<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:veranda;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.style1, li.style1, div.style1
{mso-style-name:style1;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:401636887;
mso-list-template-ids:770205426;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">To address the question, are the DPAs</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> talking about centralization of
requests, or centralization of disclosure let's consider our registration data model. The collection and storage of the gTLD registration data depends on a decentralized model - and this is how it will continue to be - because of the distributed nature of
the DNS and the Internet infrastructure this is how the collection and storage of data works best. However, we can obviously see how this has created complexity in identifying the data controllers and the allocation of liabilities that we are still discussing.
Taking into account data governance, like the policies, responsibilities and the organizational structures protecting the privacy rights of the data subjects; having one body responsible for this ensures consistency of operation, facilitates auditing and enforcement
of compliance in addition, ensures data subject rights are equally met across the spectrum, so centralization in this regard is obviously better. Taking into account data subjects rights and the rights controllers give to individuals in relation to how their
data is processed and for what reason, having one entity responsible for this ensures the same level of protection to data subjects in accordance to the GDPR and makes auditing and compliance enforcement easier. As for ensuring that the data protection principles
are met, that is the processing of the personal data is lawful, purpose limited and transparent, assessment on a process-by process has to be done, having one entity responsible for the disclosure decision makes it easier to follow, log, assess and reform.
So when the blog says "<span style="background:white"> the Belgian DPA’s representatives said a centralized model is worth exploring and it seems to be a better, “common sense” option in terms of security and for data subjects." It is indeed common sense
the more you can centralize the better, assessing and enforcing compliance across one decision making platform is easier than across multiple decision making platforms. Centralization allows for consistency, predictability and better compliance. Just to note,
I do not mean by putting the above examples that this is how the SSAD should look like, we already have a working registration model for collection, storage and operation and have agreed on a hybrid model in which some decisions will be centralized while
others will not.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;background:white">As for the automation part, it should be clear that the accreditation of the users of the SSAD does not give them the right to obtain the data,
accreditation only gives them the right to make a request. Recommendation #1 and #2 of the report in relation to accreditation confirm this.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As for the automated decision making the EPDP team has not discussed the algorithm (Program) that will be making the decision and how it will make this decision,
this is an implementation issue. However we have set the principles based on which the algorithm should work. Recommendation number 11 bullet (c) of the report says "contracted parties and SSAD must process data in compliance with applicable law" and bullet
(e) of the same recommendation says "contracted parties and SSAD where required by applicable law, must perform a balancing test before processing the data," and please note the word MUST. Obviously, to be GDPR complaint the algorithm will need to consider
any and all criteria required by the GDPR. To assume that automatic disclosure means ignoring the law is simply not true, all required safeguards in addition to principles like transparency need to be followed. Automation simply means that a machine and not
a person will be reviewing the data which could provide better accuracy and consistency to the decision making in addition to improving the efficiency of the system and saving the time and effort of the decision makers.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hadia<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org]
<b>On Behalf Of </b>Journoud, Franck<br>
<b>Sent:</b> Friday, February 21, 2020 12:50 AM<br>
<b>To:</b> Mueller, Milton L; gnso-epdp-team@icann.org<br>
<b>Subject:</b> Re: [Gnso-epdp-team] ICANN Meets with Belgian Data Protection Authority<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Milton, I do agree that it’s not sufficiently clear what is meant by “centralization” in the blog post.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">However, I think your assertion that centralization and automation allow “any accredited user to get personal data without reviews” is not well grounded:
<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">centralization would make oversight of decision-making infinitely easier and thus more effective than ICANN Compliance having to chase thousands
of CPs;<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">automation would provide an authoritative and detailed view of each decision and of the criteria used: what are the algorithm’s inputs, how
are they weighted/organized, what’s the decision-tree, etc.;<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">it’s not “any accredited user” who would get access, but only those who (in themselves and in their requests) satisfy all the elements of
the policy;<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l0 level1 lfo1"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">so in summary we’re talking about more and better, not fewer and worse, reviews.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">One thing is for sure: these divergent interpretations of a short blog post only reinforce in my mind the need for a fuller and more detailed account of the meeting!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><i><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">-Franck<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal" style="line-height:18.65pt;mso-line-height-rule:exactly;text-autospace:none">
<b><span style="font-size:11.0pt;font-family:"Arial","sans-serif"">Franck Journoud | VP, Tech Policy | MPA</span></b><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> | E</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
<a href="mailto:franck_journoud@motionpictures.org"><span style="color:windowtext">franck_journoud@motionpictures.org</span></a> |
<b>O </b>(202) 378-9127<b> | M </b>(202) 285-7322<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Gnso-epdp-team <gnso-epdp-team-bounces@icann.org>
<b>On Behalf Of </b>Mueller, Milton L<br>
<b>Sent:</b> Thursday, February 20, 2020 4:48 PM<br>
<b>To:</b> gnso-epdp-team@icann.org<br>
<b>Subject:</b> Re: [Gnso-epdp-team] ICANN Meets with Belgian Data Protection Authority<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p><b><span style="font-family:"veranda","serif";color:black">WARNING – External Sender
<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
<hr size="3" width="100%" align="center">
</span></div>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Colleagues:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I really have to push back against Hadia’s interpretation of the ICANN blog post, and the blog post itself.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As others pointed out, the blog’s claim that “a centralized model” is better for security is just the writer’s opinion. The claim is seriously undermined by
the fact that we do not know whether they were talking about centralization of requests, or centralization of disclosure, or both. In this respect, the discussion within EPDP, which makes a clear distinction between request and disclosure centralization, is
a far more advanced than ICANN’s old UAM concept. So merely on the basis of its ambiguity, this alleged principle is meaningless. And from a cybersecurity standpoint, it should be obvious that centralization/automation of disclosure is very bad for the privacy
of the data subject, because it allows any accredited user to get private data without any reviews. I have a hard time believing that any DPA would sanction something like that if they were presented with a clear explanation of it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As for the second alleged principle, it is a worthless tautology. In essence, it says: Automated decision making is allowed under GDPR as long as the GDPR allows
it. Well, thank you very much. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The problem is that automated disclosure decisions does not permit one to see whether the request actually conforms to the criteria that would authorize disclosure.
Automation thus massively increases the risk that disclosures that are not compliant will be made.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">This whole episode is just another demonstration of why ICANN org’s insistence on mediating between us and the DPAs is unhelpful; I wish they would stop. No
issue we face has been clarified; no part of our work has been advanced by this exchange. We just debate different interpretations of these meetings based on different policy preferences. Worst of all, we do not know how ICANN org presents issues to the DPAs
in these private meetings. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Can we call a moratorium on these unwanted and unneeded parallel interventions?
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">And if not, can we at least teach Goran and his staff to say “SSAD” instead of “UAM,” so that we are sure we are talking about the same thing? It’s only one
more letter, it shouldn’t be hard.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Dr. Milton L Mueller<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">School of Public Policy
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Georgia Institute of Technology<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="194" height="42" id="Picture_x0020_1" src="cid:image001.jpg@01D5EA5F.BA6A77B0" alt="IGP_logo_gold block_email sig"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Gnso-epdp-team <<a href="mailto:gnso-epdp-team-bounces@icann.org">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Hadia Abdelsalam Mokhtar EL miniawi<br>
<b>Sent:</b> Thursday, February 20, 2020 11:00 AM<br>
<b>To:</b> Journoud, Franck <<a href="mailto:Franck_Journoud@motionpictures.org">Franck_Journoud@motionpictures.org</a>>; Johan Helsingius <<a href="mailto:julf@julf.com">julf@julf.com</a>>;
<a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] ICANN Meets with Belgian Data Protection Authority<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Dear All,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">As I have said on the call today I also found the blog useful, it highlighted two main principles. First, a centralized model is better in terms of security
and in relation to the data subjects and second, an algorithm that automates decision making is allowed under GDPR as long as it can demonstrate the decision was taken in accordance with the criteria set by GDPR. We keep thinking about the liability, but given
the limited time we have, we need to focus on having a workable, efficient system that is compliant with GDPR. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Best<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hadia<o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Gnso-epdp-team [<a href="mailto:gnso-epdp-team-bounces@icann.org">mailto:gnso-epdp-team-bounces@icann.org</a>]
<b>On Behalf Of </b>Journoud, Franck<br>
<b>Sent:</b> Thursday, February 20, 2020 4:55 PM<br>
<b>To:</b> Johan Helsingius; <a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-epdp-team] ICANN Meets with Belgian Data Protection Authority<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dear Janis, ICANN org liaisons and EC EPDP members,<br>
<br>
I'd like to reiterate the point that I made on the EPDP call today. I have found the blog post very helpful and sincerely thank Göran for writing it - and yet it is insufficient. I appreciate that this was a meeting rather than formal legal guidance, but it'd
still be helpful if all 'our' attendees (ICANN org staff, Janis, EC) could pool their notes and analysis to produce as detailed as possible an account of what the Belgian DPA reps said. This should be followed by these attendees attending an EPDP call so that
we can ask follow-up questions. Surely we can get more our of that extremely important interaction than informative and useful, but short couple of substantive paragraphs.<br>
<br>
-Franck<br>
<br>
Franck Journoud | VP, Tech Policy | MPA | E <a href="mailto:franck_journoud@motionpictures.org">
franck_journoud@motionpictures.org</a> | O (202) 378-9127 | M (202) 285-7322<br>
<br>
-----Original Message-----<br>
From: Gnso-epdp-team <<a href="mailto:gnso-epdp-team-bounces@icann.org">gnso-epdp-team-bounces@icann.org</a>> On Behalf Of Johan Helsingius<br>
Sent: Wednesday, February 19, 2020 4:49 PM<br>
To: <a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a><br>
Subject: [Gnso-epdp-team] ICANN Meets with Belgian Data Protection Authority<br>
<br>
WARNING - External Sender<br>
<br>
<a href="https://www.icann.org/news/blog/icann-meets-with-belgian-data-protection-authority" target="_blank">https://www.icann.org/news/blog/icann-meets-with-belgian-data-protection-authority</a><br>
_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></p>
<p><span style="font-size:8.0pt;font-family:"Verdana","sans-serif";color:#666666">CONFIDENTIALITY NOTICE: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above.
If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this
communication in error, please notify the sender by return e-mail and delete and/or destroy all copies of this communication and any attachments.<o:p></o:p></span></p>
</div>
</body>
</html>