service and whether
its implementation meets the legitimate needs of law
enforcement,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">promoting
consumer trust and safeguarding registrant data.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Regarding 4.4.2,
we offer the following edits for consideration. We believe
this provides the necessary specificity required under GDPR:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Providing
collection and disclosure of accurate, reliable, and uniform
Registration Data based on lawful basis, consistent with
GDPR, to ensure resilience, security, and/or stability of
the DNS. In the case of legitimate interest as a basis,
collection and disclosure must not outweigh the fundamental
rights of relevant data subjects.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">_______________________________________________<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Gnso-epdp-team
mailing list<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a
href="mailto:Gnso-epdp-team@icann.org"
moz-do-not-send="true">Gnso-epdp-team@icann.org</a>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a
href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team&data=02%7C01%7Cmarksv%40microsoft.com%7Cddb17401efe048c68c5608d61b5015fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636726428120512294&sdata=mOmHHF2uTANY1Q9QcqAOsZbdDUOajgOYXQ%2FXmdLP8DY%3D&reserved=0"
moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></p>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a></pre>
</blockquote>
</body>
</html>