<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Cambria;
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"Open Sans";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma",sans-serif;}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
        {mso-style-name:msonormal;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
span.gmail-m8650610901850170273gmail-m8537874273839167647gc-cs-link
        {mso-style-name:gmail-m_8650610901850170273gmail-m_8537874273839167647gc-cs-link;}
span.EmailStyle21
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;}
span.EmailStyle22
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
span.EmailStyle23
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Marc:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<p class="MsoNormal"><span style="mso-fareast-language:JA">I have paraphrased this as:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<p class="MsoNormal">“If a processor were to publish or disclose multiple personal data, one of which was a pseudonym, and if that collection of data could be used to render the pseudonym identifiable, then the pseudonym would be considered to be personal data. 
 However, if the processor were to publish a pseudonym, and a third party were to subsequently locate additional data, available from different processors or even from the same processor in a different context, and were then able to use these separate data
 to unmask the pseudonym and render it identifiable, such third party correlation ability would NOT require the processor to treat the pseudonym as personal data.”<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I don’t find your lawyers’ opinion very convincing, Marc. She is saying that even if it’s known for a fact that the pseudonym can be combined with other data elements that are readily accessible to anyone to
 identify the subject, it is not personally identifiable simply because all the data isn’t in one place. That doesn’t pass the giggle test.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Second, the Whois DOES publish additional, multiple personal data, such as country, state, city, nameserver, domain name, etc. all of which when combined could be used to identify.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Dr. Milton L Mueller<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Professor, <a href="http://spp.gatech.edu/">
<span style="color:#0563C1">School of Public Policy</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Georgia Institute of Technology<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Internet Governance Project <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><a href="http://internetgovernance.org/"><span style="color:#0563C1">http://internetgovernance.org/</span></a>
<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA">/marksv<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:JA"><o:p> </o:p></span></p>
<p class="MsoNormal"><b>From:</b> Gnso-epdp-team <<a href="mailto:gnso-epdp-team-bounces@icann.org">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Alex Deacon<br>
<b>Sent:</b> Saturday, February 2, 2019 11:57 AM<br>
<b>To:</b> Alan Woods <<a href="mailto:alan@donuts.email">alan@donuts.email</a>><br>
<b>Cc:</b> EPDP <<a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a>><br>
<b>Subject:</b> Re: [Gnso-epdp-team] Recommendation on privacy/proxy data.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Thanks Alan.  As always I appreciate your input and views.  A few thoughts and questions on your proposed solution. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">First, given all of the "MAYs" in your suggested update, it is not clear to me how this will be translated in the implementation phase.  Specifically it is a no-op from a compliance point of view.   I understand this may be the main reason
 for your update, but we end up with a Recommendation with little value. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Second, given the general agreement that we avoid "squishy" language in our purposes and recommendations, the language you propose is unclear (to me at least).  If a Registrar or Registry decides to not return P/P data or the "existing
 p/p pseudonymized email” does that mean no email address will be available in a public response?  If so that seems to go against our existing Contractibility purpose (Purpose 3).  (Alan G made this point I believe.)    Or does this language assume that there
 will be  a Registrar pseudonymized email that points to a P/P pseudonymized email?    Both seem problematic.  <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Third, regarding the language you point out in Recital 26 of the GDPR, its not clear to me it applies in the privacy/proxy context, where the only the psuedonymized email could be seen as personal.   Perhaps this would be a good question
 to pose to Ruth.   From what I understand if a processor were to publish or disclose multiple personal data, one of which was a pseudonym, and if that collection of data could be used to render the pseudonym identifiable, then the pseudonym would be considered
 to be personal data.   For responses that only included P/P data this wouldn't be the case.   <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Fourth, I appreciate your concern that it may not be possible to figure out a P/P provider  and suggest we can use the language in the RAA (Section 2) to be more specific here - essentially limit it (for now) to affiliated services.    
 e.g. “For any Proxy Service or Privacy Service offered by the Registrar or its Affiliates, including any of Registrar's or its Affiliates' P/P services distributed through Resellers, and used in connection with Registered Names Sponsored by the Registrar,".
   In the future, and once the PPIRT completes, all accredited P/P services will be flagged in RDS/WHOIS (PPSAI Recommendation 4) so this issue will be solved.  <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Finally, I continue to believe we can find a pragmatic solution where we eliminate (or perhaps minimize) the situation where P/P data is returned in response to a "reasonable disclosure" request.    It is a very inefficient use of time/cycles
 for both the requestor and person responsible for manually processing these requests.   This was the main reason for the Temp Spec language and this new Recommendation.   If we can't address this issue in this new Rec then perhaps language needs to be added
 to Rec 12 to address this case....<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Apologies for the long email. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Alex<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">___________<o:p></o:p></p>
<div>
<p class="MsoNormal"><b>Alex Deacon</b><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Cole Valley Consulting<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="mailto:alex@colevalleyconsulting.com" target="_blank">alex@colevalleyconsulting.com</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+1.415.488.6009<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Fri, Feb 1, 2019 at 4:47 AM Alan Woods <<a href="mailto:alan@donuts.email">alan@donuts.email</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Thank you Alex for reopening this matter. <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">From a practicality POV the inclusion of a pseudonymised email in a publication is a disclosure of public data, as a pseudonymised email, is still an email for a data subject. It may be in a form the data subject does not recognize, but
 I believe a number of excellent and practical examples, such as auto-relay / auto out of office responses could easily identify the non-pseudonymised email and lead to identification of the Data Subject. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I refer you recital 26 of the GDPR:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">"…Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person..." <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Alas the recommendation as worded, although I understand the practicality that is driving it, does not properly address data protection concerns. There is a lot of back and of forth possible on whether pseudonymisation may count as anonymization
 when published to a 3rd party, however in the context of Domain Names, where the domain name, and even the associated content, could be capable of linking the individual to the pseudonymised data (which is completely outside of outside of our control, but
 still relevant to our risk assessment), we need to tread carefully; more carefully than the ePDP has either the time or the scope to consider. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">To refer again to our goal : We must look to the state of the data that is in the RDDS currently, and whether the publication of individual data currently used would be data protection compliant or not. In its current state, with the myriad
 the uncertainties, it is not, therefore our recommendation must be <b><u>not</u></b> to publish. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><b>SOLUTION</b> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Allow the registrar / registry to consider (as Controller) the feasibility and the risk as it applies to them? Unless we, at this late stage, the ePDP can provide an actual means or suggestion as to implementation of how a registrar / registry
 can effectively figure out who is a P&P provider and thus publish those only details without an increase to risk, then our choice is plain. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If the recommendation is to stand, use of MAY, and other permissive language, as opposed to a 'must' will allow each CP to assess the risk as they see it, as it all comes down to the fact that the ePDP cannot force the CPs to assume higher
 risk to appease some. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal"><b>Recommendation XX</b><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><b>In the case of a domain name registration where a privacy/proxy service used (e.g. where data associated with a natural person is masked),
<span style="color:red">Registrar (and Registry where applicable) MAY</span> include in the public WHOIS and return in response to any query full WHOIS data,
<span style="color:red">which may also </span>includ<span style="color:red">e</span> the existing privacy/proxy pseudonymized email.</b><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Kind regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Alan <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">  <o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:0in 5.25pt 0in 0in"></td>
<td style="padding:0in 5.25pt 0in 0in">
<div>
<p class="MsoNormal" style="mso-margin-top-alt:7.5pt;margin-right:0in;margin-bottom:7.5pt;margin-left:0in;line-height:12.75pt">
<b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="color:#333333;text-decoration:none">Alan
 Woods</span></a></span></b><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:7.5pt;margin-right:0in;margin-bottom:7.5pt;margin-left:0in">
<span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="color:#333333;text-decoration:none">Senior
 Compliance & Policy Manager, Donuts Inc.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;text-decoration:none">
</span></a></span><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
<div style="margin-top:7.5pt;margin-bottom:7.5pt">
<p class="MsoNormal" align="center" style="text-align:center"><span class="MsoHyperlink"><span style="text-decoration:none"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none"><o:p></o:p></span></a></span></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span class="MsoHyperlink"><span style="text-decoration:none"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">
<hr size="2" width="100%" align="center">
</span></a></span></span></div>
<p class="MsoNormal" align="center" style="text-align:center"><o:p> </o:p></p>
<p class="MsoNormal" align="center" style="text-align:center"><o:p> </o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:7.5pt;margin-right:0in;margin-bottom:7.5pt;margin-left:0in">
<span style="font-size:8.5pt;font-family:"Arial",sans-serif;color:#333333"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="color:#333333;text-decoration:none">The
 Victorians, </span></a></span><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:7.5pt;margin-right:0in;margin-bottom:7.5pt;margin-left:0in">
<span style="font-size:8.5pt;font-family:"Arial",sans-serif;color:#333333"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="color:#333333;text-decoration:none">15-18
 Earlsfort Terrace<br>
Dublin 2, County Dublin</span><span style="font-size:9.0pt;font-family:"Open Sans";color:#D6D6D6;text-decoration:none"><br>
</span><span style="color:#333333;text-decoration:none">Ireland</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;text-decoration:none"><br>
<br>
    </span></a></span><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Cambria",serif"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Please
 NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited
 and may be unlawful.  If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.</span></a></span><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">On
 Fri, Feb 1, 2019 at 12:57 AM Alex Deacon <</span>alex@colevalleyconsulting.com<span style="text-decoration:none">> wrote:</span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">All, </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Our
 review of ICANN's input on Temp Spec topics that were not covered by the Initial Report reminded me that we had at one point discussed ensuring that the current Temp Spec language on how Privacy/Proxy data should be handled (Appendix A 2.6) should added as
 a recommendation.   Something along the lines of - </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<blockquote style="margin-left:30.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Recommendation
 XX</span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">In
 the case of a domain name registration where a privacy/proxy service used (e.g. where data associated with a natural person is masked), Registrar MUST include in the public WHOIS and return in response to any query full WHOIS data, including the existing privacy/proxy
 pseudonymized email.</span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
</blockquote>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">There
 are two reasons why this is useful, IMO.  </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">First,
 given the time and effort needed to properly process "reasonable disclosure" requests by Registrars it seems useful to avoid a situation where non-public data is quickly found to be P/P service data.    Avoiding this situation and simply including P/P data
 in the the initial response would make life better for all involved.  </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Second,
 there is no need to redact information that is already "redacted" (by definition) by the P/P service.  Also, given P/P services list the information of a legal person (in the case of a registrar affiliated service provider) in the place of the RNH's info it
 seems further redaction is unnecessary.  </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Happy
 to discuss further on a future call.  </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Thanks. </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Alex</span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none"><br>
</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;text-decoration:none"> </span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">___________</span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
<div>
<p class="MsoNormal"><b><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Alex
 Deacon</span></a></b><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">Cole
 Valley Consulting</span></a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank">alex@colevalleyconsulting.com</a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><span class="gmail-m8650610901850170273gmail-m8537874273839167647gc-cs-link"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">+1.415.488.6009</span></a></span><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><a href="https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdonuts.domains&data=02%7C01%7Cmarksv%40microsoft.com%7Ccd7ec2e952744fc76eb608d68948bdc7%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636847342852603079&sdata=QwaxAMupO7ehwbSmN9I%2FFKwgNNr%2FP0th2kuQW6EHb9U%3D&reserved=0" target="_blank"><span style="text-decoration:none">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
</span>Gnso-epdp-team@icann.org<span style="text-decoration:none"><br>
</span>https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><span class="MsoHyperlink"><span style="text-decoration:none"><o:p></o:p></span></span></p>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>