[Gnso-rds-pdp-privacy] Summary of the sections of the EWG Report pertinent to privacy
Carlton Samuels
carlton.samuels at gmail.com
Mon Apr 11 19:57:14 UTC 2016
I have been asked to summarize that portion of the EWG's Report pertaining
privacy, inclusive of the FAQs.
Much of what is said can be gleaned from Pages 11-12 and Section VI of the
report, Here goes:
-----------------------------------------------------------------------------
The EWG explicitly adopted that for the next generation RDS, registrants
have a right to privacy and the reasonable expectation for the protection
of their personal data, even when jurisdictions do not have data protection
laws. We explicitly recommended adoption of a policy framework of 'privacy
from the start' and implement mechanisms to introduce, harmonize and
routinely reinforce this perspective; privacy by design.
We recommended adoption of several overarching legal principles as
framework:
*" Personal data must be:*
*· processed lawfully, fairly and in a transparent manner in relation to
the data subject,*
*· collected for specific, explicit and legitimate purposes and not further
processed in a way incompatible with those purposes,*
* · adequate, relevant, and limited to the minimum necessary in relation to
the purposes for which they are processed, and*
*· accurate and kept up-to-date as required for the specified purposes.*
*Lawful processing, including transfer and disclosure can be – subject to
the relevant jurisdiction – based on:*
*• consent of the data subject,*
*• the necessity for the performance of a contract to which the data
subject is party, and*
*• the necessity for compliance with a legal obligation to which the
controller is subject.*
*"*
In addition, the Group adopted as principle the a
right
of the data subject to
access
the
information and a right to rectify inaccuracy
in the information kept on them.
The report then outlined several ways privacy would be embraced and even
enhanced in the next generation RDS:
- ICANN adopt and disseminate a privacy policy
- Add and use standard contract clauses that are harmonized with privacy
and data protection laws and codified in policy
- A “rules engine” to apply data protection laws by jurisdiction
- a pre-validated Contact Directory which offers unique Contact IDs to
deter personal data fraud
- a centralized interface from whence to access all gTLD registration data
- gated dataset beyond a small subset of RD for publication
- RDAP or EPP to access gTLD data in the several registration data stores
- purpose driven access to data inside the gate and only to users who
disclose their identity, are authenticated, request gated data for a
previously determined permissible purpose and are accountable. This
includes law enforcement.
- An accredited Privacy/Proxy Service for general use
- An accredited Secure Protected Credentials Service for persons at risk
and in instances where free speech rights may be denied or speakers
persecuted.
--------------------------------------------------------------------------------------------
-Carlton
==============================
Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*
=============================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160411/7e5e8a0d/attachment.html>
More information about the Gnso-rds-pdp-privacy
mailing list