<html><head></head><body><div style="font-family: 'Verdana', 'Verdana'; font-size: 10pt; color: rgba(102, 102, 102, 1.0);"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Volker,<div class=""><br class=""></div><div class="">Thanks for such a quick response commenting on the letter. </div><div class=""><br class=""></div><div class="">I do not agree that the selected quotes that you have used lead to the conclusion that the EC ‘basically support’ a view that you propound.</div><div class=""><br class=""></div><div class="">In addition and speaking personally, I think:</div><div class=""><br class=""></div><div class="">…."<font face="Times New Roman" size="3" class="">we have constantly urged ICANN and the community to develop a </font><b style="font-family: "Times New Roman"; font-size: 12pt;" class="">unified
access model </b><font face="Times New Roman" size="3" class="">that applies to all registries and registrars and provides a stable, predictable,
and workable method for accessing non-public gTLD registration data for users with a
legitimate interest or other legal basis as provided for in the General Data Protection
Regulation (GDPR). The European Commission considers this to be both </font><b style="font-family: "Times New Roman"; font-size: 12pt;" class="">vital and
urgent,</b><font face="Times New Roman" size="3" class=""> and we urge ICANN and the community to develop and implement a pragmatic
and workable access model in the shortest timeframe possible, to which we will
contribute actively.”…..</font></div><div class=""><br class=""></div><div class="">….clearly shows that the EC supports a UAM which by definition means that the concept of a UAM is perfectly acceptable under GDPR.</div><div class=""><br class=""></div><div class="">I think:</div><div class=""><br class=""></div><div class="">…."<span style="font-size: 12pt; font-family: "Times New Roman";" class="">As the Commission already noted, <b class="">the current situation</b> where access to non-public
registration data for public policy objectives is left at the discretion of registries and
registrars <b class="">affects the EU </b></span><span style="font-size: 12pt; font-family: "Times New Roman";" class=""><b class="">Member States authorities’ ability to obtain legitimate access to
</b></span><span style="font-size: 12pt; font-family: "Times New Roman";" class=""><b class="">non-public registration data </b>necessary to enforce the law online, including in relation to
the fight against cybercrime. </span><font face="Times New Roman" size="3" class="">The need to ensure effective and secure treatment of third
party access requests requires therefore ICANN and the community developing a <b class="">unified</b>
method for accessing non-public gTLD registration data.”…..</font></div>
<div class=""></div><div class=""><br class=""></div><div class="">….clearly demonstrates that the EC is unhappy with the status quo and that in their view a UAM is essential.</div><div class=""><br class=""></div><div class="">and I think:</div><div class=""><br class=""></div><div class="">…."<span style="font-family: "Times New Roman"; font-size: 12pt;" class="">Accordingly, we consider that a clear distinction needs to be made between ICANN's
own purposes for processing personal data and the purposes pursued by the third parties
in accessing the data. </span><span style="font-size: 12pt; font-family: "Times New Roman";" class="">For this reason, we would recommend revising the formulation of
purpose two by excluding the second part of the purpose "</span><span style="font-size: 12pt; font-family: "Times New Roman,Italic";" class="">through enabling responses to
lawful data disclosure requests" </span><span style="font-size: 12pt; font-family: "Times New Roman";" class="">and <b class="">maintaining a broader purpose</b> to </span><span style="font-size: 12pt; font-family: "Times New Roman,Italic";" class="">"contribute to the
maintenance of the security, stability, and resiliency of the Domain Name System in
accordance with ICANN's mission"</span><span style="font-size: 12pt; font-family: "Times New Roman";" class="">, which is at the core of the role of ICANN as the
</span><span style="font-size: 12pt; font-family: "Times New Roman";" class="">“guardian” of the D</span><span style="font-size: 12pt; font-family: "Times New Roman";" class="">omain Name System.</span></div>
<div class="page" title="Page 2">
<div class="layoutArea">
<div class="column"><p class="">…..means that the EC’s view is that attempts to narrow ICANN’s purpose are counter-productive and the current wording needs to be revisited.</p></div></div></div><div class=""><br class=""></div><div class=""><span style="color: rgb(148, 67, 251);" class=""><br class=""></span></div><div class=""><span style="color: rgb(148, 67, 251);" class="">Cheers,</span><br class=""><div class=""><span id="um_signature_marker_begin" class=""><div style="font-family: 'Verdana', 'Verdana'; font-size: 10pt; color: rgba(102, 102, 102, 1.0);" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="font-family: Verdana, Verdana; font-size: 10pt; color: rgb(102, 102, 102);" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><p class="p3" style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; font-size: 13px; line-height: normal; font-family: Verdana; color: rgb(148, 67, 251); min-height: 16px; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br class=""></p><p class="p2" style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; font-size: 13px; line-height: normal; font-family: Verdana; color: rgb(148, 67, 251); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;">CD</p></div></div></div></div></div>
<span id="um_signature_marker_end" class=""></span></span></div>
<div><br class=""><blockquote type="cite" class=""><div class="">On 3 May 2019, at 15:29, Volker Greimann <<a href="mailto:vgreimann@key-Systems.net" class="">vgreimann@key-Systems.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class="">Thank you Chris for forwarding this. <br class="">
</p><p class="">As expected, the response is very helpful in providing further
clarity in how future disclosure models should work and it is also
very helpful that they provided a quick response just in time to
the tstart of our deliberations. <br class="">
</p><p class="">By stating that access should be enabled "<i class=""><u class="">upon request </u>(...)
<u class="">showing a legitimate interest</u>, provided both the
controller (...) and the third party <u class="">have a legal basis </u>for
such processing (...)" </i>they basically support a point many
participants of Phase 1 have been making all along in this debate:</p><p class=""><u class="">Disclosure can only work on a per-request basis and each such
request must show both the legitimate interest for the
disclosure and the legal basis for the processing activity
requested for all parties involved in the disclosure.</u></p><p class="">This explicitly excludes any concepts of "all-access" models
where a requester need only acquire some form of certification or
accreditation prior to being restored to the access to the whois
of yore. I therefore propose that we abandon these concepts at the
start of our deliberations to avoid wasting time on ultimately
futile debates. <br class="">
</p><p class="">Another shortcut we could use to save time is to initially focus
our discussions of the UDM (Unified Disclosure Model) by looking
exclusively at those parties with the best legal basis for
disclosure: national law enforcement agencies and other public
authorities in the same jurisdiction as the data controller. Once
we have a model for these parties, the rest can follow from there.
Obviously, the disclosure methods these parties have legal rights
to (that turn into legal obligations for the data compliance)
would vary on the legal bases of their appropriate jurisdictions
and that is ultimately something that we would need to ask the
individual GAC members to provide for example. <br class="">
</p><p class="">For example, we could start out by asking a GAC members to
provide data on how individual law enforcement bodies and public
authorities have to go about in their specific jurisdiction with
obtaining data from comparable data controllers, like telephone
companies, internet access providers or hosting providers. Are
there special processes that entities would need to follow? If so,
could our model be based on these processes for these
jurisdictions? If, for example, a local police has to obtain a
court warrant or subpoena to demand disclosure personal data held
by a webhoster, is that not also sufficiently equivalent to a
demand towards a contracted party? This does mean we would have to
vary our model by jurisdiction, but ultimately it seems to be the
most legally sound way to operate. This is also supported by the
letter, which states: "<i class="">Instead, they need to rely on another
legal basis, which is normally provided for in national law.</i>"
It is the job of the GAC to tell us what this legal basis is in
each instance and it is our job to reflect this basis in our model
for access of the entities so entitled.<br class="">
</p><p class="">Best regards,</p><p class="">Volker Greimann<br class="">
</p><p class=""><br class="">
</p>
<div class="moz-cite-prefix">Am 03.05.2019 um 13:10 schrieb Chris
Disspain:<br class="">
</div>
<blockquote type="cite" cite="mid:73F2C0D3-F5EC-42D2-BA2D-4897F8FE6BCB@disspain.uk" class="">
<meta http-equiv="content-type" content="text/html; charset=UTF-8" class="">
<div style="font-family: 'Verdana', 'Verdana'; font-size: 10pt;
color: rgba(102, 102, 102, 1.0);" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">Hello All,
<div class=""><br class="">
</div>
<div class="">As you will know, on 26 April Göran Marby wrote
to the European Commission seeking additional information
regarding their comments of 17 April. That letter is
attached for ease of reference. </div>
<div class=""><br class="">
</div>
<div class="">A response has now been received from the
Commission and I attach that for your information. <br class="">
<div class=""><span id="um_signature_marker_begin" class="">
<div style="font-family: 'Verdana', 'Verdana';
font-size: 10pt; color: rgba(102, 102, 102, 1.0);" class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">
<div class="">
<div style="font-family: Verdana, Verdana;
font-size: 10pt; color: rgb(102, 102, 102);" class="">
<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">
<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; font-size: 12px; line-height: normal; font-family: Helvetica; min-height: 14px; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class="Apple-interchange-newline">
<br class="">
</div><div style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; font-size: 13px; line-height: normal; font-family: Verdana; color: rgb(148, 67, 251); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Cheers,</div><div style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; font-size: 13px; line-height: normal; font-family: Verdana; color: rgb(148, 67, 251); min-height: 16px; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class="">
</div><div style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-variant-east-asian: normal; font-variant-position: normal; font-weight: normal; font-size: 13px; line-height: normal; font-family: Verdana; color: rgb(148, 67, 251); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">CD</div>
</div>
</div>
</div>
</div>
</div>
</div>
</span></div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
</div>
</div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a></pre>
</blockquote>
<div class="moz-signature">-- <br class="">
Volker A. Greimann<br class="">
General Counsel and Policy Manager<br class="">
<strong style="border-bottom: 3px solid #5C46B5" class="">KEY-SYSTEMS GMBH</strong><br class="">
<br class="">
T: +49 6894 9396901<br class="">
M: +49 6894 9396851<br class="">
F: +49 6894 9396851<br class="">
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net/">www.key-systems.net</a><br class="">
<br class="">
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br class="">
CEO: Alexander Siffrin<br class="">
<br class="">
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</div>
_______________________________________________<br class="">Gnso-epdp-team mailing list<br class=""><a href="mailto:Gnso-epdp-team@icann.org" class="">Gnso-epdp-team@icann.org</a><br class="">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</div></blockquote></div><br class=""></div></div></div></body></html>