<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Dear Sara</div><div>Tks for comments</div><div>Amended Text </div><div><em>"1) The EPDP team recommends that ICANN, <font color="#0000ff">as soon as is practicable to be replaced by ,<font color="#ff0000">as a matter of urgency</font>,</font>, undertakes a review of all its active processes and procedures so as to identify and document the instances in which personal data are requested from a registrar beyond the period of the 'life of the registration'. Retention periods for specific data elements should then be identified and documented, and relied upon to establish the required relevant and specific minimum data retention expectations for registrars. <br><br> 2) In the interim, the EPDP team has recognized that the Transfer Dispute Resolution Policy (“TDRP”) has been identified as one such process. The EPDP team therefore recommends that ICANN should direct registrars to retain only those data elements deemed necessary for the purposes of the TDRP, for a period of , <font color="#0000ff">at least </font>one year following the life of the registration. This retention is grounded on the stated policy stipulation within the TDRP that claims under the policy may only be raised for a period of 12 months after the alleged breach (FN: see TDRP section 2.2) of the Transfer Policy (FN: see Section 1.15 of TDRP). Such retained data may only be used in relation to a specific TDRP complaint; should a Registrar use the retained data for any other purpose, they would do so under their own Controllership.<br><br> 3) The EPDP team recognizes that Contracted Parties may have needs or requirements for different retention periods, <font color="#0000ff">beyond </font><font color="#0000ff">one year </font> in line with local law <font color="#0000ff">or</font> other requirements. The EPDP team recommends that nothing in this recommendation, or in separate ICANN-mandated policy, should prohibit contracted parties from setting their own retention periods <font color="#0000ff">beyond the minimum one year period or </font>that which is expected in ICANN policy. Similarly, <font color="#0000ff">Howeve</font>r<font color="#0000ff">,</font> should local law prevent retention for the minimum period as <font color="#0000ff">stipulated above</font> or set by ICANN, the ePDP team recommends that a suitable waiver procedure is put in place that can address such situations. In addition, the waiver procedure should be reviewed to determine if it would be appropriate for other CPs to “join” themselves to an existing waiver upon demonstration of being subject to the same law or other requirement that grounded the original waiver application</em></div><div>Regards</div><div>Kavouss <br></div></div></div></div></div><br><div class="gmail_quote"><div class="gmail_attr" dir="ltr">On Fri, Jan 25, 2019 at 10:14 PM Sarah Wyld <<a href="mailto:swyld@tucows.com">swyld@tucows.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div bgcolor="#FFFFFF">
<p>Hello All,</p>
For Recommendation 11, the RrSG has the following proposed new text
and comments: <br>
<p><b>New text:</b><br>
</p>
<p>1) The EPDP team recommends that ICANN, as soon as is
practicable, undertakes a review of all its active processes and
procedures so as to identify and document the instances in which
personal data are requested from a registrar beyond the period of
the 'life of the registration'. Retention periods for specific
data elements should then be identified and documented, and relied
upon to establish the required relevant and specific minimum data
retention expectations for registrars. <br>
<br>
2) In the interim, the EPDP team has recognized that the Transfer
Dispute Resolution Policy (“TDRP”) has been identified as one such
process. The EPDP team therefore recommends that ICANN should
direct registrars to retain only those data elements deemed
necessary for the purposes of the TDRP, for a period of one year
following the life of the registration. This retention is grounded
on the stated policy stipulation within the TDRP that claims under
the policy may only be raised for a period of 12 months after the
alleged breach (FN: see TDRP section 2.2) of the Transfer Policy
(FN: see Section 1.15 of TDRP). Such retained data may only be
used in relation to a specific TDRP complaint; should a Registrar
use the retained data for any other purpose, they would do so
under their own Controllership.<br>
<br>
3) The EPDP team recognizes that Contracted Parties may have needs
or requirements for different retention periods in line with local
law or other requirements. The EPDP team recommends that nothing
in this recommendation, or in separate ICANN-mandated policy,
should prohibit contracted parties from setting their own
retention periods beyond that which is expected in ICANN policy.
Similarly, should local law prevent retention for the minimum
period as set by ICANN, the ePDP team recommends that a suitable
waiver procedure is put in place that can address such situations.
In addition, the waiver procedure should be reviewed to determine
if it would be appropriate for other CPs to “join” themselves to
an existing waiver upon demonstration of being subject to the same
law or other requirement that grounded the original waiver
application. <br>
</p>
<p><b>Notes:</b></p>
<p>- incorporates suggested new text & comments from email list
discussion (thanks Alan W for your insights!)<br>
- spells out that the data can only be used for specified
retention purposes (or, if used for other purpose, that would be a
separate Controller decision)<br>
</p>
<pre class="gmail-m_2529518842320744865moz-signature" cols="72">--
Sarah Wyld
Domains Product Team
Tucows
+1.416 535 0123 Ext. 1392
</pre>
</div>
_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team" target="_blank" rel="noreferrer">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a></blockquote></div>