<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:Roboto;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Garamond;
panose-1:2 2 4 4 3 3 1 1 8 3;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Obviously I can’t speak for Volker, but I want to try and respond with why I find Volker’s proposal intriguing.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The registration data in whois / RDAP is available to everyone, including bad actors. We know that bad actors are harvesting registration data via whois / RDAP. It is used in a variety of ways, subjecting (legal and natural) registrants
to phishing attempts, spam, fake renewal / transfer requests, domain hijack attempts and monetization of their data for example. There are very limited tools that we can employ to prevent that. We can block IP addresses, but bad actors can easily change
IP addresses. We can add rate limiting, but again bad actors can use multiple IP addresses and rate limiting impacts legitimate requests as well.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Making that data available via automated SSAD disclosures means that the requestor has gone through some amount of pre-validation to determine that they are who they claim to be. With the SSAD where a requestor is abusing or misusing the
data being provided there can be actual ramifications, suspending or revoking their SSAD access. It provides the possibility of preventing bad actors from being able to abuse (legal and natural) registrant data while still getting that data into the hands
of good actors who are not abusing the data and have a legitimate purpose.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-Marc<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>From:</b> Gnso-epdp-team <gnso-epdp-team-bounces@icann.org>
<b>On Behalf Of </b>Becky Burr via Gnso-epdp-team<br>
<b>Sent:</b> Tuesday, April 20, 2021 12:21 PM<br>
<b>To:</b> Steve Crocker <steve@shinkuro.com><br>
<b>Cc:</b> gnso-epdp-team@icann.org<br>
<b>Subject:</b> [EXTERNAL] Re: [Gnso-epdp-team] On the proposed guidance<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="0" cellpadding="0" width="1185" style="width:888.75pt;background:#F5ECCE">
<tbody>
<tr>
<td width="1175" style="width:881.25pt;padding:.75pt .75pt .75pt .75pt">
<p><strong><span style="font-family:"Calibri",sans-serif;color:#993300">Caution:</span></strong><span style="color:#993300"> </span><span style="color:black">This email originated from outside the organization. Do not click links or open attachments unless
you recognize the sender and know the content is safe. </span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Point of information - In the case of registration data, "publicly available" cannot mean "without any controls on the use." Use of whois data for email and other marketing, etc., has been prohibited since
day 1, and those limitations have been specifically challenged and upheld in court. <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Question - I think I agree with Steve that "publicly available" means available to anyone, subject to reasonable measures to enforce the use prohibitions/limitations. I'm not really clear, however, why making
that data available through automated SSAD disclosures is different from making it available through RDAP. Is it the cost? The need to be identified? <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">On Tue, Apr 20, 2021 at 10:40 AM Steve Crocker via Gnso-epdp-team <<a href="mailto:gnso-epdp-team@icann.org">gnso-epdp-team@icann.org</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue">Volker,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue">To me, the term "publicly available" means available to anyone without qualification as to the purpose and without any controls on the use. You seem to be using the
term differently.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue">The discussion within this working group of what data is to be made available publicly is just one part of the larger discussion regarding who should have access to
which data and for which purposes. The idea of SSAD or any other differentiated access system is to implement those yet to be determined rules.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue">What is your understanding of what the rules regarding access to non-public data should be?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue">Thanks,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue">Steve<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:blue"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">On Tue, Apr 20, 2021 at 3:31 AM Volker Greimann via Gnso-epdp-team <<a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Dear Melina,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">thanks for your explanation. <o:p>
</o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">I contend that the data contained in SSAD is publicly available, just as the data contained in the German trade register is publicly available, even though there may be a paywall. Hence publication can mean
anything that provides for public access: A physical book, SSAD or RDAP. Anyone with a legitimate interest can apply for an SSAD account just like anyone can apply for an account with the online version of the German trade register. Data in SSAD is publicly
available.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">If NIS 2 comes down on a different interpretation in Germany (although I do not see why it would if even the public trade register is behind a paywall), I would welcome that as well, as it provides me with
a legal basis for publication. An obligation based in law to disclose data means there is no longer any risk attached to such disclosures, if done correctly. So when that law comes into effect in my jurisdiction, I will implement it. Before that time, the
legal basis is missing and CPs bear the risk of wrongful disclosure. So lets meet again once the implementation data of NIS 2 draws near. Basing policy on non-existent law is premature.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">"</span><span lang="EN-GB">T<i>o come back to your other point, (i.e., that you are not convinced that the availability of non-personal WHOIS data would contribute to the
</i></span><i>security, stability and resilience of the DNS), I trust you are not implying that so many people from all over the world are intensively working on a problem which would be non-existent.
</i><span style="font-size:10.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<i><span lang="EN-GB"> </span></i><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><i><span lang="EN-GB">Currently the vast majority of registration data are not available and the majority of requests from different organisations to access such data remain unanswered.</span></i>"<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">This is an issue that SSAD was designed to solve. But the last three years have shown that it is less of a problem than people make it out to be.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">"</span><i><span lang="EN-GB">According to a study published in January 2021 by InterIsle Consulting Group, at present, (...)</span></i><span lang="EN-GB">"</span><span style="font-size:10.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-GB">This is a statement of alleged fact, but it does not show why this necessarily is an issue.
</span><span style="font-size:10.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in;text-align:justify">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify">
"<i>Even European government agency and law enforcement requests for redacted WHOIS data have been denied.</i> (...)"<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify">
<o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify">
I would imagine that this would only be the case if they were acting outside their legal remit, e.g. outside their jurisdiction. As Theoden said to Gandalf "You have no power here!". All requests with a proper legal basis, e.g. acting inside their own jurisdiction
should be answered, and if not, compliance be called. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal">"<i>(...) where WHOIS data would have been critical to help combat online sexual child abuse cases. According to the complainants, the availability of more WHOIS data in public could help to find perpetrators on the internet.</i>"<span style="font-size:10.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal">And those perpetrators register domain names with existing legal entities as registrants? Because unless this is the case, the argument is irrelevant to the question at hand.<span style="font-size:10.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">"<i>According to a study published in 2021 by InterIsle Consulting Group, the data suggests that only around 11.5% of domains may belong to natural persons who
are protected by GDPR. This 11.5% may be the percentage of domains that is necessary to protect under GDPR. In contrast, registrars and registry operators have redacted contact data from 57.3% of all domains, or five times the amount that may be necessary.</i>"</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">This statistic misses the point we are debating though as it does not in any way differentiate between legal entities whose data contains personal information,
and those where it does not. If it is necessary to redact 100% of registration data or to put it inside the SSAD where access is controlled to protect even 1% of registrants, it is worth doing. Protection of the innocent always takes precedent.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">"<i>It would be beneficial if you could explain why non-personal data of legal persons have been redacted and why you object to the effort of having greater transparency
while fully respecting privacy of registrants.</i>"</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Because blanket redaction of all data is the only way to safely and securely ensure that the personal data of data subjects is protected. There is a reason why
even government controlled databases such as the car registration register are redacted. I have not seen a car register where the registration details of legal entities are published. Having that data publicly available might be beneficial for any number of
causes. And those are registers that are being kept with a legal basis. </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">"<i>In light of all the conversations, and B&B advice received, it is clear that the argument of potential liability risk due to inadvertent disclosure of personal
data does no longer hold value.</i>" </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">I wonder which part of the advice we received allowed you to draw this conclusion as the advice always pointed out that risk remains.
</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Please, come again once the demands you are raising are also implemented this way for all public registers in the various countries where you wish to see contracted parties to implement them.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Trade registers, car registers, gun ownership registers, sex offender registers, land registers, etc. None of them universally have the level of access you want for mere domain name registrations.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">That said, if someone demonstrates a legitimate interest with regard to any data, personal or non-personal, they will receive prompt disclosure from us (after the balancing test). If there is significant danger
of harm to third parties, we will even grant access even though the requestor may be acting outside their jurisdiction, regardless of whether the registrant is legal or natural. Because granting such access is our moral obligation if a case for disclosure
is made. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">But please do not ask us to provide access levels that even our own governments do not provide for much, much, much more critical data.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">Best,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<b>KEY-SYSTEMS GMBH</b><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a href="http://secure-web.cisco.com/1Z3CkNGDtaX4XG9vBNapXiAQ1QfliIbyTnLo2IMVkQGCP57RI9JneAPe_qcpUu3YBIJthB3X0fGWeOvchykN6l4IiWL5BejQmzn2As1NvSMr6KfuWCJPCVB5X0EeKoOnwmHC1k-FtXXVLeDUZuhmiaNkjXjfFgQvLWJ6cHR8CEkGlcPCZpgbSuJVFikU_h5jLhojOL37r9YlO7QqH1Q2Fng8ef6IreP0zEbnrkjqO1PyHclCoRdfibP8OjYkMYRMA/http%3A%2F%2Fwww.key-systems.net%2F" target="_blank"><span style="color:#1155CC">www.key-systems.net</span></a><br>
<br>
Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Oliver Fries and Robert Birkner<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<br>
<br>
</span><span style="font-size:10.5pt;font-family:"Roboto",serif;color:black;background:#F8F9FA">This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying,
transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.</span><span style="font-size:10.0pt"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt">On Tue, Apr 20, 2021 at 11:47 AM STROUNGI Melina <<a href="mailto:Melina.STROUNGI@ec.europa.eu" target="_blank">Melina.STROUNGI@ec.europa.eu</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Dear Volker,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Thank you for your comments.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Let me come back to your previous email of 15 April (attached) and your email below, in order to hopefully address some of your concerns.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Regarding your argument that ‘the interpretation of the book is only valid if the text actually supports that interpretation’, this is precisely the case with
NIS 2 text. The legislator’s intention behind ‘publication’ is explained in recital 62 of
<a href="https://secure-web.cisco.com/13dWk7h9VpU03U5HSO6SLOym6r7vc_Dki3_DON-EVBKP-ma0ybtzmC9OKB2C3vFkBLT_JhSVbE44ckvQ4y3zkAyYlgQHuWwD0eeZevyZ1fXS3SfAyo8Pn9oTXg-6yfuL_N33WqiqvrIaRkBiiHAzRiMkMHcwjRBmROjIozblgu_zUTzkAhqoSmsBLWVUDHEWOqqXvvaCvxEI4YfsqZ_GQ1J6ZlRtGj2KsEBDrYM9_6qysMfhByQlrHVtH2H5HseIT/https%3A%2F%2Fdigital-strategy.ec.europa.eu%2Fen%2Flibrary%2Fproposal-directive-measures-high-common-level-cybersecurity-across-union" target="_blank">
NIS 2 Proposal</a>, which explicitly clarifies that “</span><i>TLD registries and the entities providing domain name registration services for them
<u>should make publically available</u> domain name registration data that fall outside the scope of Union data protection rules, such as data that concern legal persons</i>.”
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Given the above context, the word ‘publication’
<span lang="EN-GB">is doubtful to have any other interpretation than the obvious one: ‘publication’ means ‘<i>making publically available’</i>. Publically = to the public.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">I understand your wish to do otherwise, but just to bear in mind that such wish is not enough to override the actual wording of the text.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">We are doing our best to address everyone’s individual concerns (including yours and lots of your comments and suggestions have already been taken into account),
but at the same time we need to ensure that contracted parties who wish to differentiate between legal and natural entities and wish to align their practices with the NIS2 proposal are able to do so. We hope that, even if you do not completely find the provisions
to your liking, you are willing to facilitate this group’s hard efforts to make some progress before the May deadline.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">To come back to your other point, (i.e., that you are not convinced that the availability of non-personal WHOIS data would contribute to the
</span>security, stability and resilience of the DNS), I trust you are not implying that so many people from all over the world are intensively working on a problem which would be non-existent.
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">This is what the current situation looks like:
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Currently the vast majority of registration data are not available and the majority of requests from different organisations to access such data remain unanswered.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify">
<span lang="EN-GB">According to a study published in January 2021 by InterIsle Consulting Group, at present, only 13.5% of domains have an actual registrant identified in WHOIS. Registrars and registry operators have used ICANN’s post-GDPR policy to redact
contact data from 57.3% of all domains. Adding proxy-protected domains, this means that 86.5% of registrants cannot be identified via WHOIS. According to statistics from Appdetex, during the period January 1, 2020, through September 1, 2020, only 24.6% of
2,933 requests submitted to 158 ICANN-accredited registrars resulted in responses that included registrant data. These statistics are also consistent with the estimate of the PSWG within ICANN that roughly 70% of requests are being denied or ignored.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in;text-align:justify">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify">
Even European government agency and law enforcement requests for redacted WHOIS data have been denied. As described in a May 2020 letter from the ICANN President to the European Data Protection Board, requests that have been made by European Data Protection
Authorities for access to redacted, nonpublic WHOIS data to assist in their investigations of potential privacy violations have been denied by domain name registrars and registries.<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in;text-align:justify">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:justify">
I will not list all complaints and problems reported, but just as an illustration, complaints from law enforcement authorities have been brought to our attention, where WHOIS data would have been critical to help combat online sexual child abuse cases. According
to the complainants, the availability of more WHOIS data in public could help to find perpetrators on the internet.
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">The publication of domain name registration data concerning legal entities is expected to substantially increase the wealth of information available to the public.
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">According to a study published in 2021 by InterIsle Consulting Group, the data suggests that only around 11.5% of domains may belong to natural persons who are
protected by GDPR. This 11.5% may be the percentage of domains that is necessary to protect under GDPR. In contrast, registrars and registry operators have redacted contact data from 57.3% of all domains, or five times the amount that may be necessary.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">I trust that the above give a flavour of the actual situation and problems.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">It would be beneficial if you could explain why non-personal data of legal persons have been redacted and why you object to the effort of having greater transparency
while fully respecting privacy of registrants. </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">In light of all the conversations, and B&B advice received, it is clear that the argument of potential liability risk due to inadvertent disclosure of personal
data does no longer hold value. If you want to diminish this risk, it is clear that you first have to distinguish between natural and legal entities and then further ensure that legal entities do not provide any personal data (or, if they do provide personal
data, that they consent to publishing of such personal data). Then in case of a mistake it will be up to the registrant; not the contracted parties. So in our view the liability argument cannot be used as a justification for not taking action – especially
given the many problems that such inaction causes and will continue to cause.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.5in">
<span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Best regards,</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-GB">Melina
</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>From:</b> Gnso-epdp-team <<a href="mailto:gnso-epdp-team-bounces@icann.org" target="_blank">gnso-epdp-team-bounces@icann.org</a>>
<b>On Behalf Of </b>Volker Greimann via Gnso-epdp-team<br>
<b>Sent:</b> Sunday, April 18, 2021 3:04 AM<br>
<b>To:</b> Stephanie E Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>><br>
<b>Cc:</b> GNSO EPDP <<a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a>><br>
<b>Subject:</b> Re: [Gnso-epdp-team] On the proposed guidance<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I think you both make good points. Our starting point is the current status quo, which I expect will continue on into the far future: All registration data provided as a registrant
must be viewed as potential personal information, in a Schroedingers Cat kind-of situation. Until you look at it, you do not know what it is, even though you can make certain assumptions with varying likelihoods. The 2B memo tells us nothing new in that regard.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">What it does tell us is that the various methods of determination without looking have risk of various degrees attached.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Miltons proposed registrant-declaration is one of the lower risk ones methods. Stephanie is also right that in a highly competitive market with razor-thin margins, corners will
be cut at some point of the channel, especially once you enter the realm of resellers. So Stephanie is absolutely correct in her point that the determination of whether contracted parties can rely on the accuracy of any declaration must be that of the contracted
party itself. The declaration of legal status of the registrant ultimately does not help us make that determination. The declaration of content of the data goes a whole lot further in that regard. Controlling the process where the declaration is made helps
even more (hence the requirement to allow post-registration declarations).<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">As for publication vs. disclosure, after having given this some thought, I still tend to come out on the side of disclosure, but with the following features:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- self-declared data sets would be set to automated disclosure.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- public RDAP could contain a marker/flag/label/something that shows that this data set is available for automated disclosure in SSAD<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- Disclosure fees for such data sets in SSAD could be priced lower than non-automated data sets, say half-price<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- Access levels for access to such data sets could be lower for users of SSAD. For example, if you just want to access automated-disclosure sets, accreditation could be voluntary,
and a mere ID-check application process and a statement of legitimate interest for each request could be possible.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Advantages:
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- Increased utility of SSAD<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- SSAD User Fees would decrease (higher query volumes overall, lower fees for some queries)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- CP Risk would be limited<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">- CP handling times for requests would be reduced in case they implement that flag.
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I still need to hear what the benefits of the differentiation of data sets and better availability of non-personal information really are, though. In my experience it is not like
cyber criminals are setting up legal entities such as STEALATRADEMARK, Inc or VIOLATEACOPYRIGHT, Ltd. left and right to register their domain names. Those kinds of domains are usually registered with perfectly accurate personal data sets. If someone could
really make the case of what the perceived benefit to all parties concerned is on this (something I have been asking for from days 1), I'd be happy to hear them. The common argument of security, stability and resilience of the DNS went out of the window the
day the Temp Spec first came into effect after all, as neither of the three has been affected by the current vegetative state of the WHOIS (In the sense that it is not quite dead yet, but almost. Machines still keep it alive).
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">This also would solve the issue of thick vs thin RDAP:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">If RDAP only returns the basic data set anyway and never any personal information, there is no longer any need to require registrars to provide RDAP services as there no longer
is any concern in supplying said data to the registries for centralised publication. Thick RDAP would be saved.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<b>KEY-SYSTEMS GMBH</b><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: <a href="https://urldefense.com/v3/__http:/www.key-systems.net/__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxhKRwDSK$" target="_blank"><span style="color:#1155CC">www.key-systems.net</span></a><br>
<br>
Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Oliver Fries and Robert Birkner<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<br>
<br>
<span style="font-size:10.5pt;font-family:"Roboto",serif;color:black;background:#F8F9FA">This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission,
distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On Sat, Apr 17, 2021 at 12:19 AM Stephanie E Perrin via Gnso-epdp-team <<a href="mailto:gnso-epdp-team@icann.org" target="_blank">gnso-epdp-team@icann.org</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<p>Bird and Bird is offering arguments for protection in the event of complaint. While that protection is welcome and reassuring in terms of risk, I am not certain that we have adequately explained to 2Birds how registration actually takes place. It would
have been beneficial to walk them through a range of different ways to register a domain name. As we have discussed in the calls, very often non-savvy non-commercial users or small business/home workers use resellers of various kinds to register their domains.
Additional risk creeps in here, WRT whether or not a positive consent has been obtained from relevant employees. Further risk creeps in when we look at automatic renewals, where the contact data may not be updated. If updated, have the steps been taken to
get consent from new employees? To me this is key, non-savvy users, and I count myself among them, are not likely to check what an intermediary is doing with respect to the domain renewal or updating.<o:p></o:p></p>
<p>Now, of course the argument is that they SHOULD be more diligent and they SHOULD pay attention to the accuracy requirements, but lets deal in facts here.....are they? As the data controller who is pre-emptively disclosing personal data, allegedly with consent,
to unknown (to the contracted party) third parties, the responsibility still rests with the controller. As I have mentioned, a Facebook or a Google or a Microsoft can get away with treading roughshod over their consent arrangements....not too many folks are
going to give up free or necessary services over quibbles in a consent form, even if it is 75 pages long. However the registrars (and to a lesser extent, the registries) are operating in a highly competitive market. Once losing my trust, perhaps over a trifling
inattention to the accuracy of my data, and I am transferring my domains to another company. Policing a complex reseller market is also rather a difficult matter that we have not discussed at length in our debates on this issue. I know that the data commissioners
as a group do not understand how the accountability for the handling of personal information is transferred in that market, and it would not be surprising if 2Birds did not either. Bottom line: accredited registrars are shouldering the risk here, it is their
risk, and they would know best whether they can trust the accuracy of the designation of legal personhood. This is why I think that this designation, in my opinion, should always permit an override by the contracted parties to treat the data as personal.
I have suggested many many times that commercial organizations should operate on an accreditation basis and be linked to their official registration numbers (business, corporation, municipal licence etc). Noone ever responds to that idea....if it is totally
ridiculous I would certainly like to know why, I am offering it in good faith and I think it would do something useful to stop fraudulent registrations in their names. However, small business and non-commercial organizations, even if incorporated or in possession
of a registration # of some kind have different needs and circumstances, and they are frequently treated differently under data protection law.
<o:p></o:p></p>
<p>One final point that I have raised a few times.....we tend to focus on enforcement fines and Court costs. Even if noone ever complains to a DPA or takes a case to Court, where the advice of 2 Birds gives us some comfort that the risk is manageable, and
the results would exonerate the contracted parties.....what about reputational damage in the meantime? Court costs? Who actually wants to have customers complaining about the practices? Employee morale, if it is employees who are objecting to the practices?<o:p></o:p></p>
<p>I support focusing on whether the data submitted is personal or not, with a fulsome definition and description of same, and full flexibility for contracted parties to err on the side of caution and consider the possibility of some data being personal after
all. After all, much data is still being disclosed, and noone has adduced strong evidence that the delay in requesting the data (as opposed to getting it from the published data) will have huge repercussions. What is actually at play here is who is doing
the extra work....the requesting party, or the data controller.<o:p></o:p></p>
<p>Stephanie Perrin<o:p></o:p></p>
<p> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On 2021-04-15 10:42 p.m., Mueller, Milton L via Gnso-epdp-team wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><strong><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#C75000">EXTERNAL EMAIL:</span></strong><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D">Further legal support from TwoBirds</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p style="margin-left:19.5pt"><span lang="EN-GB">14.2</span><span lang="EN-GB" style="font-size:7.0pt">
</span><span lang="EN-GB">If personal data is erroneously included in published Registration Data, it would in this scenario occur despite substantial (VSC) steps taken by the Contracted Parties, and would be primarily attributable to the actions/omissions
of the Registrant. This is likely to be taken into account by data subjects, data protection supervisory authorities, and courts.</span><o:p></o:p></p>
<p style="margin-left:19.5pt"><span lang="EN-GB">14.3</span><span lang="EN-GB" style="font-size:7.0pt">
</span><span lang="EN-GB">The data in question is likely to be low sensitivity. The scenario being envisaged here (mistaken inclusion of personal data in published Registration Data) seems to be most likely to occur when a legal entity (e.g. a company or non-profit
organisation) is registering / maintaining its own domains. In those scenarios, we assume the personal data that could be disclosed would ordinarily relate to an employee’s work details (e.g. a company email address), not an individual’s private life. Although
the GDPR confers protection even in the workplace, the data in question here may arguably be less capable of causing harm to an individual than data relating to the data subject’s private life.<a name="m_2928171497802302509_m_4115156499825390"></a><a href="#m_2928171497802302509_m_411515649982539"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-family:"Georgia",serif">[1]</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><o:p></o:p></span></p>
<p style="margin-left:19.5pt"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span lang="EN-GB">14.4</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span lang="EN-GB" style="font-size:7.0pt">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span lang="EN-GB">In more sensitive cases (e.g. disclosing that a person works for a company in a sensitive or “embarrassing” sector), a Registrant would be putting itself at
serious risk of complaints from its own employees. Registrants are therefore already incentivised to avoid errors that could have serious consequences for their own staff.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b>From:</b> Mueller, Milton L
<br>
<b>Sent:</b> Thursday, April 15, 2021 10:34 PM<br>
<b>To:</b> </span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
<b>Subject:</b> RE: [Gnso-epdp-team] On the proposed guidance<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Some legal support for my argument below from Bird & Bird:</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-indent:.5in">
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">There may even be an argument, based on EU Court of Justice (“CJEU”) caselaw, that this is a situation where Contracted Parties should generally only be liable should they fail to properly
address a complaint about the data – i.e. only once they are put on notice about the alleged illegality and thereby have an opportunity to “verify” the merits of the complaint.</span><a href="#m_2928171497802302509_m_411515649982539"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">[1]</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">
This bears some parallels to other EU liability regimes for operators of services online that process – unwittingly – content that violates EU law.</span><a href="#m_2928171497802302509_m_411515649982539"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">[2]</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">
As discussed at footnote 6 below, this is arguably recognised in (at least some) decisions of GDPR supervisory authorities.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">In other words, if personal data finds its way into a published registration record
that should not be there, an objection can be lodged with the registrar and they can verify the merits and remove the data.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Dr. Milton L Mueller</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Georgia Institute of Technology</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">School of Public Policy</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span><a href="https://urldefense.com/v3/__https:/internetgovernance.org/__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxoPMR176$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#0563C1">Internet
Governance Project</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b>From:</b> Mueller, Milton L
<br>
<b>Sent:</b> Thursday, April 15, 2021 9:14 PM<br>
<b>To:</b> </span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
<b>Subject:</b> FW: [Gnso-epdp-team] On the proposed guidance<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">>" Everyone who is named in a role in a registration must have already been informed
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">> and consented to all of the conditions involved in the role. " This is the ideal. Sadly, this ideal
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">> is very often not the case.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Whoa.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Of course, Volker, it is possible that a person making a registration for a legal
person won’t do it properly. But it is absurd to expect a registrar to be legally responsible for that. How can the registrar be liable for privacy breaches made by the registrant? Indeed, I can’t understand why gaining the consent of the administrative assistant
of the xyz department to have their name listed in the whois is a matter for DNS/ICANN policy at all. ICANN policy simply needs to inform registrants that under certain conditions the data will be published.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Let’s take an extreme case – suppose a nasty IT manager in a major corporation puts
the name, email address and (what the heck) a revenge porn photo of her ex-husband in her company’s registration record. Are you telling me the registrar would be considered responsible for that breach of privacy? Not the nasty IT manager?
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Show me a legal case in which that kind of liability has been assigned. I doubt you
can, but I await the data from CP lawyers who have been involved in these cases. I do know of several cases in which agents for a corporation wrongly listed themselves as the technical and administrative contact, making it possible for them to hijack the name.
The registrar was NEVER held liable for that. </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Reminder: We had to reform Whois/RDS policy because ICANN,
<b>as a matter of contractual obligation, required registrars to publish sensitive PII of any and every Registrant</b>. Once we have removed that obligation, and once we have given registrants knowledge of the conditions under which the data in the record should
be published, I don’t see why registrars need to worry about some corporation listing the personal email address of someone in their IT department.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">So if this alleged risk is being cited to scare us away from allowing registrants
to self-designate as legal or natural, it is a pretty weak case, imho.</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">--MM
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b>From:</b> Gnso-epdp-team <</span><a href="mailto:gnso-epdp-team-bounces@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team-bounces@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">>
<b>On Behalf Of </b>Volker Greimann via Gnso-epdp-team<br>
<b>Sent:</b> Thursday, April 15, 2021 10:10 AM<br>
<b>To:</b> Steve Crocker <</span><a href="mailto:steve@shinkuro.com" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">steve@shinkuro.com</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">><br>
<b>Cc:</b> </span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
<b>Subject:</b> Re: [Gnso-epdp-team] On the proposed guidance<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">Employees are named by other employees without their knowledge, or remain named long after they leave. From the
experience as a registrar dealing with registrants every day, this ideal is an assumption that does not survive contact with reality.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<b>KEY-SYSTEMS GMBH</b><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: </span><a href="https://urldefense.com/v3/__http:/www.key-systems.net/__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxhKRwDSK$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1155CC">www.key-systems.net</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
<br>
Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Oliver Fries and Robert Birkner<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<br>
<br>
</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.5pt;font-family:"Roboto",serif;color:black;background:#F8F9FA">This email and any files transmitted are confidential and intended only for the person(s) directly
addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this
email with any files that may be attached.</span><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">On Thu, Apr 15, 2021 at 3:36 PM Steve Crocker via Gnso-epdp-team <</span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:18.0pt;font-family:"Garamond",serif">Laureen,</span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:18.0pt;font-family:"Garamond",serif"> </span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:18.0pt;font-family:"Garamond",serif">Thanks for your note. With respect to the details
under legal person, we believe the issue of consent should be moot. Everyone who is named in a role in a registration must have already been informed and consented to all of the conditions involved in the role. This is a prerequisite for having a working
system and is not specific to meeting a privacy regulation. The fact that this requirement is not specified in the existing contractual documentation is an error and needs to be rectified.</span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:18.0pt;font-family:"Garamond",serif"> </span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:18.0pt;font-family:"Garamond",serif">Steve</span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:18.0pt;font-family:"Garamond",serif"> </span><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">On Thu, Apr 15, 2021 at 6:28 AM Kapin, Laureen via Gnso-epdp-team <</span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">I think we share common ground on
many key issues and I would like to build on the many helpful inputs received as to what would be advisable.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Goal</span></b></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">:
publish non-personal, non-protected data to the greatest extent permissible under the GDPR and within low legal risks to data controllers and processors. Note, the description below does
<i>not </i>fully detail the advised safeguards which B&B has documented and which we’ve adopted in our prior input because my impression is that we generally agree that the safeguards are prudent. This description merely seeks to identify the key steps that
must be taken to ensure that personal data is identified and protected and non-personal data is published. I also highlight the addition of a potential additional safeguard – Confirmation. I think this process incorporates what we’ve discussed and inputs
received and could form a useful framework for discussion. </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Note:</span></b><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span></b><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:Wingdings;color:#002060">n</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">New Registrations:
</span></b></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">This process applies to new registrations (Steve C. has some useful thoughts on how to deal with
existing Registrations) </span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:Wingdings;color:#002060">n</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Publish:
</span></b></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">When I use the word “publish,” I mean made public directly; not via the SSAD.
</span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:Wingdings;color:#002060">n</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Flexibility:
</span></b></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Based on input from our Registrar colleagues, we should permit flexibility for how these steps
are implemented to account for the varied business models in place. </span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:Wingdings;color:#002060">n</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Timing:
</span></b></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">All identifications need to take place at the time of registration or shortly thereafter (w/in
the 13-day accuracy verification window) and no registration data should be published until the identification, consent, and confirmation process concludes</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Process:</span></b><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">1.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">A threshold identification of the registrant as a natural or legal person;</span><o:p></o:p></span></p>
<p style="margin-left:1.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">a.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">If natural, registration info redacted</span><o:p></o:p></span></p>
<p style="margin-left:1.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p style="margin-left:1.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">b.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">If legal, further inquiries and advisories (safeguards):</span><o:p></o:p></span></p>
<p style="margin-left:1.5in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">i.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">if the legal person identifies that it has a protected status under the GDPR</span><o:p></o:p></span></p>
<p style="margin-left:2.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">1.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">registration info redacted</span><o:p></o:p></span></p>
<p style="margin-left:2.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p style="margin-left:1.5in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">ii.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">If the legal person registration contains personal data, advise of consequences (publication)</span><o:p></o:p></span></p>
<p style="margin-left:2.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">1.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Obtain necessary consents</span><o:p></o:p></span></p>
<p style="margin-left:2.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">2.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><i><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Possible additional safeguard</span></i></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">:
<i>Ask Registrant to Confirm any identification that will result in publication of contact data
</i>(akin to confirming a flight reservation or stock trade)</span><o:p></o:p></span></p>
<p style="margin-left:2.5in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">a.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Publish
</span><o:p></o:p></span></p>
<p style="margin-left:2.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">3.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">If no consent</span><o:p></o:p></span></p>
<p style="margin-left:2.5in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">a.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Redact</span><o:p></o:p></span></p>
<p style="margin-left:2.0in"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">2.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#002060">
</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">Provide quick and easy opportunity to correct any mistakes</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060">I hope this is useful.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:#5800B0">Kind regards,</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:#5800B0"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:#5800B0">Laureen Kapin</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:#5800B0">Counsel for International Consumer
Protection</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:#5800B0">Federal Trade Commission</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Helvetica",sans-serif;color:#5800B0">(202) 326-3237
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:14.0pt;font-family:"Arial",sans-serif;color:#002060"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b>From:</b> Gnso-epdp-team <</span><a href="mailto:gnso-epdp-team-bounces@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team-bounces@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">>
<b>On Behalf Of </b>Volker Greimann via Gnso-epdp-team<br>
<b>Sent:</b> Thursday, April 15, 2021 8:35 AM<br>
<b>To:</b> Hadia Abdelsalam Mokhtar EL miniawi <</span><a href="mailto:Hadia@tra.gov.eg" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">Hadia@tra.gov.eg</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">><br>
<b>Cc:</b> </span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
<b>Subject:</b> Re: [Gnso-epdp-team] On the proposed guidance<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">I think we need to be cognisant of the current status quo and use that as the basis for our thoughts on the matter:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">1) There is no differentiation between legal or natural contacts.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">2) The redaction of all contacts is permitted and has become the de-facto standard.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">3) We allow consent-based disclosure.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">4) NIS 2 may at some point in the future require publication of non-personal information.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">This leads to two very simple follow-on questions:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">a) How do we identify such non-personal information? What is really necessary for this end?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">b) What would publication entail?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">For a) we and Twobirds identified voluntary self-declaration of the data submitted. As all data is redacted by
default, the differentiation of the data subject category is irrelevant as it ultimately only boils down to the declaration of the data subject thatthe data contains no personal information.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">For b), the term "publish" is undefined. For all we know, it could mean publication in a physical print edition
(it doesn't mean that though). But publication within SSAD can very well be sufficient for that definition. There is no reason whatsoever to assume differently.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">-- <br>
Volker A. Greimann<br>
General Counsel and Policy Manager<br>
<b>KEY-SYSTEMS GMBH</b><br>
<br>
T: +49 6894 9396901<br>
M: +49 6894 9396851<br>
F: +49 6894 9396851<br>
W: </span><a href="https://urldefense.com/v3/__http:/www.key-systems.net/__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxhKRwDSK$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1155CC">www.key-systems.net</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
<br>
Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>
CEO: Oliver Fries and Robert Birkner<br>
<br>
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<br>
<br>
</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.5pt;font-family:"Roboto",serif;color:black;background:#F8F9FA">This email and any files transmitted are confidential and intended only for the person(s) directly
addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this
email with any files that may be attached.</span><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
</div>
</div>
<div id="gmail-m_2928171497802302509gmail-m_4115156499825390581gmail-m_8997009847875421100gmail-m_5832361527529862212gmail-m_2854865445665285661gmail-m_-3565268638294194630gmail-m_7094575180366425829DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<table class="MsoNormalTable" border="1" cellspacing="3" cellpadding="0" style="border:none;border-top:solid windowtext 1.0pt;border-color:currentcolor">
<tbody>
<tr>
<td width="55" style="width:41.25pt;border:none;padding:9.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span><a href="https://urldefense.com/v3/__https:/www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxiSlynfH$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="text-decoration:none"><img border="0" width="46" height="29" style="width:.4791in;height:.302in" id="_x0000_i1028" src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"></span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span>
<td width="470" style="width:352.5pt;border:none;padding:9.0pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:13.5pt">
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#41424E">Virus-free.
</span></span><a href="https://urldefense.com/v3/__https:/www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxiSlynfH$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#4453EA">www.avast.com</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#41424E">
</span><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">On Thu, Apr 15, 2021 at 1:52 PM Hadia Abdelsalam Mokhtar EL miniawi via Gnso-epdp-team <</span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Dear Milton,</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Thank you for your constructive thoughts. I believe we have a lot to build on. In
relation to principle one, I think we all agree that some legal data subjects would want to publish their data in the RDDS, but without your first principle they can only do this through consent. The legal memo received lately from Bird & Bird explains that
if CPs publish the data of legal persons based on consent they are at a higher risk than if they publish the data of legal persons based on self-designation. In the latter case CPs might only be liable if they fail to address a complaint. So the question always
was: what is the benefit of labeling the data as belonging to a natural or legal person? Of course we all know that GDPR protects the data of natural persons and not legal persons, but the important answer now is that the distinction significantly reduces
the liability of CPs. In addition, the distinction is helpful in performing the balancing test in case the data is not published and I am sure if we look into individual use cases we can find much more benefits. Moreover, it could prove to be useful regarding
possible upcoming regulations. I would also add that the level of protection assigned to the data elements suggested by Steve provides additional safe guards and flexibility in the implementation.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Finally, I join you in being optimistic about our ability to finish this.</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Kind regards</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Hadia
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:currentcolor">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">
Gnso-epdp-team [mailto:</span></span><a href="mailto:gnso-epdp-team-bounces@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">gnso-epdp-team-bounces@icann.org</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">]
<b>On Behalf Of </b>Mueller, Milton L via Gnso-epdp-team<br>
<b>Sent:</b> Wednesday, April 14, 2021 10:12 PM<br>
<b>To:</b> </span></span><a href="mailto:gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">gnso-epdp-team@icann.org</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><br>
<b>Subject:</b> Re: [Gnso-epdp-team] On the proposed guidance</span><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Colleagues:</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">I have only gotten time to review the latest Guidance document and the surrounding
debate today. Apologies, but there is a lot going on in my day job. </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">I am disappointed to see that we seem to be going backwards. I see divergence rather
than convergence on the way we are approaching the problem.</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">I see no point in adding more noise to the current document via the Comments function.
What I would like to try to do is articulate some broad principles about how to deal with the legal/natural distinction. If we can agree on those principles, it will be relatively easy to complete the document. If we cannot/do not agree on those principles,
additional wordsmithing and debates over terms will not get us anywhere. </span>
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">So here are the broad principles that I would offer up for debate:
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">1.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#1F497D">
</span><span style="color:#1F497D">The legal/natural distinction is relevant and we need to find a way make it in RDDS without compromising privacy rights.
</span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">2.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#1F497D">
</span><span style="color:#1F497D">Registrants should be able to self-designate as legal or natural, with no burden of authentication placed on registrars or registries</span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">3.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#1F497D">
</span><span style="color:#1F497D">To protect small home offices or NGOs who are technically Legal persons but whose registration data may include Personal data, we need an additional check in the process.</span><o:p></o:p></span></p>
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">4.</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:7.0pt;color:#1F497D">
</span><span style="color:#1F497D">As long as they conform with the above 3 principles, registrars/ries (CPs) should be given maximum flexibility to choose the way to differentiate.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Principle 1 discussion:</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">If we cannot agree on this (or agree to abandon this principle), _<i>nothing else
will fall into place</i>_. Ever. So let’s settle that. Steve and Volker I suspect will disagree with this principle. Steve has argued that the L/N distinction is “not a central concern” and all that matters is whether the registrant’s data is to be made available
to anyone. If he is right, we can discard the guidance altogether, because we already have a recommendation to allow the RNH to consent to the publication of their data. Volker has also suggested that it is personal data we need to differentiate, not L/N .
I disagree with Steve and Volker on this and so do most of the rest of the group. L/N distinction is a central concern to certain stakeholder groups in the EPDP, because a) GDPR and other data protection laws do not protect it and this process is all about
bringing RDS into compliance with privacy law; b) Legal person data could be published and it would provide easier access to their registration data. As a NCSG member I can find no basis for objecting to the publication of WalMart’s, Kroger’s or the local
hardware store’s registration data. Any concerns about PII are addressed by principles 2 and 3. Steve is approaching this as an engineer, but this is a policy process, and we will not obtain agreement on a solution unless certain stakeholders are satisfied.
If they think it is a central concern, it’s a central concern, that’s how policy/politics work.</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Principle 2 discussion</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">This is the key principle that keeps NCSG and CPH satisfied. Registrants are in control
of how they are designated. Yes, this means that some people will lie. That is just something we will have to accept. One cannot erase that possibility without creating a system that is too burdensome and costly as to outweigh any benefits.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Principle 3 discussion</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">This is something everyone seems to agree on already. But it is good to make it explicit,
then we can work out how specific our guidance can get, so as to conform to …</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Principle 4</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">Avoid being overly prescriptive, but ensure that the other 3 principles are honored.
So yes, Volker, we give you maximum flexibility to implement in accordance with different business models, but you can NOT make a designation for a RNH, because it violates principle 2.
</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D">I truly believe that if we can come to agreement on these 4 principles and use them
as the basis for drafting guidance, we can actually finish this.</span><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:#1F497D"> </span><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
</span><a href="mailto:Gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">Gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
</span><a href="https://urldefense.com/v3/__https:/mm.icann.org/mailman/listinfo/gnso-epdp-team__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxghxMAOY$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (</span><a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/policy__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxl5BDJwa$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://www.icann.org/privacy/policy</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">)
and the website Terms of Service (</span><a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/tos__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxn6b_CGX$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://www.icann.org/privacy/tos</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">).
You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></p>
</blockquote>
</div>
<div id="gmail-m_2928171497802302509gmail-m_4115156499825390581gmail-m_8997009847875421100gmail-m_5832361527529862212gmail-m_2854865445665285661gmail-m_-3565268638294194630gmail-m_7094575180366425829DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"> <o:p></o:p></span></p>
<table class="MsoNormalTable" border="1" cellspacing="3" cellpadding="0" style="border:none;border-top:solid windowtext 1.0pt;border-color:currentcolor">
<tbody>
<tr>
<td width="55" style="width:41.25pt;border:none;padding:9.75pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span><a href="https://urldefense.com/v3/__https:/www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxiSlynfH$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="text-decoration:none"><img border="0" width="46" height="29" style="width:.4791in;height:.302in" id="_x0000_i1027" src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"></span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span>
<td width="470" style="width:352.5pt;border:none;padding:9.0pt .75pt .75pt .75pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:13.5pt">
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#41424E">Virus-free.
</span></span><a href="https://urldefense.com/v3/__https:/www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxiSlynfH$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#4453EA">www.avast.com</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#41424E">
</span><o:p></o:p></span></p>
</td>
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="color:black"> </span><o:p></o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
</span><a href="mailto:Gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">Gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
</span><a href="https://urldefense.com/v3/__https:/mm.icann.org/mailman/listinfo/gnso-epdp-team__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxghxMAOY$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (</span><a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/policy__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxl5BDJwa$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://www.icann.org/privacy/policy</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">)
and the website Terms of Service (</span><a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/tos__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxn6b_CGX$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://www.icann.org/privacy/tos</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">).
You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></p>
</blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
</span><a href="mailto:Gnso-epdp-team@icann.org" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">Gnso-epdp-team@icann.org</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
</span><a href="https://urldefense.com/v3/__https:/mm.icann.org/mailman/listinfo/gnso-epdp-team__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxghxMAOY$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (</span><a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/policy__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxl5BDJwa$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://www.icann.org/privacy/policy</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">)
and the website Terms of Service (</span><a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/tos__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxn6b_CGX$" target="_blank"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">https://www.icann.org/privacy/tos</span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">).
You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></p>
</blockquote>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br clear="all">
<o:p></o:p></span></p>
<div>
<div>
<div class="MsoNormal"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt">
<hr size="1" width="33%" align="left">
</span></span></div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><br clear="all">
<o:p></o:p></span></p>
<div>
<div class="MsoNormal"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:10.0pt">
<hr size="1" width="33%" align="left">
</span></span></div>
</div>
<div id="gmail-m_2928171497802302509gmail-m_4115156499825390581gmail-m_8997009847875421100gmail-m_5832361527529862212gmail-m_2854865445665285661ftn1">
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span><a href="#m_2928171497802302509_m_411515649982539"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span style="font-size:8.0pt;font-family:"Georgia",serif">[1]</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390">
As explained above, we have understood this question to be asking about scenarios where Registrants are legal persons, as per the EDPB quote at paragraph 1. In respect of individual (natural person) Registrants, the issues will be largely similar: if a natural
person incorrectly states that their data is not personal data, then (i) the verification measures should prevent the data from being published, since they will give the data subject an opportunity to correct their mistake; (ii) the mitigating factors and
legal arguments described at paragraphs 11.7 and 11.8 and paragraphs 14.1 - 14.6 here, should confer reasonable legal protection for Contracted Parties.<o:p></o:p></span></p>
</div>
<div id="gmail-m_2928171497802302509gmail-m_4115156499825390581gmail-m_8997009847875421100gmail-m_5832361527529862212gmail-m_2854865445665285661ftn2">
<p><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span><a href="#m_2928171497802302509_m_411515649982539"><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span lang="EN-GB">[1]</span></span><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span></a><span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"><span lang="EN-GB">
In its judgement in Case C‑136/17 <i>GC and Others</i>, the CJEU explained that GDPR obligations relating to an erasure (“Right to Be Forgotten”) request apply “<i>to the operator of a search engine in the context of his responsibilities, powers and capabilities
as the controller of the processing carried out in connection with the activity of the search engine, on the occasion of a verification performed by that operator, under the supervision of the competent national authorities, following a request by the data
subject”</i>. As the Advocate General explained in that case, “<i>such an operator can act only within the framework of its responsibilities, powers and capabilities. In other words, such an operator may be incapable of ensuring the full effect of the provisions
of [EU data protection law], precisely because of its limited responsibilities, powers and capabilities. . . An ex ante control of internet pages which are referenced as the result of a search does not fall within the responsibilities or the capabilities of
a search engine</i>.” It could not know, from the moment it indexed a webpage, that the content of that page was (for example) out of date (as in the original
<i>Google Spain / Costeja</i> ruling), or (in the <i>GC and Others</i> case<i>) </i>
“special category” or “criminal offence” data for which it required consent.</span><o:p></o:p></span></p>
</div>
<span style="mso-bookmark:m_2928171497802302509_m_4115156499825390"></span>
<div id="gmail-m_2928171497802302509gmail-m_4115156499825390581gmail-m_8997009847875421100gmail-m_5832361527529862212gmail-m_2854865445665285661ftn3">
<p><a href="#m_2928171497802302509_m_411515649982539"><span lang="EN-GB">[2]</span></a><span lang="EN-GB"> See, for example,
<a href="https://secure-web.cisco.com/1PPn2p2s6dzer8OKRUBFJPCEk7-mmKJw2XWOI9X3Sbr6FILGS1AEl6kvxFj8GlsxT1Vg1Xz0hvDU6QrMwaExmPHn19H9wCC-DAO_Z-g6EdUybMXgqpTxt-dVivlRKKb46xIfbMeAUmNz4OD-2-jeC2GPM-5dPIPDeHwc7T98JYcF0pudUc6o4HqiVbWiDKMTV57Pl8YZSToxtmyu5uSwpMEge6DbKR70pe78PBDDoLATMFhY-4XmTZO_xBzKUrXL-/https%3A%2F%2Feur-lex.europa.eu%2Flegal-content%2FEN%2FALL%2F%3Furi%3Dcelex%253A32000L0031" target="_blank">
Article 14</a> of the e-Commerce Directive 2000/31/EC and its transposition into the national laws of EU/EEA Member States and the UK.
</span><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gnso-epdp-team mailing list<o:p></o:p></pre>
<pre><a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><o:p></o:p></pre>
<pre><a href="https://urldefense.com/v3/__https:/mm.icann.org/mailman/listinfo/gnso-epdp-team__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxghxMAOY$" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><o:p></o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/policy__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxl5BDJwa$" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/tos__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxn6b_CGX$" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><br>
<a href="https://urldefense.com/v3/__https:/mm.icann.org/mailman/listinfo/gnso-epdp-team__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxghxMAOY$" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/policy__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxl5BDJwa$" target="_blank">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a href="https://urldefense.com/v3/__https:/www.icann.org/privacy/tos__;!!DOxrgLBm!XSywrkEovOjOF-WmOAPUMVqsao1Zv9b2rUkkdL1O1jXYaDTpt6eZXsc9LSp2ncroxn6b_CGX$" target="_blank">https://www.icann.org/privacy/tos</a>). You can
visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><br>
<a href="https://secure-web.cisco.com/16wEaGw0GyAb6ahlevuupWt1K0Yq8ZN5qkZy1oyRBBFvmSczMqC92I7X6btwvYM2tz4qQH6IGGDiyQS9x7A0y4UBOP3Y6yqg3XfDA5aKIHuEKeoSR2vgowFOhSVWJWsX062ok1wSaGKbEyw_XUL7RhApoVx3wlgGdwtnzavE5D_2f_BkUtPoMk7wjnC8U9wwNgj4NieVR29qIM852MKnOin1-RKWysdBi7ifeczk3unh1FHutD73cvJfOqrN0bMrD/https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://secure-web.cisco.com/1t1d6Ou5QM2EGQlXYqUVvA2hM8sz6vavevGfYN9xoDkpEMocGZOZBYVHmzrq0ybI1mWActLqXmn9HhuIwkxbgYAFv0KbBDINqphWngQnSm_LSvWy_B8eLCWKKcBPlAO9JhHSMxDxGQnsOlWc43e6Ac3zO6TaIzLa35BJ9lTk5vrUW6tHgqfEpUmzqXmtDsVsk3tV14ZgKywdSrYzXKE_uoXGtKcJ1SDdK4V0W0-QkfZbHRQMBx2jzdnATgWUdGbJM/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy" target="_blank">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a href="https://secure-web.cisco.com/1tBPn-cMMnfqbEJTLK-9Hrn9NcJ9t-pyZO_DD7D3ZSjknVSj2-X91RtwJpk8ZzAfz_5rgskButFvPy-udhNzGSwOSjW2M1lZjgFE_92yUjNJq7W6yHwmhyd-e-Er_chZxzT_Z2Vz7-QZRJn9a4ciHEIUX71a58g5wVbzakL4hKJ93g8DaIyqwcq1QryPs_lEYIjPHuijuZkfHypr5nY13S_0N6RZnrq2S0VPEUgXZ-BXEgtJvjeIS1z3zOwTW4LGw/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos" target="_blank">https://www.icann.org/privacy/tos</a>).
You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></p>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt">_______________________________________________<br>
Gnso-epdp-team mailing list<br>
<a href="mailto:Gnso-epdp-team@icann.org" target="_blank">Gnso-epdp-team@icann.org</a><br>
<a href="https://secure-web.cisco.com/16wEaGw0GyAb6ahlevuupWt1K0Yq8ZN5qkZy1oyRBBFvmSczMqC92I7X6btwvYM2tz4qQH6IGGDiyQS9x7A0y4UBOP3Y6yqg3XfDA5aKIHuEKeoSR2vgowFOhSVWJWsX062ok1wSaGKbEyw_XUL7RhApoVx3wlgGdwtnzavE5D_2f_BkUtPoMk7wjnC8U9wwNgj4NieVR29qIM852MKnOin1-RKWysdBi7ifeczk3unh1FHutD73cvJfOqrN0bMrD/https%3A%2F%2Fmm.icann.org%2Fmailman%2Flistinfo%2Fgnso-epdp-team" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-epdp-team</a><br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://secure-web.cisco.com/1t1d6Ou5QM2EGQlXYqUVvA2hM8sz6vavevGfYN9xoDkpEMocGZOZBYVHmzrq0ybI1mWActLqXmn9HhuIwkxbgYAFv0KbBDINqphWngQnSm_LSvWy_B8eLCWKKcBPlAO9JhHSMxDxGQnsOlWc43e6Ac3zO6TaIzLa35BJ9lTk5vrUW6tHgqfEpUmzqXmtDsVsk3tV14ZgKywdSrYzXKE_uoXGtKcJ1SDdK4V0W0-QkfZbHRQMBx2jzdnATgWUdGbJM/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Fpolicy" target="_blank">https://www.icann.org/privacy/policy</a>)
and the website Terms of Service (<a href="https://secure-web.cisco.com/1tBPn-cMMnfqbEJTLK-9Hrn9NcJ9t-pyZO_DD7D3ZSjknVSj2-X91RtwJpk8ZzAfz_5rgskButFvPy-udhNzGSwOSjW2M1lZjgFE_92yUjNJq7W6yHwmhyd-e-Er_chZxzT_Z2Vz7-QZRJn9a4ciHEIUX71a58g5wVbzakL4hKJ93g8DaIyqwcq1QryPs_lEYIjPHuijuZkfHypr5nY13S_0N6RZnrq2S0VPEUgXZ-BXEgtJvjeIS1z3zOwTW4LGw/https%3A%2F%2Fwww.icann.org%2Fprivacy%2Ftos" target="_blank">https://www.icann.org/privacy/tos</a>).
You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></span></p>
</blockquote>
</div>
</div>
</body>
</html>