<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:JA">Right. If you flip the default to “ registrant is a natural person “ and allow legal persons to opt out (hence permitting their contact info to be unredacted), it’s still an extra datum.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Alan Greenberg <alan.greenberg@mcgill.ca> <br>
<b>Sent:</b> Saturday, September 15, 2018 2:13 PM<br>
<b>To:</b> Mark Svancarek (CELA) <marksv@microsoft.com>; Kapin, Laureen <LKAPIN@ftc.gov>; Heineman, Ashley <AHeineman@ntia.doc.gov>; gnso-epdp-team@icann.org<br>
<b>Subject:</b> RE: [Gnso-epdp-team] 4.4.9 (and 4.4.2)<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I agree Mark.<br>
<br>
Registrars have told us how inventive registrants have been using the Organization field. Although it may ultimately be reasonable to use this field being filled in as a default value for a Legal/Natural Person field, there is no question in my mind that we
need such a field given the way privacy regulation/legislation such as GDPR is worded.<br>
<br>
Alan<br>
<br>
At 15/09/2018 05:04 PM, Mark Svancarek (CELA) wrote:<br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt">I also agree with Laureen.<br>
<br>
However, regarding this - <br>
“That being said, let it be clear that we are <i>not seeking the collection of additional WHOIS data elementsâ€<br>
</i> <br>
I do note that we have briefly discussed the possibility of collecting an “I attest that I am a natural person and not a legal person†flag, which would be an additional WhoIs data element.<br>
Similarly, if we determine that we require explicit consent in order to continue using the admin or tech fields, that consent would be collected at the time that the WhoIs data is validated by the registrar, and would also constitute additional data element(s).<br>
<br>
I have already apologized to Stephanie for declaring that “no one is asking for additional data elements†and then subsequently discovering these two potential examples
<br>
<br>
/marksv<br>
<br>
<b>From:</b> Gnso-epdp-team <<a href="mailto:gnso-epdp-team-bounces@icann.org">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Alan Greenberg<br>
<b>Sent:</b> Friday, September 14, 2018 7:56 PM<br>
<b>To:</b> Kapin, Laureen <<a href="mailto:LKAPIN@ftc.gov">LKAPIN@ftc.gov</a>>; Heineman, Ashley <<a href="mailto:AHeineman@ntia.doc.gov">AHeineman@ntia.doc.gov</a>>;
<a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] 4.4.9 (and 4.4.2)<br>
<br>
Thanks Laureen. Well said. I definitely agree.<br>
<br>
Alan<br>
<br>
At 13/09/2018 03:24 PM, Kapin, Laureen via Gnso-epdp-team wrote:<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Dear colleagues:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Following up on Tuesday’s discussion, I wanted to focus on the range of legitimate purposes for the ICANN organization. As there continues to be confusion and disagreement on the distinction between third party
interests and ICANN purposes, and we’ve been asked to weigh on a proposed chart that lists legitimate purposes, I thought it would be helpful to set out our views in more detail. Simply put, ICANN’s Bylaws show that ICANN’s legitimate purposes in processing
gTLD registration data include the following:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">· facilitating the resilience, security, and/or stability of the DNS (Section 1.1, Mission)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">· preserving and enhancing the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet (Section 1.2 (a) Commitments)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">· address issues of competition, consumer protection, malicious abuse, sovereignty concerns, and rights protection (Section 4.6 (d), Specific Reviews, Competition, Consumer Trust and Consumer Choice)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">· assess whether registry directory service implementation:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">o meets the legitimate needs of law enforcement<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">o promotes consumer trust<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">o safeguards registrant data (Section 4.6 (e), Specific Reviews, Registration Directory Service Review)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">As a result, ICANN’s own legitimate purposes must include processing registrant data to meet ICANN’s mission, mandate, commitments and responsibilities set forth in the Bylaws. Therefore, while Ashley’s proposed
language for Temp. Spec. 4.4.9 --<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Enabling the prevention and detection of cybercrime and illegal DNS abuse to promote the resilience, security, stability and/or reliability of the DNS and the Internet. Enabling the prevention of unlawful conduct
to meet the legitimate needs of law enforcement and public authorities promoting consumer trust in the DNS and the Internet and safeguarding registrant data.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">-- relates to third parties, such as those involved in detecting cybercrime, investigating DNS abuse and other unlawful conduct, it does NOT constitute a third-party purpose. Rather, the proposal reflects ICANN’s
Bylaw-mandated responsibility to (among other tasks) facilitate the security and stability of the DNS and the Internet which includes processing a defined set of RDS information which may under certain circumstances, be disclosed to third-parties.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">I also note that ICANN commits to duly taking into account the public policy advice of governments and public authorities (among other stakeholders) and that ICANN must act for the benefit of the public. (Art. 1.2
(a) Commitments). The Bylaw mandated responsibilities to protect the security and stability of the DNS and the Internet, address issues of consumer protection and DNS abuse, promote consumer trust, and safeguard registrant data go to the heart of the public
interest. <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Best regards,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Laureen Kapin<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Counsel for International Consumer Protection<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Office of International Affairs<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Federal Trade Commission<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a href="tel:(202)%20326-3237">(202) 326-3237</a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<a href="mailto:lkapin@ftc.gov">lkapin@ftc.gov</a><br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">On: 05 September 2018 16:47,<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
"Heineman, Ashley" <<a href="mailto:AHeineman@ntia.doc.gov">AHeineman@ntia.doc.gov</a> > wrote:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Dear all. Please find below proposed edits to 4.4.9, which should be considered initial input as further discussion is welcomed. Also included below are some recommended edits to 4.4.2, which I realize is being
reviewed/modified by someone else. <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Regarding 4.4.9, the proposed text is:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Enabling the prevention and detection of cybercrime and illegal DNS abuse to promote the resilience, security, stability and/or reliability of the DNS and the Internet. Enabling the prevention of unlawful conduct
to meet the legitimate needs of law enforcement and public authorities promoting consumer trust in the DNS and the Internet and safeguarding registrant data.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">After a lot of deliberation and thought, we decided that this text should remain under section 4.4 (not be moved) as this section is a list of ICANN’s and the Contracted Parties’ legitimate purposes for processing
data and accordingly we want a reference to this purpose as we believe it influences/touches upon at least two stages of their processing (collection and disclosure).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">That being said, let it be clear that we are not seeking the collection of additional WHOIS data elements. However, we do want to ensure that the collection of existing WHOIS data fields continue to be maintained.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Further, it is our view that the collection and disclosure of information, as it aligns with efforts to combat cybercrime and other illegal DNS abuse, is fully consistent with ICANN bylaws and therefore fits within
ICANN’s purposes. (see specific bylaw references below).<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Lastly, our initial text reflects a concerted effort not to conflate ICANN’s purposes with that of LEA/government authorities. It is our view that the interests and lawful basis of third parties (such as LEA/government
authorities) should be articulated elsewhere as appropriate. <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">ICANN Bylaws (excerpts)<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Section 1.2. COMMITMENTS AND CORE VALUES<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">In performing its Mission, ICANN will act in a manner that complies with and reflects ICANN’s Commitments and respects ICANN’s Core Values, each as described below.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">(a) COMMITMENTS<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">***<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">(i) Preserve and enhance the administration of the DNS and the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Section 4.6. SPECIFIC REVIEWS<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">***<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> (e) Registration Directory Service Review<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">(ii) The Board shall cause a periodic review to assess the effectiveness of the then current gTLD registry directory service and whether its implementation meets the legitimate needs of law enforcement,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">promoting consumer trust and safeguarding registrant data.
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Regarding 4.4.2, we offer the following edits for consideration. We believe this provides the necessary specificity required under GDPR:<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Providing collection and disclosure of accurate, reliable, and uniform Registration Data based on lawful basis, consistent with GDPR, to ensure resilience, security, and/or stability of the DNS. In the case of
legitimate interest as a basis, collection and disclosure must not outweigh the fundamental rights of relevant data subjects.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">_______________________________________________<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Gnso-epdp-team mailing list<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team&data=02%7C01%7Cmarksv%40microsoft.com%7Cddb17401efe048c68c5608d61b5015fc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636726428120512294&sdata=mOmHHF2uTANY1Q9QcqAOsZbdDUOajgOYXQ%2FXmdLP8DY%3D&reserved=0">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></p>
</blockquote>
</div>
</body>
</html>