<div dir="ltr"><div>That seems a bit of an extreme interpretation. We agreed not to make no differentiation based on geo for the smple fact that anything else would be an administrative nightmare. <br></div><div>There are so many variables why a set of data may be protected under the GDPR (and comparable regulations) that it seemed unfeasible to design a system that made such differentiations.</div><div><br></div><div>Consider the following scenarios triggering protection just under GDPR:</div><div>-Registrar in EU<br></div><div>-Reseller in EU</div><div>
<div>-Registry in EU</div><div>-Reseller of reseller (whom we usually do not know) in the EU</div><div>
-Registrant in EU
</div><div>-Other Contact in EU</div><div>-Registrar outside the EU, but processing in the EU (For example using a Registrar backend service)</div><div>-Registry
outside the EU, but processing in the EU
(For example using a Registry backend service) <br></div><div>-Registrar outside the EU, Reseller outside the EU but reseller processing in the EU<br></div><div>and many many more.</div><div><br></div><div>Having to look at each data set like this individually is simply not feasible for a contracted party, hence the decision (and need) to simply treat all data as protected. <br></div><div><br></div><div>And while I hate to contradict you Brian, the potentially problematic part is never the act of withholding, and always the act of disclosing, at least from a liability perspective.<br></div></div><div></div><br><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span lang="EN-US">-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: </span><a href="http://www.key-systems.net/" style="color:rgb(17,85,204)" target="_blank"><span lang="EN-US">www.key-systems.net</span></a><span lang="EN-US"><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Alexander Siffrin<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.</span><br></div></div></div><br></div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>
<table style="border-top:1px solid #d3d4de">
<tr>
<td style="width:55px;padding-top:13px"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a></td>
<td style="width:470px;padding-top:12px;color:#41424e;font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank" style="color:#4453ea">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 30, 2019 at 1:56 PM King, Brian via Gnso-epdp-team <<a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">
Hi Farzaneh,
<div><br>
</div>
<div>That’s not quite right. We decided that CPs could differentiate in the context of publication/redaction, not in the context of SSAD. </div>
<div><br>
</div>
<div>In the SSAD context, the act of withholding data when someone needs it, without a legal basis for withholding it (i.e. application of privacy law), would be legally problematic for the entity withholding access. In this case, withholding the data could
make the controller secondarily liable for the bad actor’s conduct.</div>
<div><br>
</div>
<div>So, the data must be disclosed unless there’s a legal basis for withholding it. For legal persons and natural persons not covered by data privacy law, there is no legal basis for withholding the data, and there should be no balancing test. <br>
<br>
<div id="gmail-m_2393422508796001018AppleMailSignature" dir="ltr"><span style="background-color:rgba(255,255,255,0)">Brian J. King</span>
<div>Director of Internet Policy and Industry Affairs</div>
<div>MarkMonitor / Part of Clarivate Analytics<br>
<div><span style="background-color:rgba(255,255,255,0)">Phone: +1 (443) 761-3726</span></div>
</div>
<div><span style="background-color:rgba(255,255,255,0)"><a href="mailto:brian.king@markmonitor.com" target="_blank">brian.king@markmonitor.com</a></span></div>
</div>
<div dir="ltr"><br>
On Aug 30, 2019, at 7:22 AM, farzaneh badii <<a href="mailto:farzaneh.badii@gmail.com" target="_blank">farzaneh.badii@gmail.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div class="gmail_default" style="font-family:verdana,sans-serif">I don't know if this has been flagged and I know that the zero draft is frozen for now but I believe the diagram about the assessment of the data requested Step 2, is not correct. It says that
if the data is non-EEA data may be released with no balancing test performed. In phase one we agreed that the contracted parties can make geo diff if they want. The ones that do not do geo diff should definitely follow the disclosure policy we are coming up
with and perform the balancing test regardless of EEA or non-EEA data. I don't think they should just release the data. As we argued, ICANN's policies are global. If disclosure is global, data protection has to be global too. </div>
<div class="gmail_default" style="font-family:verdana,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:verdana,sans-serif"><br>
</div>
<div>
<div dir="ltr" class="gmail-m_2393422508796001018gmail_signature">
<div dir="ltr">
<div><font face="verdana, sans-serif">Farzaneh </font></div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div dir="ltr"><epdp-p2_swimlane_v0.2.2.pdf></div>
</blockquote>
<blockquote type="cite">
<div dir="ltr"><span>_______________________________________________</span><br>
<span>Gnso-epdp-team mailing list</span><br>
<span><a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a></span><br>
<span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=YDnfsCS-C6PX-k9KBPaWdGMlomR5c6Qzl9pKeq21yqk&s=21TqJSMQV0kHuTo9rha44EVs9jCy7uBr8L8cveIHb6c&e=" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=YDnfsCS-C6PX-k9KBPaWdGMlomR5c6Qzl9pKeq21yqk&s=21TqJSMQV0kHuTo9rha44EVs9jCy7uBr8L8cveIHb6c&e=</a>
</span><br>
<span>_______________________________________________</span><br>
<span>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=YDnfsCS-C6PX-k9KBPaWdGMlomR5c6Qzl9pKeq21yqk&s=VeFjG9M5NbXD9OqeCXKleOaEpa6_jMxj3EseaMJ5H2U&e=" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=YDnfsCS-C6PX-k9KBPaWdGMlomR5c6Qzl9pKeq21yqk&s=VeFjG9M5NbXD9OqeCXKleOaEpa6_jMxj3EseaMJ5H2U&e=</a>
) and the website Terms of Service (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=YDnfsCS-C6PX-k9KBPaWdGMlomR5c6Qzl9pKeq21yqk&s=7E_OKnno3mhFtTwXIwua0a8Qwg3_dmrXTO150Q4GL8Y&e=" target="_blank">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=YDnfsCS-C6PX-k9KBPaWdGMlomR5c6Qzl9pKeq21yqk&s=7E_OKnno3mhFtTwXIwua0a8Qwg3_dmrXTO150Q4GL8Y&e=</a>
). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</span></div>
</blockquote>
</div>
</div>
_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div>