<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Brian,</p>
<p>this is actually a funny argument you are trying to make here.
You are essentially saying registrants are getting their rights
violated by themselves, since they are the ones providing the data
in the first place. I would be very intrigued to see how the data
subject feeling violated this way would make this argument in
court.</p>
<p>The only correct way to understand this right to accuracy is that
it relates to the right of correction, which means that the
processor is not entitled to change the data, must store the data
provided correctly and update it if necessary or requested by the
data subject. <br>
</p>
<p>It is not the role of the processor or controller under the GDPR
to tell the data subject to correct the data they themselves
provided. If anything, such a requirement may be a business
consideration, but it is not something flowing out of the GDPR. <br>
</p>
<p>Best,</p>
<p>Volker<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Am 31.05.2019 um 01:19 schrieb King,
Brian via Gnso-epdp-team:<br>
</div>
<blockquote type="cite"
cite="mid:BN6PR10MB19851AEACC5DBD346483CBF89F180@BN6PR10MB1985.namprd10.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;
color:black;}
p.xmsonormal0, li.xmsonormal0, div.xmsonormal0
{mso-style-name:x_msonormal0;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
{mso-style-name:x_msochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
span.xmsohyperlink
{mso-style-name:x_msohyperlink;
color:#0563C1;
text-decoration:underline;}
span.xmsohyperlinkfollowed
{mso-style-name:x_msohyperlinkfollowed;
color:#954F72;
text-decoration:underline;}
span.xhtmlpreformattedchar
{mso-style-name:x_htmlpreformattedchar;
font-family:Consolas;}
span.xemailstyle21
{mso-style-name:x_emailstyle21;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.xemailstyle22
{mso-style-name:x_emailstyle22;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle23
{mso-style-name:x_emailstyle23;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle24
{mso-style-name:x_emailstyle24;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.xemailstyle25
{mso-style-name:x_emailstyle25;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.xemailstyle26
{mso-style-name:x_emailstyle26;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.xemailstyle27
{mso-style-name:x_emailstyle27;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.xemailstyle28
{mso-style-name:x_emailstyle28;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle30
{mso-style-name:x_emailstyle30;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle38
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1770004814;
mso-list-type:hybrid;
mso-list-template-ids:1099930 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:2081904012;
mso-list-type:hybrid;
mso-list-template-ids:-292266242 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:1.25in;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:2.75in;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
margin-left:4.25in;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi all, <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I boil this down to a couple key facts:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">1) Data subjects have a right to data
accuracy under GDPR, and 2) the data analysis shows that
they’re not getting it in today’s registration data system
(56% is a failing score by any measure, and especially in the
context of fundamental rights). So accuracy falls squarely
within the context of this EPDP. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As it pertains to third parties, I suppose
it’s fair to distinguish between a data subject’s _<i>right</i>_
and a third party’s _<i>need</i>_ for accurate data, but
third-party needs are also provided for under GDPR, so the
distinction is irrelevant as to whether they’re in scope for
this EPDP. For example, an EBERO may not have an explicit,
GDPR-given right to registration data, but the EBERO needs
accurate data in order to allocate the domain name to its
rightful owner when a registry implodes. This processing might
be on a 6.1(a),(b),(e), or other basis; regardless, it’s a
GDPR-compliant processing need. A phishing victim may not have
an explicit, GDPR-given right to registration data, but EU
case law is clear that pursuit of a legal claim wins the
6.1(f) test over privacy interests, so the victim has a
GDPR-compliant processing need for accurate data to know who
to name as defendant and where to file the lawsuit. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">So, accuracy and third-party needs are both
in scope. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m happy to answer any questions and/or
work with the legal committee to prioritize any questions to
the Birdies as the EPDP team deems prudent.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;color:#1F497D">Brian J. King</span></b><b><span
style="font-size:10.0pt;color:#1F497D"><o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;color:gray">Director of Internet
Policy & Industry Affairs<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;color:#365F91">MarkMonitor </span>
</b><span style="font-size:10.0pt;color:#505050">/ </span><b><span
style="font-size:10.0pt;color:#FF9100">Part of Clarivate
Analytics
<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;color:#1F497D">Phone: +1 (443)
761-3726<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;color:#1F497D"><a
href="mailto:brian.king@markmonitor.com"
moz-do-not-send="true">brian.king@markmonitor.com</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Gnso-epdp-team
<a class="moz-txt-link-rfc2396E" href="mailto:gnso-epdp-team-bounces@icann.org"><gnso-epdp-team-bounces@icann.org></a>
<b>On Behalf Of </b>Mueller, Milton L<br>
<b>Sent:</b> Thursday, May 30, 2019 1:47 PM<br>
<b>To:</b> Margie Milam <a class="moz-txt-link-rfc2396E" href="mailto:margiemilam@fb.com"><margiemilam@fb.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:Georgios.TSELENTIS@ec.europa.eu">Georgios.TSELENTIS@ec.europa.eu</a>; <a class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For your review -
Clarifying Legal Questions Table<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">Margie<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">Your numbers show a
decline in the accuracy of Whois reg data PRIOR to the
implementation of the temp spec (June 2018 - temp spec
went into effect late May 2018) <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">That's interesting.
So - all that indiscriminate public disclosure and all
those policy measures intended to force registrants upon
pain of death (of their registration) failed to maintain
the desired level of accuracy. Very interesting indeed. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">Did it ever occur to
you that the indiscriminate publication of Whois data
might actually _cause_ much of the inaccuracy, by
undermining the registrant's willingness to provide
accurate data?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">Anyway I do not see
what relevance this has to the EPDP's main project, which
is to make the Whois GDPR compliant. First, the data do
not measure the impact of GDPR compliance.
Second, numerous people on this list have proven, again
and again, that accuracy in GDPR is a data subject's right
not a third party's right. Hence, ICANN policies intended
to make the data accurate for third party demands have
little to do with GDPR compliance.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">Insofar as current
ICANN policy relies on GDPR-violating methods to ensure
accuracy (e.g. publication of all data) those methods must
be modified. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">Insofar as current
ICANN policies designed to ensure accuracy are compliant
with GDPR, then they can and will remain in place until
modified by some other PDP. Ergo, ICANN's accuracy
policies are not relevant to this proceeding. (Sorry,
Georgios)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black">--MM<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>
</div>
<div class="MsoNormal" style="text-align:center" align="center">
<hr width="98%" size="2" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span
style="color:black"> Margie Milam <<a
href="mailto:margiemilam@fb.com" moz-do-not-send="true">margiemilam@fb.com</a>><br>
<b>Sent:</b> Thursday, May 30, 2019 12:46 PM<br>
<b>To:</b> <a
href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a>;
<a href="mailto:vgreimann@key-systems.net"
moz-do-not-send="true">vgreimann@key-systems.net</a>;
Mueller, Milton L<br>
<b>Cc:</b> <a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For your review -
Clarifying Legal Questions Table</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:windowtext">Georgios &
All –</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:windowtext"> </span><o:p></o:p></p>
<p class="xmsonormal"><span style="font-size:11.0pt">Thank
you for the reply. With regard to accuracy – please
note that the latest accuracy report posted by ICANN in
June, 2018 noted a
<b>decline</b> in accuracy rates. It reported that only
<span style="background:white">
56% of domains passed all operability tests, a
decrease from Cycle 5 (63% in Dec 2017). With a 44%
inaccuracy rate – this points to the need for us to
examine whether the current rules/policies
incorporated in the ICANN contracts are robust enough
to produce a GDPR compliant system.</span></span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;background:white"> </span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;background:white">All the best,</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;background:white">Margie</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:windowtext"> </span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:windowtext"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"><b>From: </b>Gnso-epdp-team <<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
on behalf of "<a
href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a>"
<<a href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a>><br>
<b>Date: </b>Thursday, May 30, 2019 at 4:12 AM<br>
<b>To: </b>"<a href="mailto:vgreimann@key-systems.net"
moz-do-not-send="true">vgreimann@key-systems.net</a>"
<<a href="mailto:vgreimann@key-systems.net"
moz-do-not-send="true">vgreimann@key-systems.net</a>>,
"<a href="mailto:milton@gatech.edu"
moz-do-not-send="true">milton@gatech.edu</a>" <<a
href="mailto:milton@gatech.edu" moz-do-not-send="true">milton@gatech.edu</a>><br>
<b>Cc: </b>"<a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a>"
<<a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a>><br>
<b>Subject: </b>Re: [Gnso-epdp-team] For your review -
Clarifying Legal Questions Table<o:p></o:p></p>
</div>
<div>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:windowtext"> </span><o:p></o:p></p>
</div>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:#1F497D">Dear Volker,
Milton, EPDP colleagues,</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:#1F497D">I am reading with
great interest the reactions to the clarification
questions we sent, in particular regarding accuracy. The
mere fact that the community has different
understandings as to what exactly it means in the WHOIS
policy reform under GDPR begs for asking those questions
and not putting the issue (again) under the carpet. We
might come with an outcome that current accuracy
measures are sufficient for WHOIS GDPR compliance, or
that we need more to do. Anyhow at this stage those are
<u>clarification questions</u> not a policy per se so I
would welcome first the legal counsel to provide some
informed opinion before any community jumping to
conclusions.
</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:#1F497D">Best regards,</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:#1F497D">Georgios</span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt;color:windowtext">From:</span></b><span
style="font-size:11.0pt;color:windowtext">
Gnso-epdp-team <<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Volker Greimann<br>
<b>Sent:</b> Wednesday, May 29, 2019 6:54 PM<br>
<b>To:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For your review
- Clarifying Legal Questions Table</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
<p style="margin-left:.5in">Hi Margie,<o:p></o:p></p>
<p style="margin-left:.5in">the risk of the poor registrant
losing his domain name due to inaccurate whois data is
actually entirely of ICANNs making as contracted parties
certainly do not need this data set for the purposes of
maintaining the registration. We have account data for
that. The only reason whois inaccuracies can cause a
registrant to lose his domain is ICANN policies and
contractual obligations regarding failures to update
inaccurate data and registrars opting for deletion instead
of deactivation (do such registrars still exist?).<o:p></o:p></p>
<p style="margin-left:.5in">For all other purposes
reasonable steps are already being taken, as I explained
in my previous mail.<o:p></o:p></p>
<p style="margin-left:.5in">Best,<o:p></o:p></p>
<p style="margin-left:.5in">Volker<o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in">Am
29.05.2019 um 18:38 schrieb Margie Milam:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Hi Chris and all –</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">To answer your question, the
legal advice provided by Bird & Bird on accuracy
addresses this issue and notes that there is a
positive obligation on the controller to ensure the
data is accurate depending on the circumstances and
the consequences of processing inaccurate data. It
also notes that a controller may have to get
independent confirmation where the impact is
particularly significant. In addition, the issue of
data accuracy as part of a GDPR compliant system was
also raised by the European Commission in its recent
comments to the Board.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">In the case of domain names,
the consequence of inaccurate data affects not just
the registrant (who could lose its domain name), but
those that may be trying to resolve technical issues,
cyber-crime or consumer protection issues. We also
have numerous studies conducted by ICANN over the last
decade that show unacceptable levels of accuracy in
the WHOIS system. This is why the question of
accuracy was pushed to Phase 2 in our Phase 1 Final
Report so that we could explore these issues further.
See Footnote 6 where it says: <i>The topic of
accuracy as related to GDPR compliance is expected
to be considered further as well as the WHOIS
Accuracy Reporting System.</i></span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">All the best,</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Margie</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal" style="margin-left:.5in"><b>From:
</b>Gnso-epdp-team <a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">
<gnso-epdp-team-bounces@icann.org></a> on
behalf of Chris Disspain <a
href="mailto:chris.disspain@board.icann.org"
moz-do-not-send="true">
<chris.disspain@board.icann.org></a><br>
<b>Date: </b>Tuesday, May 28, 2019 at 9:48 AM<br>
<b>To: </b><a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">"gnso-epdp-team@icann.org"</a>
<a href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true"><gnso-epdp-team@icann.org></a><br>
<b>Subject: </b>Re: [Gnso-epdp-team] For your review
- Clarifying Legal Questions Table<o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
</div>
<p class="xmsonormal" style="margin-left:.5in">Greetings
All, <o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in">I’m a
little confused by this discussion. Apologies in
advance if the below is wrong or naive or has been
covered before.<o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in">I don’t
understand the connection between accuracy and GDPR. <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in">The
regulations govern a registrars right to collect the
data and what they can do with it. Assuming they have
that right under GDPR, the registrants obligation to
provide them with *accurate* data is not governed by
GDPR but rather the contractual relationship between
registrar and registrant and the registrar is entitled
to require accurate information from the registrant
pursuant to that. The registrar can also require the
updating of changed information and/or proactively
seek re-confirmation of accuracy. And ICANN, in its
contract with a registrar, can require that registrar
to require the registrant to provide accurate
information. <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">Other
than governing the right to collect the information
(and what can be done with it) does GDPR have some
other role that I’m missing?<o:p></o:p></p>
<div id="x_AppleMailSignature">
<div>
<p class="xmsonormal" style="margin-left:.5in">Cheers,<o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
</div>
<div>
<p class="xmsonormal" style="margin-left:.5in">Chris<o:p></o:p></p>
</div>
</div>
<div>
<p class="xmsonormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in"><br>
On 28 May 2019, at 17:23, Volker Greimann <<a
href="mailto:vgreimann@key-systems.net"
moz-do-not-send="true">vgreimann@key-systems.net</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p style="margin-left:.5in">Didn't we have (and
settle) the same argument about six months ago?<o:p></o:p></p>
<p style="margin-left:.5in">This principle is a
protection of the data subject. When we create
personal data from the data provided to us by the
data subject or a third party, we must ensure we
store it accurately and our processing does not
falsify it.
<o:p></o:p></p>
<p style="margin-left:.5in">As such, the contractual
provision that the data subject must provide to us
accurate data (and keep uit updated when it
changes) and the confirmation of the accuracy by
the data subject is sufficient for our purposes
and therefore reasonable in accordance with this
principle. <o:p></o:p></p>
<p style="margin-left:.5in">The principles protect
the data subject, not third parties.<o:p></o:p></p>
<p style="margin-left:.5in">Can we now please stop
going over old settled issues?<o:p></o:p></p>
<p style="margin-left:.5in">Volker<o:p></o:p></p>
<div>
<p class="xmsonormal" style="margin-left:.5in">Am
28.05.2019 um 18:06 schrieb Greg Aaron:<o:p></o:p></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Milton, no, the word
“accuracy” does not appear only in GDPR
Article 18. It appears most prominently in
Article 5, which says:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">Art. 5 GDPR
Principles relating to processing of personal
data</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">"1. Personal data
shall be: ... (d) accurate and, where
necessary, kept up to date; every reasonable
step must be taken to ensure that personal
data that are inaccurate, having regard to the
purposes for which they are processed, are
erased or rectified without delay
(‘accuracy’);…</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#333333;background:white">2. The
controller shall be responsible for, and be
able to demonstrate compliance with, paragraph
1 (‘accountability’).”</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">There has been
discussion in legal and GDPR compliance
communities that the above means all of these:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">a) Controllers have
some responsibilities to take positive steps
to ensure data collected from subjects is
accurate.
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">b) Organizations must
allow data subjects to rectify inaccuracies.
(Your point.)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">c) The data
controller must carefully consider any
challenges to the accuracy of information – no
matter where that challenge comes from.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">d) Organizations must
identify essential steps to erase or rectify
inaccurate data without delay. And,</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">e) Within some
limits, the parties to a Date Sharing
Agreement are free to agree on terms and
conditions applicable to their sharing of data
– for example specific obligations and
warranties about the accuracy and completeness
of data.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">How far the above
extend, and how they apply to RDS data, is a
Phase 2 subject for exploration.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">GDPR certainly
discourages the submission or maintenance of
data that is incorrect or misleading. And
Article 5 seems to mean more than “trust
implicitly whatever the data subject says, and
correct the data only if the data subject
itself requests.” The GDPR may contain some
balancing mechanisms here, and proportionality
is a general principle of EU law.
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">So, given all that,
and because there’s not a common understanding
within our group, these issues are definitely
good ones to ask Bird & Bird about.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">All best,</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">--Greg</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team
<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true"><gnso-epdp-team-bounces@icann.org></a>
<b>On Behalf Of </b>Mueller, Milton L<br>
<b>Sent:</b> Saturday, May 25, 2019 9:18
AM<br>
<b>To:</b> <a
href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a>;
<a
href="mailto:caitlin.tubergen@icann.org"
moz-do-not-send="true">caitlin.tubergen@icann.org</a><br>
<b>Cc:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For
your review - Clarifying Legal Questions
Table</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Dear
Georgios and colleagues:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">I think
the questions related to accuracy below are
not worth sending to the lawyers.
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">They
are based on a fundamental misconception, one
which we have identified many times. Accuracy
in GDPR and other data protection law is a
right _<i>of the data subject</i>_, not a
right of third parties to accurate data about
the data subject. </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">To
prove this, beyond a shadow of the doubt, let
me note that the word “accuracy” appears in
GDPR in only two places, in Art 18. </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Article
18, Right to restriction of processing:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">-----------------------------------------------------------</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F4E79;background:white">“The data
subject shall have the right to obtain from
the controller restriction of processing where
one of the following applies: the </span><span
style="font-size:11.0pt;color:#1F4E79;border:none windowtext
1.0pt;padding:0in;background:#FAF5E1">accuracy</span><span
style="font-size:11.0pt;color:#1F4E79;background:white"> of the personal
data is contested by the data subject, for a
period enabling the controller to verify the </span><span
style="font-size:11.0pt;color:#1F4E79;border:none windowtext
1.0pt;padding:0in;background:#FAF5E1">accuracy</span><span
style="font-size:11.0pt;color:#1F4E79;background:white"> of the personal
data;” </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">So data
subjects can contest the accuracy of data
about them, or require controllers to verify
its accuracy. There is NO OTHER reference to
accuracy in the entire GDPR.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Georgios’s
questions are based on the assumption that
third parties have a right to accurate contact
data about the data subject. That assumption
was embedded in the old Whois and pre-GDPR
Whois accuracy policies, all of which were
predicated on indiscriminate publication of
the contact data to any and all third parties.
That regime is gone. And it’s recognized even
by the most militant pro-surveillance
interests that such indiscriminate disclosure
is illegal. </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Likewise,
Georgios asks about liability under Article 82
of GDPR. Again all we need to do is actually
read Art 82 to find the answer:
</span><o:p></o:p></p>
<p class="xmsonormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in;background:white;vertical-align:baseline"><span
style="font-size:11.0pt;color:#1F497D">Article
82 says “</span><span
style="font-size:11.0pt;color:#1F4E79">Any
person who has suffered material or
non-material damage as a result of an
infringement of this Regulation shall have the
right to receive compensation from the
controller or processor for the damage
suffered.” So this is a right of PERSONS (data
subjects) to compensation based on illegal
acts of controllers and processors of THEIR
data. It is not a right of third parties to
accurate information about the data subject,
and it certainly creates no liability for
controllers or processors for the inaccuracy
of the registrants’ data.
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Dr.
Milton L Mueller</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Georgia
Institute of Technology</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">School
of Public Policy</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team
<<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b><a
href="mailto:Georgios.TSELENTIS@ec.europa.eu"
moz-do-not-send="true">Georgios.TSELENTIS@ec.europa.eu</a><br>
<b>Sent:</b> Friday, May 24, 2019 7:02 PM<br>
<b>To:</b> <a
href="mailto:caitlin.tubergen@icann.org"
moz-do-not-send="true">caitlin.tubergen@icann.org</a><br>
<b>Cc:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] For
your review - Clarifying Legal Questions
Table</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Dear
Caitlin, colleagues,</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Please
find below questions on the topics of the
legal memos from the GAC:</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt;color:#1F497D">Accuracy</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
If current verification statistics provide
that a large number of data is inaccurate
isn't that a metric to deduce that the
accuracy principle is not served in a
reasonable manner as demanded by the GDPR?</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
According to the GDPR all personal data are
processed based on the principle that they are
necessary for the purpose for which they are
collected. If those data are necessary, how
can the purpose be served while the data are
inaccurate? </span>
<o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
Can you provide an analysis on the
third-parties mentioned in para 19 on which
"ICANN and the relevant parties may rely on to
confirm the accuracy of personal data if it is
reasonable to do so"? Do they become in such a
scenario data processors?
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
How does the accuracy principle in connection
to the parties' liability has to be understood
in light of the accountability principle of
the GDPR? What are the responsibilities of
ICANN and the contracted parties (who are
subject to the GDPR) under Chapter IV pf the
GDPR? If the contracted parties (as data
controllers) engage third entities as
processors (e.g. to provide data back-up
services), what are the responsibilities of
these entities? What does this mean in terms
of liabilities (in light of Art. 82 GDPR)?</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
While in the first place it is up to the
registrants to provide accurate details about
themselves and it is up to the registrants not
to mistakenly identify themselves as natural
or legal persons, the Memo on "Natural vs
Legal persons" provides interesting
ideas/suggestions for the contracted parties
to proactively ensuring the reliability of
information provided, including through
measures to independently verify the data.
Could similar mechanisms be identified also
for ensuring the reliability of the contact
details of the registrant? Can best practices
be drawn from the ccTLD?</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt;color:#1F497D">Natural
or non-natural persons</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
How is the (inaccurate or accurate)
designation by the registrant about her status
as non-natural person considered personal data
information? If it's not is the analysis about
whether the accuracy principle applies
relevant?</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
How would the analysis provided take into
account the possibility for registrants who
are natural persons to "opt-in" for a full
publication of their personal data? Indeed it
might be the case that some of these
registrants might wish to ensure their details
are available on WHOIS.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt;color:#1F497D">Technical
contact
</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Most of
the issue for not allowing this seems to be
around the inability to verify if the RNH has
obtained consent from the technical contact.
When the CP's verify the email address could
consent also be confirmed for the term of the
registration?
</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><b><span
style="font-size:11.0pt;color:#1F497D">General
question:</span></b><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">.
How could anonymisatio/pseudonymisation
techniques be of help in complying with the
GDPR while also allowing for additional
disclosure of certain data elements? E.g. use
of anonymised/pseudonymised emails and names,
in particular in the context of registrations
by legal persons.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Apologies
again for the delay of our submission.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D">Georgios
Tselentis (GAC-EPDP)</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"
style="margin-left:1.0in"><b><span
style="font-size:11.0pt">From:</span></b><span
style="font-size:11.0pt"> Gnso-epdp-team
<<a
href="mailto:gnso-epdp-team-bounces@icann.org"
moz-do-not-send="true">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Caitlin Tubergen<br>
<b>Sent:</b> Wednesday, May 22, 2019 5:22
PM<br>
<b>To:</b> <a
href="mailto:gnso-epdp-team@icann.org"
moz-do-not-send="true">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> [Gnso-epdp-team] For your
review - Clarifying Legal Questions Table</span><o:p></o:p></p>
</div>
</div>
<p class="xmsonormal" style="margin-left:1.0in"> <o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt">Dear EPDP Team,</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt">Following up on an
action item from our last meeting, please find
attached a table which organizes the
clarifying legal questions received to date.
We will discuss the table during our next
meeting.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt">Please note that the
deadline for submitting additional clarifying
questions is before 14:00 UTC on Thursday, 23
May. If additional questions come in before
the deadline, we will update the table
accordingly.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt">Thank you.</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt">Best regards,</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt">Marika, Berry, and
Caitlin</span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"><span
style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="xmsonormal" style="margin-left:1.0in"> <o:p></o:p></p>
<p class="xmsonormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in"><span
style="font-size:11.0pt"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre style="margin-left:.5in">_______________________________________________<o:p></o:p></pre>
<pre style="margin-left:.5in">Gnso-epdp-team mailing list<o:p></o:p></pre>
<pre style="margin-left:.5in"><a href="mailto:Gnso-epdp-team@icann.org" moz-do-not-send="true">Gnso-epdp-team@icann.org</a><o:p></o:p></pre>
<pre style="margin-left:.5in"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=KsnUZFZN_ds3hfDU81KaQh1PouUijCAV1NUDwpIOsAg&e=" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></pre>
<pre style="margin-left:.5in">_______________________________________________<o:p></o:p></pre>
<pre style="margin-left:.5in">By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=FwUQq5l0Y2FAOewYgUPeC3ZpkOkUcsYGbDQDGdrn51g&e=" moz-do-not-send="true">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=DIqsoPEEZERBjh2YW7dICqGWkBj7ALzyba1voyOPzMk&e=" moz-do-not-send="true">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong><span
style="font-family:"Calibri",sans-serif">KEY-SYSTEMS
GMBH</span></strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=hwQnHWrq0qIdx6kVhoowbCd4SZ1nSrXYOX7R9KBc0JM&e="
moz-do-not-send="true">
www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at
the local court of Saarbruecken, Germany with
the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a
company registered in England and Wales with
company number 8576358.</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-size:11.0pt">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org"
moz-do-not-send="true">Gnso-epdp-team@icann.org</a><br>
<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=KsnUZFZN_ds3hfDU81KaQh1PouUijCAV1NUDwpIOsAg&e="
moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to
the processing of your personal data for
purposes of subscribing to this mailing list
accordance with the ICANN Privacy Policy (<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=FwUQq5l0Y2FAOewYgUPeC3ZpkOkUcsYGbDQDGdrn51g&e="
moz-do-not-send="true">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=i8lF_vDhT_peOZsF_kHctAAjfsmIBrNuFvOup8q3LFs&s=DIqsoPEEZERBjh2YW7dICqGWkBj7ALzyba1voyOPzMk&e="
moz-do-not-send="true">https://www.icann.org/privacy/tos</a>).
You can visit the Mailman link above to change
your membership status or configuration,
including unsubscribing, setting digest-style
delivery or disabling delivery altogether (e.g.,
for a vacation), and so on.</span><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="xmsonormal"
style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in"><span
style="font-family:"Times New Roman",serif"><br>
<br>
</span><o:p></o:p></p>
<pre style="margin-left:.5in">_______________________________________________<o:p></o:p></pre>
<pre style="margin-left:.5in">Gnso-epdp-team mailing list<o:p></o:p></pre>
<pre style="margin-left:.5in"><a href="mailto:Gnso-epdp-team@icann.org" moz-do-not-send="true">Gnso-epdp-team@icann.org</a><o:p></o:p></pre>
<pre style="margin-left:.5in"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=6ugXFDtMSp5TN-tGQMAzXjvDtHOuYWQWQNcAzRH3LdY&s=14PnxLXVFMTIGWWbF7k0KG1crIpW38SedNJjX9-zNn0&e=" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></pre>
<pre style="margin-left:.5in">_______________________________________________<o:p></o:p></pre>
<pre style="margin-left:.5in">By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=6ugXFDtMSp5TN-tGQMAzXjvDtHOuYWQWQNcAzRH3LdY&s=D1dN_llu6Tbkcs62nPs2bv31b8e3lKufIbEiylp3GdI&e=" moz-do-not-send="true">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=6ugXFDtMSp5TN-tGQMAzXjvDtHOuYWQWQNcAzRH3LdY&s=JH0Fkze6xob9fbzReu0Azcu6-Rq2iStP-ZCyB_jFoCo&e=" moz-do-not-send="true">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
<div>
<p class="xmsonormal" style="margin-left:.5in"><span
style="font-family:"Times New Roman",serif">--
<br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong>KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=6ugXFDtMSp5TN-tGQMAzXjvDtHOuYWQWQNcAzRH3LdY&s=UhiYqnRvRppumnSvfFWK9c32gZOekoZ1T3kbYAo1WAI&e="
moz-do-not-send="true">
www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local
court of Saarbruecken, Germany with the registration
no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company
registered in England and Wales with company number
8576358.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>