[Gnso-impl-thickwhois-rt] Draft Thick Whois memo to the GNSO

theo geurts gtheo at xs4all.nl
Wed Aug 31 18:49:31 UTC 2016 

Hi Steve,

Good questions, I'll let Marc come up with his own answers.

Just to point out on 1 though, USA back end Registries did rely on Safe 
Harbor. You can still look them up here: 
https://safeharbor.export.gov/list.aspx

I already reached out to several of them, and they informed me they are 
in the process of getting certified for Privacy Shield. I as an EU based 
Registrar have a duty to make sure that when I send data to USA based 
companies they are Privacy Shield certified. If they are not certified 
then I am breaking the law.

Keep in mind though that Privacy Shield itself is just a formality to 
send data to the USA. Privacy Shield itself is not enough. So as an EU 
Registrar I cannot put my feet on the table and relax that dealing with 
a Privacy Shield certified company is enough.

Privacy Shield is a framework, nothing more,  a Privacy Shield certified 
company can still be in violation of the EU directive. As such an EU 
Registrar has to make sure that the USA based privacy shield Registry 
back end provider is not in violation of the directive.
This puts a huge burden on the Registry but also on the Registrar. 
Within the thin WHOIS model, this no burden does not apply.

The Dutch Government introduced an additional requirement in 2014 that 
certain IT companies actually have to audit the American companies they 
do business with.
Currently, this does not apply for Dutch Registrars. But these things, 
as we know can change (laws change all the time). Though I think I 
wouldn't mind a few trips to the USA to audit some Registries :)

Best regards,

Theo

On 31-8-2016 17:37, Metalitz, Steven wrote:
>
> Thanks for providing this draft, Marc.  A couple of questions about it 
> on a quick read:
>
> (1) The first two developments to which you cite are the invalidation 
> of the US-EU Safe Harbor Program and the adoption of the EU-US Privacy 
> Shield framework to replace it.  My impression is that US registries 
> generally did not rely upon the Safe Harbor in processing thick Whois 
> data (e.g., receiving Whois data containing personally identifiable 
> information from European registrars and making it available through 
> registry Whois), and so would not have been directly impacted by its 
> invalidation.   Is my impression wrong?  If I am correct then what is 
> the relevance of either the Safe Harbor or the Privacy Shield in this 
> context?
>
> (2)The last paragraph refers to data localization laws apart from EU 
> privacy/data protection laws.  Can you be more specific?  I note that 
> the Russian law was referenced in footnotes 2 and 10 of the legal 
> review provided to the IRT in June 2015, are there other issues not 
> covered by that analysis?
>
> (3)If the IRT were to send this letter,  the GNSO council  might well 
> ask what (if anything) we are asking them to do. How would you respond?
>
> Steve Metalitz
>
> *image001*
>
> *Steven J. Metalitz *|***Partner, through his professional corporation*
>
> T: 202.355.7902 |met at msk.com <mailto:met at msk.com>**
>
> *Mitchell Silberberg & Knupp**LLP*|*www.msk.com <http://www.msk.com/>*
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
> *_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY 
> FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED 
> RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, 
> AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS 
> MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY 
> REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS 
> STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR 
> TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM 
> YOUR SYSTEM. THANK YOU.*
>
> *From:*gnso-impl-thickwhois-rt-bounces at icann.org 
> [mailto:gnso-impl-thickwhois-rt-bounces at icann.org] *On Behalf Of 
> *Anderson, Marc
> *Sent:* Friday, August 26, 2016 3:21 PM
> *To:* gnso-impl-thickwhois-rt at icann.org
> *Subject:* [Gnso-impl-thickwhois-rt] Draft Thick Whois memo to the GNSO
>
> Dear Colleagues,
>
> During the IRT meetings held at ICANN 56 Helsinki, Joe Waldron raised 
> concerns with the changing landscape of Privacy Laws, in particular 
> with regard to the EU.  He pointed out that recommendation #3 of the 
> Thick Whois policy directs the IRT to notify the GNSO should privacy 
> issues emerge that were not anticipated by the working group. The IRT 
> agreed that we have an obligation to notify the GNSO and asked 
> Verisign to draft a proposed memo from the IRT to the GNSO.
>
> Please find attached that draft memo outlining the obligation and the 
> reasons why we think it is necessary to provide that notification at 
> this time.
>
> Thank you,
>
> Marc
>
> Verisign
>
> *Marc Anderson*
> mcanderson at verisign.com <mailto:mcanderson at verisign.com>
>
> m: 571.521.9943 t: 703.948.3404
> 12061 Bluemont Way, Reston, VA 20190
>
> VerisignInc.com <http://www.verisigninc.com/>
>
> 	
>
> Verisign™
>
>
>
> _______________________________________________
> Gnso-impl-thickwhois-rt mailing list
> Gnso-impl-thickwhois-rt at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20160831/bdf92803/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 2772 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20160831/bdf92803/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 131 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20160831/bdf92803/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 3105 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20160831/bdf92803/attachment-0005.gif>

More information about the Gnso-impl-thickwhois-rt mailing list