<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Thank you Chris for forwarding this. <br>
</p>
<p>As expected, the response is very helpful in providing further
clarity in how future disclosure models should work and it is also
very helpful that they provided a quick response just in time to
the tstart of our deliberations. <br>
</p>
<p>By stating that access should be enabled "<i><u>upon request </u>(...)
<u>showing a legitimate interest</u>, provided both the
controller (...) and the third party <u>have a legal basis </u>for
such processing (...)" </i>they basically support a point many
participants of Phase 1 have been making all along in this debate:</p>
<p><u>Disclosure can only work on a per-request basis and each such
request must show both the legitimate interest for the
disclosure and the legal basis for the processing activity
requested for all parties involved in the disclosure.</u></p>
<p>This explicitly excludes any concepts of "all-access" models
where a requester need only acquire some form of certification or
accreditation prior to being restored to the access to the whois
of yore. I therefore propose that we abandon these concepts at the
start of our deliberations to avoid wasting time on ultimately
futile debates. <br>
</p>
<p>Another shortcut we could use to save time is to initially focus
our discussions of the UDM (Unified Disclosure Model) by looking
exclusively at those parties with the best legal basis for
disclosure: national law enforcement agencies and other public
authorities in the same jurisdiction as the data controller. Once
we have a model for these parties, the rest can follow from there.
Obviously, the disclosure methods these parties have legal rights
to (that turn into legal obligations for the data compliance)
would vary on the legal bases of their appropriate jurisdictions
and that is ultimately something that we would need to ask the
individual GAC members to provide for example. <br>
</p>
<p>For example, we could start out by asking a GAC members to
provide data on how individual law enforcement bodies and public
authorities have to go about in their specific jurisdiction with
obtaining data from comparable data controllers, like telephone
companies, internet access providers or hosting providers. Are
there special processes that entities would need to follow? If so,
could our model be based on these processes for these
jurisdictions? If, for example, a local police has to obtain a
court warrant or subpoena to demand disclosure personal data held
by a webhoster, is that not also sufficiently equivalent to a
demand towards a contracted party? This does mean we would have to
vary our model by jurisdiction, but ultimately it seems to be the
most legally sound way to operate. This is also supported by the
letter, which states: "<i>Instead, they need to rely on another
legal basis, which is normally provided for in national law.</i>"
It is the job of the GAC to tell us what this legal basis is in
each instance and it is our job to reflect this basis in our model
for access of the entities so entitled.<br>
</p>
<p>Best regards,</p>
<p>Volker Greimann<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Am 03.05.2019 um 13:10 schrieb Chris
Disspain:<br>
</div>
<blockquote type="cite"
cite="mid:73F2C0D3-F5EC-42D2-BA2D-4897F8FE6BCB@disspain.uk">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div style="font-family: 'Verdana', 'Verdana'; font-size: 10pt;
color: rgba(102, 102, 102, 1.0);">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">Hello All,
<div class=""><br class="">
</div>
<div class="">As you will know, on 26 April Göran Marby wrote
to the European Commission seeking additional information
regarding their comments of 17 April. That letter is
attached for ease of reference. </div>
<div class=""><br class="">
</div>
<div class="">A response has now been received from the
Commission and I attach that for your information. <br
class="">
<div class=""><span id="um_signature_marker_begin" class="">
<div style="font-family: 'Verdana', 'Verdana';
font-size: 10pt; color: rgba(102, 102, 102, 1.0);"
class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0);
color: rgb(0, 0, 0); letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows:
auto; word-spacing: 0px; -webkit-text-size-adjust:
auto; -webkit-text-stroke-width: 0px;
text-decoration: none; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div class="">
<div style="font-family: Verdana, Verdana;
font-size: 10pt; color: rgb(102, 102, 102);"
class="">
<div style="color: rgb(0, 0, 0); letter-spacing:
normal; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width:
0px; word-wrap: break-word; -webkit-nbsp-mode:
space; line-break: after-white-space;"
class="">
<div style="color: rgb(0, 0, 0);
letter-spacing: normal; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<p class="p1" style="margin: 0px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-caps: normal;
font-variant-east-asian: normal;
font-variant-position: normal;
font-weight: normal; font-size: 12px;
line-height: normal; font-family:
Helvetica; min-height: 14px; color: rgb(0,
0, 0); letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform:
none; white-space: normal; word-spacing:
0px; -webkit-text-stroke-width: 0px;"><br
class="Apple-interchange-newline">
<br class="">
</p>
<p class="p2" style="margin: 0px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-caps: normal;
font-variant-east-asian: normal;
font-variant-position: normal;
font-weight: normal; font-size: 13px;
line-height: normal; font-family: Verdana;
color: rgb(148, 67, 251); letter-spacing:
normal; text-align: start; text-indent:
0px; text-transform: none; white-space:
normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px;">Cheers,</p>
<p class="p3" style="margin: 0px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-caps: normal;
font-variant-east-asian: normal;
font-variant-position: normal;
font-weight: normal; font-size: 13px;
line-height: normal; font-family: Verdana;
color: rgb(148, 67, 251); min-height:
16px; letter-spacing: normal; text-align:
start; text-indent: 0px; text-transform:
none; white-space: normal; word-spacing:
0px; -webkit-text-stroke-width: 0px;"><br
class="">
</p>
<p class="p2" style="margin: 0px;
font-style: normal;
font-variant-ligatures: normal;
font-variant-caps: normal;
font-variant-east-asian: normal;
font-variant-position: normal;
font-weight: normal; font-size: 13px;
line-height: normal; font-family: Verdana;
color: rgb(148, 67, 251); letter-spacing:
normal; text-align: start; text-indent:
0px; text-transform: none; white-space:
normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px;">CD</p>
</div>
</div>
</div>
</div>
</div>
</div>
</span></div>
<div class=""><br class="">
</div>
<div><br class="">
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a></pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>