<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>Dear EPDP Team,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Below, please find ICANN org’s response to a question from today’s EPDP Meeting.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Thank you.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Marika, Berry and Caitlin<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;color:black'>QUESTION:</span></b><span class=apple-converted-space><span style='font-size:11.0pt;color:black'> </span></span><span style='font-size:11.0pt;color:black'> Is ICANN.org considering doing a DPIA, given the need for them to sort out their role?<o:p></o:p></span></p><p class=MsoNormal style='caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><b><span style='color:black'>RESPONSE:</span></b><span class=apple-converted-space><span style='color:black'> </span></span><span style='color:black;background:white'>A similar<span class=apple-converted-space> </span></span><span style='color:black'><a href="https://mm.icann.org/pipermail/gnso-epdp-team/2018-October/000527.html"><span style='color:#1155CC;background:white'>question</span></a></span><span class=apple-converted-space><span style='color:#333333;background:white'> </span></span><span style='color:black;background:white'>was asked by the EPDP Team on 1 October 2018 to which ICANN org provided a response, which restated John Jeffrey’s comment on an<span class=apple-converted-space> </span></span><span style='color:black'><a href="https://participate.icann.org/p29vt2uxodx/"><span style='color:#1155CC;background:white'>8 October 2018 webinar</span></a></span><span style='color:#333333;background:white'>.<span class=apple-converted-space> </span></span><span style='color:black;background:white'>To recap:</span><span style='color:black'><o:p></o:p></span></p><p class=MsoNormal style='caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='color:black;background:white'>In general, a DPIA is designed to (a) describe the processing and purpose of processing of personal data, including where applicable the legitimate interest pursued by the controller, (b) assess the processing necessity and proportionality, and (c) help manage the risks to the rights and freedoms of data subjects resulting from the processing. The elements of a DPIA are more fully described in Article 35(7) of the GDPR. Under Article 35(1), a DPIA is only required where a type of processing is “likely to result in a high risk to the rights and freedoms of natural persons”.</span><span style='color:black'><o:p></o:p></span></p><p class=MsoNormal style='caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='color:black;background:white'>ICANN org considered conducting a DPIA since early in the discussion of GDPR and gTLD registration data. One of the issues is when to do a DPIA that is most timely and useful--should the DPIA be conducted on the original requirements in the registry and registrar agreements, on the Temporary Specification which is temporary, or on the new requirements being discussed in the EPDP? We continue to evaluate whether that assessment should be performed and, if so, when.</span><span style='color:black'><o:p></o:p></span></p><p class=MsoNormal style='caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p style='margin:0in;margin-bottom:.0001pt;caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='color:black;background:white'>We are preparing some FAQs to provide further background on this topic, which we plan to publish next week. We will share with the EPDP Team a link to the FAQs once published.</span><span style='color:black'><o:p></o:p></span></p><p class=MsoNormal style='caret-color: rgb(0, 0, 0);font-variant-caps: normal;orphans: auto;text-align:start;widows: auto;-webkit-text-size-adjust: auto;-webkit-text-stroke-width: 0px;word-spacing:0px'><span style='font-size:11.0pt;color:black'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p></div></body></html>