<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>There are two additional considerations that are essential here
as well, namely:</p>
<p>1) the differentiation between legacy registrations and new
registrations. Any regime that can rely on such
self-identification can only work going forward, and not be
retroactively be applied to prior self-identification or use of
the Org field. This would quickly lead to a two-class handling of
registration data that can have significant impact on the data
subjects and the domain management processes. Further, experience
has shown that any differentiation in domain handling procedures
will be attacked down the road by interested parties. <br>
</p>
<p>2) the issue of personal information being included in the data
of the legal entity. Even if a valid and reliable
self-identification can be obtained, there is practically no
guarantee that such information does not also includes personal
information of staff members of said entities.</p>
<p>I therefore propose to stick to the original proposal that no
differentiation be required.</p>
<p>Best,</p>
<p>Volker<br>
</p>
<div class="moz-cite-prefix">Am 13.03.2020 um 18:57 schrieb Caitlin
Tubergen:<br>
</div>
<blockquote type="cite"
cite="mid:CB1885C5-4DB2-4F89-8E57-04EE54632AE3@icann.org">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Dear EPDP
Team:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Please find
attached the latest memo from Bird & Bird in response to
the following question:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Registration
data submitted by legal person registrants may contain the
data of natural persons. A Phase 1 memo stated that
registrars can rely on a registrant's self-identification as
legal or natural person if risk is mitigated by taking
further steps to ensure the accuracy of the registrant's
designation. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">As a follow-up to that
memo: what are the consent options and requirements related
to such designations? Specifically: are data controllers
entitled to rely on a statement obligating legal person
registrants to obtain consent from a natural person who
would act as a contact and whose information may be publicly
displayed in RDS? If so,<span class="apple-converted-space"> </span>what
representations, if any, would be helpful for the controller
to obtain from the legal person registrant in this case?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">As part of your
analysis, please consult the GDPR policies and practices of
the Internet protocol (IP address) registry RIPE-NCC (the
registry for Europe, based in the Netherlands). RIPE-NCC’s
customers (registrants) are legal persons, usually
corporations. Natural persons can serve as their contacts,
resulting in the data of natural persons being displayed
publicly in WHOIS. RIPE-NCC places the responsibility on
its legal-person registrants to obtain permission from those
natural persons, and provides procedures and safeguards for
that. RIPE-NCC states mission justifications and data
collection purposes similar to those in ICANN's Temporary
Specification. Could similar policies and procedures be
used at ICANN? <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Please
see these specific references:<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">1) “How We're
Implementing the GDPR: Legal Grounds for Lawful Personal
Data Processing and the RIPE Database”:<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black"><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__labs.ripe.net_Members_Athina_gdpr-2Dlegal-2Dgrounds-2Dfor-2Dlawful-2Dpersonal-2Ddata-2Dprocessing-2Dand-2Dthe-2Dripe-2Ddatabase&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=lm9kGn8JwDnJnbIoNg4je0dwEcDgveT_fksb7KE3MsY&s=JjRQGYCd0W_N54phYbjtCv9Bxt1nS4buSJcvPJf_6vw&e="
target="_blank" moz-do-not-send="true"><span
style="color:#0563C1">https://labs.ripe.net/Members/Athina/gdpr-legal-grounds-for-lawful-personal-data-processing-and-the-ripe-database
[labs.ripe.net]</span></a> <o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">2) “How We're
Implementing the GDPR: The RIPE Database”: <a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__labs.ripe.net_Members_Athina_how-2Dwe-2Dre-2Dimplementing-2Dthe-2Dgdpr-2Dthe-2Dripe-2Ddatabase&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=lm9kGn8JwDnJnbIoNg4je0dwEcDgveT_fksb7KE3MsY&s=P3RxR6-R3MLf69vdiLp4krKwIoY7I7DCUBIhoLT8cog&e="
target="_blank" moz-do-not-send="true"><span
style="color:#0563C1">https://labs.ripe.net/Members/Athina/how-we-re-implementing-the-gdpr-the-ripe-database
[labs.ripe.net]</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">If time permits, also
see the policies of ARIN, the IP address registry for North
America. ARIN has some customers located in the EU. ARIN
also publishes the data of natural persons in its WHOIS
output. ARIN’s customers are natural persons, who submit
the data of natural person contacts.<o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">3) ARIN "Data
Accuracy": <a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.arin.net_reference_materials_accuracy_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=lm9kGn8JwDnJnbIoNg4je0dwEcDgveT_fksb7KE3MsY&s=DOP1W8-coJ5GL4C6NL2umOQTFaaa3hISZ_mxhF7HFwg&e="
target="_blank" moz-do-not-send="true"><span
style="color:#0563C1">https://www.arin.net/reference/materials/accuracy/
[arin.net]</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">4) ARIN Registration
Services Agreement, paragraph 3: <a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.arin.net_about_corporate_agreements_rsa.pdf&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=lm9kGn8JwDnJnbIoNg4je0dwEcDgveT_fksb7KE3MsY&s=vNYCjbgMw_MmaPMiwqygL3syqrs9GqG_mmTZVpoIjoA&e="
target="_blank" moz-do-not-send="true"><span
style="color:#0563C1">https://www.arin.net/about/corporate/agreements/rsa.pdf
[arin.net]</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="caret-color: rgb(0, 0,
0);font-variant-caps: normal;orphans:
auto;text-align:start;widows: auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
style="font-size:11.0pt;color:black">"Personal Data Privacy
Considerations At ARIN": <a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__teamarin.net_2018_03_20_personal-2Ddata-2Dprivacy-2Dconsiderations-2Dat-2Darin_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=lm9kGn8JwDnJnbIoNg4je0dwEcDgveT_fksb7KE3MsY&s=KlSoVh8AH6aCxEBNTX5SsqDBgwzhKCWxVRcIRCcBdKg&e="
target="_blank" moz-do-not-send="true"><span
style="color:#0563C1">https://teamarin.net/2018/03/20/personal-data-privacy-considerations-at-arin/
[teamarin.net]</span></a> especially the first two
paragraphs<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thank you.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Best
regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Marika,
Berry, and Caitlin</span><span
style="font-size:11.0pt;font-family:"Times New
Roman",serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Gnso-epdp-team mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-epdp-team@icann.org">Gnso-epdp-team@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-epdp-team">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<div class="moz-signature">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<strong style="border-bottom: 3px solid #5C46B5">KEY-SYSTEMS GMBH</strong><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a><br>
<br>
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Alexander Siffrin<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered
in England and Wales with company number 8576358.</div>
</body>
</html>