<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Margie,</p>
<p>the risk of the poor registrant losing his domain name due to
inaccurate whois data is actually entirely of ICANNs making as
contracted parties certainly do not need this data set for the
purposes of maintaining the registration. We have account data for
that. The only reason whois inaccuracies can cause a registrant to
lose his domain is ICANN policies and contractual obligations
regarding failures to update inaccurate data and registrars opting
for deletion instead of deactivation (do such registrars still
exist?).</p>
<p>For all other purposes reasonable steps are already being taken,
as I explained in my previous mail.</p>
<p>Best,</p>
<p>Volker<br>
</p>
<div class="moz-cite-prefix">Am 29.05.2019 um 18:38 schrieb Margie
Milam:<br>
</div>
<blockquote type="cite"
cite="mid:2E998363-4830-436C-A8D9-C90B91B2EF26@fb.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;}
span.EmailStyle28
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Chris and
all –<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">To answer
your question, the legal advice provided by Bird & Bird
on accuracy addresses this issue and notes that there is a
positive obligation on the controller to ensure the data is
accurate depending on the circumstances and the consequences
of processing inaccurate data. It also notes that a
controller may have to get independent confirmation where
the impact is particularly significant. In addition, the
issue of data accuracy as part of a GDPR compliant system
was also raised by the European Commission in its recent
comments to the Board.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">In the case
of domain names, the consequence of inaccurate data affects
not just the registrant (who could lose its domain name),
but those that may be trying to resolve technical issues,
cyber-crime or consumer protection issues. We also have
numerous studies conducted by ICANN over the last decade
that show unacceptable levels of accuracy in the WHOIS
system. This is why the question of accuracy was pushed to
Phase 2 in our Phase 1 Final Report so that we could explore
these issues further. See Footnote 6 where it says: </span><i><span
style="font-size:11.0pt">The topic of accuracy as related
to GDPR compliance is expected to be considered further as
well as the WHOIS Accuracy Reporting System.<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">All the
best,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Margie<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span
style="color:black">Gnso-epdp-team
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-team-bounces@icann.org"><gnso-epdp-team-bounces@icann.org></a> on behalf of
Chris Disspain <a class="moz-txt-link-rfc2396E" href="mailto:chris.disspain@board.icann.org"><chris.disspain@board.icann.org></a><br>
<b>Date: </b>Tuesday, May 28, 2019 at 9:48 AM<br>
<b>To: </b><a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-team@icann.org">"gnso-epdp-team@icann.org"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-team@icann.org"><gnso-epdp-team@icann.org></a><br>
<b>Subject: </b>Re: [Gnso-epdp-team] For your review -
Clarifying Legal Questions Table<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal">Greetings All, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I’m a little confused by this discussion.
Apologies in advance if the below is wrong or naive or has
been covered before.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I don’t understand the connection between
accuracy and GDPR. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The regulations govern a registrars right
to collect the data and what they can do with it. Assuming
they have that right under GDPR, the registrants obligation
to provide them with *accurate* data is not governed by GDPR
but rather the contractual relationship between registrar
and registrant and the registrar is entitled to require
accurate information from the registrant pursuant to that.
The registrar can also require the updating of changed
information and/or proactively seek re-confirmation of
accuracy. And ICANN, in its contract with a registrar, can
require that registrar to require the registrant to provide
accurate information. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Other than
governing the right to collect the information (and what can
be done with it) does GDPR have some other role that I’m
missing?<o:p></o:p></p>
<div id="AppleMailSignature">
<div>
<p class="MsoNormal">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Chris<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On 28 May 2019, at 17:23, Volker Greimann <<a
href="mailto:vgreimann@key-systems.net"
moz-do-not-send="true">vgreimann@key-systems.net</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p>Didn't we have (and settle) the same argument about six
months ago?<o:p></o:p></p>
<p>This principle is a protection of the data subject.
When we create personal data from the data provided to
us by the data subject or a third party, we must ensure
we store it accurately and our processing does not
falsify it.
<o:p></o:p></p>
<p>As such, the contractual provision that the data
subject must provide to us accurate data (and keep uit
updated when it changes) and the confirmation of the
accuracy by the data subject is sufficient for our
purposes and therefore reasonable in accordance with
this principle. <o:p></o:p></p>
<p>The principles protect the data subject, not third
parties.<o:p></o:p></p>
<p>Can we now please stop going over old settled issues?<o:p></o:p></p>
<p>Volker<o:p></o:p></p>
<div>
<p class="MsoNormal">Am 28.05.2019 um 18:06 schrieb Greg
Aaron:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt">Milton,
no, the word “accuracy” does not appear only in GDPR
Article 18. It appears most prominently in Article
5, which says:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Art.
5 GDPR Principles relating to processing of personal
data</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">"1.
Personal data shall be: ... (d) accurate and, where
necessary, kept up to date; every reasonable step
must be taken to ensure that personal data that are
inaccurate, having regard to the purposes for which
they are processed, are erased or rectified without
delay (‘accuracy’);…</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#333333;background:white">2.
The controller shall be responsible for, and be able
to demonstrate compliance with, paragraph 1
(‘accountability’).”</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">There
has been discussion in legal and GDPR compliance
communities that the above means all of these:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">a)
Controllers have some responsibilities to take
positive steps to ensure data collected from
subjects is accurate.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">b)
Organizations must allow data subjects to rectify
inaccuracies. (Your point.)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">c)
The data controller must carefully consider any
challenges to the accuracy of information – no
matter where that challenge comes from.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">d)
Organizations must identify essential steps to erase
or rectify inaccurate data without delay. And,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">e)
Within some limits, the parties to a Date Sharing
Agreement are free to agree on terms and conditions
applicable to their sharing of data – for example
specific obligations and warranties about the
accuracy and completeness of data.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">How
far the above extend, and how they apply to RDS
data, is a Phase 2 subject for exploration.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">GDPR
certainly discourages the submission or maintenance
of data that is incorrect or misleading. And
Article 5 seems to mean more than “trust implicitly
whatever the data subject says, and correct the data
only if the data subject itself requests.” The
GDPR may contain some balancing mechanisms here, and
proportionality is a general principle of EU law.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">So,
given all that, and because there’s not a common
understanding within our group, these issues are
definitely good ones to ask Bird & Bird about.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">All
best,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">--Greg</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team
<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true"><gnso-epdp-team-bounces@icann.org></a>
<b>On Behalf Of </b>Mueller, Milton L<br>
<b>Sent:</b> Saturday, May 25, 2019 9:18 AM<br>
<b>To:</b> <a
href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a>;
<a href="mailto:caitlin.tubergen@icann.org"
moz-do-not-send="true">caitlin.tubergen@icann.org</a><br>
<b>Cc:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For your
review - Clarifying Legal Questions Table</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">Dear Georgios
and colleagues:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">I think the
questions related to accuracy below are not worth
sending to the lawyers.
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">They are
based on a fundamental misconception, one which we
have identified many times. Accuracy in GDPR and
other data protection law is a right _<i>of the data
subject</i>_, not a right of third parties to
accurate data about the data subject. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">To prove
this, beyond a shadow of the doubt, let me note that
the word “accuracy” appears in GDPR in only two
places, in Art 18. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">Article 18,
Right to restriction of processing:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">-----------------------------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F4E79;background:white">“The
data subject shall have the right to obtain from the
controller restriction of processing where one of
the following applies: the </span><span
style="font-size:11.0pt;color:#1F4E79;border:none
windowtext 1.0pt;padding:0in;background:#FAF5E1">accuracy</span><span
style="font-size:11.0pt;color:#1F4E79;background:white"> of the personal
data is contested by the data subject, for a period
enabling the controller to verify the </span><span
style="font-size:11.0pt;color:#1F4E79;border:none
windowtext 1.0pt;padding:0in;background:#FAF5E1">accuracy</span><span
style="font-size:11.0pt;color:#1F4E79;background:white"> of the personal
data;” </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">So data
subjects can contest the accuracy of data about
them, or require controllers to verify its accuracy.
There is NO OTHER reference to accuracy in the
entire GDPR.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">Georgios’s
questions are based on the assumption that third
parties have a right to accurate contact data about
the data subject. That assumption was embedded in
the old Whois and pre-GDPR Whois accuracy policies,
all of which were predicated on indiscriminate
publication of the contact data to any and all third
parties. That regime is gone. And it’s recognized
even by the most militant pro-surveillance interests
that such indiscriminate disclosure is illegal. </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">Likewise,
Georgios asks about liability under Article 82 of
GDPR. Again all we need to do is actually read Art
82 to find the answer:
</span><o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline"><span
style="font-size:11.0pt;color:#1F497D">Article 82
says “</span><span
style="font-size:11.0pt;color:#1F4E79">Any person
who has suffered material or non-material damage as
a result of an infringement of this Regulation shall
have the right to receive compensation from the
controller or processor for the damage suffered.” So
this is a right of PERSONS (data subjects) to
compensation based on illegal acts of controllers
and processors of THEIR data. It is not a right of
third parties to accurate information about the data
subject, and it certainly creates no liability for
controllers or processors for the inaccuracy of the
registrants’ data.
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">Dr. Milton L
Mueller</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">Georgia
Institute of Technology</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D">School of
Public Policy</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team <<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b><a
href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a><br>
<b>Sent:</b> Friday, May 24, 2019 7:02 PM<br>
<b>To:</b> <a
href="mailto:caitlin.tubergen@icann.org"
moz-do-not-send="true">caitlin.tubergen@icann.org</a><br>
<b>Cc:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For your
review - Clarifying Legal Questions Table</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">Dear
Caitlin, colleagues,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">Please
find below questions on the topics of the legal
memos from the GAC:</span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:#1F497D"
lang="EN-GB">Accuracy</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
If current verification statistics provide that a
large number of data is inaccurate isn't that a
metric to deduce that the accuracy principle is not
served in a reasonable manner as demanded by the
GDPR?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
According to the GDPR all personal data are
processed based on the principle that they are
necessary for the purpose for which they are
collected. If those data are necessary, how can the
purpose be served while the data are inaccurate? </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
Can you provide an analysis on the third-parties
mentioned in para 19 on which "ICANN and the
relevant parties may rely on to confirm the accuracy
of personal data if it is reasonable to do so"? Do
they become in such a scenario data processors? </span>
<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
How does the accuracy principle in connection to the
parties' liability has to be understood in light of
the accountability principle of the GDPR? What are
the responsibilities of ICANN and the contracted
parties (who are subject to the GDPR) under Chapter
IV pf the GDPR? If the contracted parties (as data
controllers) engage third entities as processors
(e.g. to provide data back-up services), what are
the responsibilities of these entities? What does
this mean in terms of liabilities (in light of Art.
82 GDPR)?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
While in the first place it is up to the registrants
to provide accurate details about themselves and it
is up to the registrants not to mistakenly identify
themselves as natural or legal persons, the Memo on
"Natural vs Legal persons" provides interesting
ideas/suggestions for the contracted parties to
proactively ensuring the reliability of information
provided, including through measures to
independently verify the data. Could similar
mechanisms be identified also for ensuring the
reliability of the contact details of the
registrant? Can best practices be drawn from the
ccTLD?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:#1F497D"
lang="EN-GB">Natural or non-natural persons</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
How is the (inaccurate or accurate) designation by
the registrant about her status as non-natural
person considered personal data information? If it's
not is the analysis about whether the accuracy
principle applies relevant?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
How would the analysis provided take into account
the possibility for registrants who are natural
persons to "opt-in" for a full publication of their
personal data? Indeed it might be the case that some
of these registrants might wish to ensure their
details are available on WHOIS.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:#1F497D"
lang="EN-GB">Technical contact
</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">Most
of the issue for not allowing this seems to be
around the inability to verify if the RNH has
obtained consent from the technical contact. When
the CP's verify the email address could consent also
be confirmed for the term of the registration? </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;color:#1F497D"
lang="EN-GB">General question:</span></b><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">.
How could anonymisatio/pseudonymisation techniques
be of help in complying with the GDPR while also
allowing for additional disclosure of certain data
elements? E.g. use of anonymised/pseudonymised
emails and names, in particular in the context of
registrations by legal persons.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">Apologies
again for the delay of our submission.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB">Georgios
Tselentis (GAC-EPDP)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;color:#1F497D" lang="EN-GB"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team <<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Caitlin Tubergen<br>
<b>Sent:</b> Wednesday, May 22, 2019 5:22 PM<br>
<b>To:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> [Gnso-epdp-team] For your review
- Clarifying Legal Questions Table</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><span
lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Dear EPDP Team,</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Following up on an action
item from our last meeting, please find attached a
table which organizes the clarifying legal questions
received to date. We will discuss the table during
our next meeting.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Please note that the
deadline for submitting additional clarifying
questions is before 14:00 UTC on Thursday, 23 May.
If additional questions come in before the deadline,
we will update the table accordingly.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Thank you.</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Best regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Marika, Berry, and Caitlin</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gnso-epdp-team mailing list<o:p></o:p></pre>
<pre><a href="mailto:Gnso-epdp-team@icann.org" moz-do-not-send="true">Gnso-epdp-team@icann.org</a><o:p></o:p></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=KsnUZFZN_ds3hfDU81KaQh1PouUijCAV1NUDwpIOsAg&e=" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=FwUQq5l0Y2FAOewYgUPeC3ZpkOkUcsYGbDQDGdrn51g&e=" moz-do-not-send="true">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=DIqsoPEEZERBjh2YW7dICqGWkBj7ALzyba1voyOPzMk&e=" moz-do-not-send="true">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong><span
style="font-family:"Calibri",sans-serif">KEY-SYSTEMS
GMBH</span></strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=hwQnHWrq0qIdx6kVhoowbCd4SZ1nSrXYOX7R9KBc0JM&e="
moz-do-not-send="true">
www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the
local court of Saarbruecken, Germany with the
registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a
company registered in England and Wales with company
number 8576358.<o:p></o:p></span></p>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org"
moz-do-not-send="true">Gnso-epdp-team@icann.org</a><br>
<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=KsnUZFZN_ds3hfDU81KaQh1PouUijCAV1NUDwpIOsAg&e="
moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the
processing of your personal data for purposes of
subscribing to this mailing list accordance with the
ICANN Privacy Policy (<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=FwUQq5l0Y2FAOewYgUPeC3ZpkOkUcsYGbDQDGdrn51g&e="
moz-do-not-send="true">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=DIqsoPEEZERBjh2YW7dICqGWkBj7ALzyba1voyOPzMk&e="
moz-do-not-send="true">https://www.icann.org/privacy/tos</a>).
You can visit the Mailman link above to change your
membership status or configuration, including
unsubscribing, setting digest-style delivery or
disabling delivery altogether (e.g., for a vacation),
and so on.<o:p></o:p></span></p>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>