<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:TrebuchetMS;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1689528920;
mso-list-type:hybrid;
mso-list-template-ids:1481275990 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Alan,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I think we are still talking past each other. I will make one last effort.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The purpose of the use cases was to test our assumptions about what would lead to a successful request for disclosure, what kinds of legal bases would be used
and what kind of safeguards would have to be in place. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The ALAC use case we are debating was about disclosing the identity of a registrant because a random Internet user is curious about who the registrant is and
thinks they need to know this before buying something from the registrant. I think our discussion of this case clearly demonstrated that this rationale will never pass the balancing test and does not even meet the threshold of 6.1.b. I say this because:
<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Curious users can easily, effectively and directly protect themselves from this uncertainty by not buying or interacting with unknown or untrusted sites/domains;<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Curious users can find the needed information about the website from other potential sources besides Whois, including, in many jurisdictions, laws that
require such info to be published;<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">The fact that this curiosity occurs before any harm has been done means that such a claim will always fail the balancing test (what is the legitimate
interest of the requestor?) <o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Curiosity about who is behind a domain in the absence of any harm or demonstrable problem was the rationale behind the openness of the old Whois, which
is known to be illegal. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">So Amr backed off from the notion of “rejecting this use case,” but I think his initial statement was valid. Our discussion of this proposed use case demonstrated
that it is unlikely if not impossible to ever provide a legitimate rationale for disclosure. We appreciate your bringing it up as a possible use case, which as you note is what you were asked to do. Now that we have discussed it we are simply asking you and
Hadia to recognize that it is not going to provide a sufficient rationale for disclosure of private info.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">--MM<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Gnso-epdp-team <gnso-epdp-team-bounces@icann.org>
<b>On Behalf Of </b>Amr Elsadr<br>
<b>Sent:</b> Thursday, August 29, 2019 6:59 AM<br>
<b>To:</b> Alan Greenberg <alan.greenberg@mcgill.ca><br>
<b>Cc:</b> gnso-epdp-team@icann.org<br>
<b>Subject:</b> Re: [Gnso-epdp-team] Notes and action items from EPDP Team Phase 2 Meeting #11 - 1 August 2019 - ALAC Online buyers Use Case<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Alan,<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">I take your point on rejection of a use case, and perhaps I should have been more precise in what I was trying to say. I chose my words poorly, but I hope you understand what I’m getting at. I did, after all, acknowledge that discussing
this use case has been helpful to our work.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">What I meant to say was that this use case should not result in recommendations resulting in granting disclosure of gTLD registration data to Internet users (not referring to TM holders here) upon request, with the aim of them identifying
persons (natural or legal) conducting commerce online. The question of wether an ICANN Consensus Policy grants the same level of privacy protection to both the personal information of legal and natural persons is a separate issue of course, with its own set
of arguments.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Amr<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Aug 29, 2019, at 1:51 AM, Alan Greenberg <<a href="mailto:alan.greenberg@mcgill.ca">alan.greenberg@mcgill.ca</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Amr, as few points.<br>
<br>
1. This use case is NOT about content. It is true that the user request *MAY* have been triggered by content of a web site. But it could equally well have been triggered by an e-mail received. Or just the semantics of the domain name. A registrar *might* choose
to use any web content as a basis for responding positively or negatively to such a request for access, but it could also use its own database of its customer information to determine if the registrant is a legal person. What the registrar does in resolving
an access request will not be dictated by any ICANN policy and is purely up to its business practices.<br>
<br>
2. I really do not understand the concept if us "rejecting" a use case. We were asked to identify potential use cases and we did. You captured the validity of the case at the end of your message:<span class="apple-converted-space"> </span><b><i>"there is still
nothing preventing an Internet user from requesting information about a website they might do business with from a registrar".<span class="apple-converted-space"> </span></i></b>Any EPDP rejection notwithstanding, a user may still request access to information
about a registrant that she believes may be a legal person. And a registrar/registry may ultimately agree to grant that access - or not. Therefore it *IS* a user case, albeit perhaps one you don't like.<span class="apple-converted-space"> </span><br>
<br>
Nothing in this use case presupposes that access will be granted, nor does it presume that such a use will be handled in anything but a manual mode with the registrar performing the "balancing" as dictated by GDPR.<br>
<br>
Alan<br>
<br>
At 28/08/2019 03:30 PM, Amr Elsadr wrote:<br style="caret-color: rgb(0, 0, 0);font-variant-caps: normal;text-align:start;-webkit-text-stroke-width: 0px;word-spacing:0px">
<br>
</span><o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Hi Brian,<br>
<br>
I'm not sure that it makes a difference - wether disclosure can or cannot be presupposed as an outcome. If we, as a Team developing gTLD policy recommendations, tackle an issue concerning web content, reach a conclusion (any conclusion) on it, send a recommendation
to the GNSO Council, which is adopted and then sent to the ICANN Board, which adopts it yet again, then what is the outcome? To me, the answer to that question would be that the EPDP Team, the GNSO Council and the ICANN Board have all contributed to creating
contractual obligations on Contracted Parties that ICANN should have no business creating.<br>
<br>
To me, this is also a means of pulling topics out-of-scope of ICANN's mission in to it, because although this scope is defined by the Bylaws, there are also Bylaws granting the GNSO responsibility for developing gTLD policy. Would create a bit of a messy constitutional
sort of situation, I think.<br>
<br>
Also, at some point in the future, the Consensus Policy we are in the process of developing recommendations for will be reviewed, and amendments may be sought. Reviewing Consensus Policies could potentially be initiated by either the GNSO or GDD (if you're
following the current Council conversation on reviews of implemented Consensus Policies). So even if we are not presupposing any outcome of disclosure in this use case now, we open the door to further policy development on this topic at some point in a future
iteration. On a topic that should have been flagged as out-of-scope of ICANN's mission to begin with!!<br>
<br>
Ideally, we would not submit any recommendations concerning web content at all. If we did, it'd be nice to know that there are checks and balances in place that initiate some kind of course correction. For instance, the GNSO Council or the ICANN Board would
respond saying, wait a minute, why are you sending us a policy recommendation on a topic outside of ICANN's scope?! Speaking for myself, unfortunately, I very much doubt that would happen.<br>
<br>
It's probably also noteworthy that even if we, as an EPDP Team, reject this use case, and do not address the topic in our recommendations, there is still nothing preventing an Internet user from requesting information about a website they might do business
with from a registrar, as you suggest. Our use of these use cases should focus on helping respondents to disclosure requests understand how best to deal with whatever disclosure requests they receive. We can't cover every single potential use case anyway,
so the ones we do work out should at least provide some guidance on how to deal with unforeseen circumstances. With that in mind, I believe there is value in addressing this use case, and rejecting it, as opposed to not looking at it at all.<br>
<br>
This is my personal perspective, and apologies if it was slightly lengthier than it needed to be, but you asked. ;-)<br>
<br>
Thanks.<br>
<br>
Amr<br>
<br>
<br>
â€</span><span style="font-size:10.5pt">â€â€â€â€â€â€</span><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> Original Message â€</span><span style="font-size:10.5pt">â€â€â€â€â€â€</span><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"><br>
On Wednesday, August 28, 2019 8:25 PM, King, Brian <<a href="mailto:Brian.King@markmonitor.com">Brian.King@markmonitor.com</a>> wrote:<br>
<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Hey Amr and all,<br>
<br>
<br>
<br>
I can’t speak authoritatively for ALAC’s intent, but I read this use case as allowing internet users to<span class="apple-converted-space"> </span><i>request</i><span class="apple-converted-space"> </span>(not have an entitlement to receive) information
about a website they might do business with, a link they might click, etc.<br>
<br>
<br>
<br>
I think we’re merely talking about allowing an internet user to ask the question, without presupposing any access outcome. Does that change your perspective?<br>
<br>
<br>
<br>
I’m sympathetic to concerns raised about the bounds of ICANN’s remit, and I might find those concerns more persuasive if we were talking about guaranteed access in this case.<br>
<br>
<br>
<br>
<b>Brian J. King<span class="apple-converted-space"> </span></b><br>
Director of Internet Policy and Industry Affairs<br>
<br>
<br>
<br>
T +1 443 761 3726<a href="http://www.markmonitor.com/"><br>
markmonitor.com</a><u><br>
</u><br>
<br>
<br>
<b>MarkMonitor<br>
</b>Protecting companies and consumers in a digital world<br>
<br>
<br>
<br>
<b>From:</b><span class="apple-converted-space"> </span>Gnso-epdp-team <<a href="mailto:gnso-epdp-team-bounces@icann.org">gnso-epdp-team-bounces@icann.org</a>><span class="apple-converted-space"> </span><b>On Behalf Of<span class="apple-converted-space"> </span></b>Amr
Elsadr<br>
<b>Sent:</b><span class="apple-converted-space"> </span>Tuesday, August 27, 2019 7:28 AM<br>
<b>To:</b><span class="apple-converted-space"> </span>Hadia Abdelsalam Mokhtar EL miniawi <<a href="mailto:Hadia@tra.gov.eg">Hadia@tra.gov.eg</a>><br>
<b>Cc:</b><span class="apple-converted-space"> </span><a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b><span class="apple-converted-space"> </span>Re: [Gnso-epdp-team] Notes and action items from EPDP Team Phase 2 Meeting #11 - 1 August 2019 - ALAC Online buyers Use Case<br>
<br>
<br>
<br>
Hi,<br>
<br>
<br>
<br>
The issue many of us have with this use case isn’t that Internet users should not be entitled to know who they elect to do business with over the web, so I don’t believe it is necessary to keep pushing that point. The issue is that in situations where entities
conducting commerce over the Web do not have their contact information readily published on their websites, ICANN/gTLD policy is an inappropriate substitute to resolve this, due to ICANN’s narrow mission.<br>
<br>
<br>
<br>
Speaking for myself, even if it were legal for ICANN to adopt policies that are beyond the scope of its mission (which I don’t think is the case here), it is undesirable for it to do so. Not having a clearly drawn line in the sand on what ICANN can regulate
online via contractual compliance with Registries and Registrars, including selling and purchasing goods and services, is a prospect that I find to be very unappealing. It creates a great deal of uncertainty for both Contracted Parties providing domain name
registration services, as well as registrants who utilize these services.<br>
<br>
<br>
<br>
My interpretation of consumer protection from an ICANN perspective is that registrants are THE consumers of services in the ICANN context. In that context, proposing policy recommendations beyond the scope of ICANN’s mission is bad, not good, for consumer
protection. …, and like I said…, I do don’t believe it to be complaint with data protection regulation, such as the GDPR, anyway.<br>
<br>
<br>
<br>
Thanks.<br>
<br>
<br>
<br>
Amr<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">On Aug 26, 2019, at 5:37 PM, Hadia Abdelsalam Mokhtar EL miniawi <<a href="mailto:Hadia@tra.gov.eg">Hadia@tra.gov.eg</a>> wrote:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Hello All,<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">The ALAC online buyers online case is a real life scenario for why there needs to be a distinction between natural and legal persons. I shall not get into this debate. However, I note that consumers
identity and even location is now available to buyers through many online applications, GDPR protects personal information of natural persons and not legal persons. It is only fair to Internet end users to allow them to have the contact information of the
online businesses. This is particularly important in case Internet end users are dealing with small businesses online. You can find online businesses contact details now through some existing applications. What and who are we trying to protect by not allowing
this use case. Commercial websites should be encouraged to indicate who they are and publish their information. The architecture of the web inherently does not require real identity, but having a complete anonymous system is always an invitation to problems,
making people feel less accountable and diminishing the trust in the network. A survey conducted by Bright Local showed that 60% of customers prefer to call small businesses on the phone. The survey also showed that consumers now look beyond websites, RDS
is only one tool of many however, prohibiting it to exist works against the norm. I also note that getting clarity in relation to the contracted parties liability in this regard is very important and if implemented information should only be provided if the
case is absolutely clear.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">I attach the updated user case, which is also available through the google doc<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Best<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Hadia el-Miniawi <span class="apple-converted-space"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">From: Gnso-epdp-team [<a href="mailto:gnso-epdp-team-bounces@icann.org"><span class="apple-converted-space"> </span>mailto:gnso-epdp-team-bounces@icann.org</a>]
On Behalf Of Mueller, Milton L<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Sent: Monday, August 19, 2019 5:27 PM<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">To: Tara Whalen;<span class="apple-converted-space"> </span><a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Subject: Re: [Gnso-epdp-team] Notes and action items from EPDP Team Phase 2 Meeting #11 - 1 August 2019 - ALAC Online buyers Use Case<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Tara:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Responses inline below:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">The ICANN Board resolved in May to have the ePDP “determine and resolve the Legal vs. Natural issue in Phase 2." <span class="apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_board-2Dmaterial_resolutions-2D2019-2D05-2D15-2Den-231.b&d=DwMGaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=B8MS1O2ZkevjBW6hFhUe1Tfw1xhaFLotkSAAZ3g3DYQ&s=IAoMV6Yy5PfTOTRJ7D6oVAm1m5bFZMOIZHmnJjr4Gnk&e=">https://www.icann.org/resources/board-material/resolutions-2019-05-15-en#1.b</a><span class="apple-converted-space"> </span>
Because the issue is not decided.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> Not quite correct. The Board noted that EPDP’s own Recommendation said that we would resolve the issue in Phase 2. The board did not tell us to do
so. The resolution also notes the “Potential liability of a registered name holder's incorrect self-identification of a natural or legal person, which ultimately results in public display of personal data.â€</span><span style="font-size:10.5pt"></span><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">
This concern was one of several that motivated our reluctance to attempt differentiation.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">The EWG recommended a differentiation solution -- that registrants be required to identify as a Registrant Type, with Legal Person and Natural Person
among the options. It also required that a mandatory Business PBC be published for “Registrants that self-identify as Legal Persons engaged in commercial activity" (pages 42-44 of final report). <span class="apple-converted-space"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">This option _was_ discussed and discarded in Phase 1. It was noted that to the vast majority of ordinary people the distinction between legal and natural
has no meaning, and that there would be liability consequences if there were incorrect identification (see above). And besides, the recommendation of the EWG was made prior to GDPR and has no bearing on EPDP.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">ICANN’s Procedure for Handling WHOIS Conflicts with Privacy Law was reviewed by the GNSO and revised in mid-2017. A goal of the Procedure was “to
resolve the problem in a manner that preserves the ability of the registrar/registry to comply with its [current] contractual WHOIS obligations to the greatest extent possibleâ€</span><span style="font-size:10.5pt"></span><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">.</span><span style="font-size:10.5pt"> </span><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">
So -- to publish as much data as possible as allowed by law.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> Now you are way off base. Contractual Whois obligations in 2017 were not compliant with GDPR. The Conflicts with Privacy Law procedure is completely
irrelevant to our proceedings.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif">Under that Procedure, about the only precedent was the .TEL case, which addressed concerns raised by UK privacy law. In that case, the WHOIS service
was made to differentiate between natural and legal persons. Some public WHOIS data was limited for natural persons who had elected to withhold their personal information from disclosure by the WHOIS service, records for Legal Persons had to return full and
complete WHOIS data (including applicable personal data), and Legal Persons were not permitted to opt out of disclosing such information. The GDPR is definitely a different law and may yield a different policy. But the .TEL case did show that it’s possible
to tell the difference between a natural person’s data and a legal person’s data, and to control where that data appears.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> Same comment as above.<span class="apple-converted-space"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"><Consumer_Protection_Use_Case_ALAC - Online buyers_Update_2.docx><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"> <o:p></o:p></span></p>
</blockquote>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"TrebuchetMS",serif"><br>
_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></p>
</blockquote>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>