<div dir="ltr"><br><div><br></div><div><p class="MsoNormal" align="center" style="margin:0in 0in 0.0001pt;text-align:center;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4">PURPOSE 2 DISCUSSION</font></span></p><p class="MsoNormal" align="center" style="margin:0in 0in 0.0001pt;text-align:center;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-family:Calibri,sans-serif"><font size="4"><span style="font-family:Helvetica;color:rgb(51,51,51)">Some members of the ePDP have asserted that the formulation of Purpose 2 that has been endorsed by the Board, (</span><span style="font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Contributing to the maintenance of the security, stability, and resiliency of the Domain Name System in accordance with ICANN’s mission) is problematic because the definition of “security, stability, and resilience” (SSR) is overly broad and all encompassing.   This note is intended to provide additional detail on the concept of SSR in the context of ICANN and its processing of personal data as a controller under GDPR.</span><span style="font-family:"Times New Roman",serif"></span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-family:Calibri,sans-serif"><span style="font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4">SSR, as defined in the Bylaws, <b><i>is</i></b> ICANN’s mission.  Article 1, Section 1.1 of the ICANN Bylaws, clearly states that ICANN’s  mission is to ensure the stable and secure operation (SSR) of the Internet's unique identifier systems.  The Bylaws themselves go on to provide significant detail regarding the scope of that mission in the context of names, the root server system, numbers, and protocols.</font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><b><i><span style="font-family:Helvetica;color:rgb(51,51,51)">With respect to names</span></i></b><span style="font-family:Helvetica;color:rgb(51,51,51)">, ICANN’s mission is to coordinate the allocation and assignment of names in the root zone of the DNS and the development and implementation of policies concerning the registration of second-level domain names in gTLDs. The Bylaws further specify that in this role, ICANN's scope is to coordinate the development and implementation of policies for which uniform or coordinated resolution is reasonably necessary to facilitate the <i>openness, interoperability, resilience, security and/or stability of the DNS</i></span><i><span style="font-family:Helvetica;color:rgb(39,41,120)">.  </span></i><b><span style="font-family:Helvetica;color:rgb(39,41,120)">In other words, in the context of ICANN’s mission, SSR encompasses ICANN’s efforts to contribute to the <i>openness, interoperability, resilience, security and/or stability of the DNS</i>.</span></b><b><span style="font-family:Helvetica;color:rgb(51,51,51)"></span></b></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><b><span style="font-family:Helvetica;color:rgb(39,41,120)"><font size="4"><br></font></span></b></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4">But ICANN’s scope is further constrained by the requirement that Consensus Policies must be developed through a bottom-up consensus-based multistakeholder process and designed to ensure the stable and secure operation of the Internet's unique names systems.</font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4">The Bylaws provide examples of the categories of issues that fall within ICANN’s SSR mission.  These include:</font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Symbol;color:rgb(51,51,51)"><span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:"Times New Roman""><font size="4"><br></font></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"></p><ul><li style="margin-left:15px"><font size="4"><span style="font-family:Symbol;color:rgb(51,51,51)"><span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:"Times New Roman""> </span></span><span style="font-family:Helvetica;color:rgb(51,51,51)">issues for which uniform or coordinated resolution is reasonably necessary to facilitate interoperability, security and/or stability of the Internet, registrar services, registry services, or the DNS</span></font></li><li style="margin-left:15px"><font size="4">functional and performance specifications for the provision of registrar or registry services</font></li><li style="margin-left:15px"><font size="4">policies reasonably necessary to implement Consensus Policies relating to a gTLD registry or registar</font></li><li style="margin-left:15px"><font size="4">resolution of disputes regarding the registration of domain names (as opposed to the use of such domain names, but including where such policies take into account use<span style="color:rgb(51,51,51);font-family:Helvetica"> of the domain names); or</span></font></li><li style="margin-left:15px"><font size="4">restrictions on cross-ownership of registry operators and registrars or resellers and regulations and restrictions with respect to registrar and registry operations and the use of registry and registrar data in the event that a registry operator and a registrar or reseller are affiliated.</font></li></ul><p></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4">The Bylaws further provide examples of issues that would fall within those categories, including:</font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"></p><ul><li style="margin-left:15px"><font size="4"><span style="font-family:Symbol;color:rgb(51,51,51)"><span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:"Times New Roman""> </span></span><span style="font-family:Helvetica;color:rgb(51,51,51)">principles for allocation of registered names in a TLD (e.g., first-come/first-served, timely renewal, holding period after expiration)</span></font></li><li style="margin-left:15px"><font size="4">prohibitions on warehousing of or speculation in domain names by registries or registrars</font></li><li style="margin-left:15px"><font size="4"><span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:"Times New Roman""> </span><span style="font-family:Helvetica;color:rgb(51,51,51)">reservation of registered names in a TLD that may not be registered initially or that may not be renewed due to reasons reasonably related to (i) avoidance of confusion among or misleading of users, (ii) intellectual property, or (iii) the technical management of the DNS or the Internet (e.g., establishment of reservations of names from registration)</span></font></li><li style="margin-left:15px"><font size="4">security and stability of the registry database for a TLD</font></li><li style="margin-left:15px"><font size="4">maintenance of and access to accurate and up-to-date information concerning registered names and name servers;</font></li><li style="margin-left:15px"><font size="4">procedures to avoid disruptions of domain name registrations due to suspension or termination of operations by a registry operator or a registrar, including procedures for allocation of responsibility among continuing registrars of the registered names sponsored in a TLD by a registrar losing accreditation; and</font></li><li style="margin-left:15px"><font size="4">the transfer of registration data upon a change in registrar sponsoring one or more registered names.</font></li></ul><p></p><p class="MsoNormal" style="margin:0in 0in 11.25pt 51pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><span style="font-family:"Times New Roman",serif"></span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><b><i><span style="font-family:Helvetica;color:rgb(51,51,51)">With respect to the DNS root name server system</span></i></b><span style="font-family:Helvetica;color:rgb(51,51,51)">, ICANN’s SSR mission encompasses coordination of the operation and evolution of the DNS root name server system.</span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><a name="m_-3952107633327981811__Ref444420864"></a><b><i><span style="font-family:Helvetica;color:rgb(51,51,51)">With respect to numbers</span></i></b><span style="font-family:Helvetica;color:rgb(51,51,51)">, ICANN’s SSR mission is to coordinate the allocation and assignment at the top-most level of Internet Protocol numbers and Autonomous System numbers.</span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><b><i><span style="font-family:Helvetica;color:rgb(51,51,51)">With respect to internet protocol standards</span></i></b><span style="font-family:Helvetica;color:rgb(51,51,51)">, ICANN’s SSR mission involves the provision of  registration services and open access for registries in the public domain requested by Internet protocol development organizations.  </span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="color:rgb(51,51,51);font-family:Helvetica"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><span style="color:rgb(51,51,51);font-family:Helvetica">Taken together, these provisions of the ICANN Bylaws articulate with specificity the scope of ICANN’s SSR mission and by definition limit ICANN’s authority to process personal data in pursuit of that mission.</span><span style="color:rgb(51,51,51);font-family:Helvetica"> </span><span style="color:rgb(51,51,51);font-family:Helvetica">Access to accurate and up-to-date registrant data is necessary for ICANN to achieve its mission.</span><span style="color:rgb(51,51,51);font-family:Helvetica">  </span><span style="color:rgb(51,51,51);font-family:Helvetica">ICANN may need to process such information in order, for example, to:</span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"></p><ul><li style="margin-left:15px"><font size="4"><span style="font-family:Symbol;color:rgb(51,51,51)"><span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:"Times New Roman""> </span></span><span style="font-family:Helvetica;color:rgb(51,51,51)">Inform and support consensus policy development, implementation, and enforcement;</span></font></li><li style="margin-left:15px"><font size="4"><span style="font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal;font-family:"Times New Roman""> </span><span style="font-family:Helvetica;color:rgb(51,51,51)">Conduct research in order to identify and address, in accordance with its Bylaws, new, emerging, and evolving SSR issues within its remit; </span></font></li><li style="margin-left:15px"><font size="4">Respond to and coordinate responses to SSR threats within its remit;</font></li><li style="margin-left:15px"><font size="4">Enable the work of its Supporting Organizations, Advisory Committees, and standards development bodies with respect to SSR issues within ICANN’s remit;</font></li><li style="margin-left:15px"><font size="4">Study emerging technologies and national/multi-national policy initiatives in order to educate the ICANN community as well as innovators and policy makers about the impact of such technologies and/or proposals on DNS SSR.<span style="color:rgb(51,51,51);font-family:Helvetica"> </span></font></li></ul><p></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4">While it is impossible to specify all of the circumstances in which ICANN may need to process personal registrant data in furtherance of its SSR mission, its processing of personal data in furtherance of its SSR Mission is further constrained in two ways.  First, the Bylaws expressly prohibit ICANN from acting outside its mission.  Second, ICANN’s processing of personal data contained in registrant records is constrained by applicable data protection law.  Like every user of registrant data, ICANN is required to limit its processing of personal data in accordance with fair information practice principles of transparency and lawfulness, purpose specification and limitation, accuracy, data minimization, storage limitation, and data security.  It may process personal data subject to GDPR and similar legislation only with the consent of the data subject or as <i>necessary</i> in pursuit of its legitimate interest in DNS SSR and in proportion to the interests and fundamental rights and freedoms of the data subject. </font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4"><br></font></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><font size="4"><span style="font-family:Helvetica;color:rgb(51,51,51)">Given the rapidly evolving nature of the DNS technology as well as SSR threats, the Board believes that the formulation of Purpose 2 above </span><span style="font-family:Helvetica;color:rgb(51,51,51)">(</span><span style="font-family:Arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Contributing to the maintenance of the security, stability, and resiliency of the Domain Name System in accordance with ICANN’s mission) is both necessary and appropriate.  </span></font></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;font-family:Calibri,sans-serif"><span style="font-family:Helvetica;color:rgb(51,51,51)"><font size="4"> </font></span></p></div></div>