[Gnso-rds-pdp-privacy] Summary of the sections of the EWG Report pertinent to privacy

Carlton Samuels carlton.samuels at gmail.com
Mon Apr 11 19:57:14 UTC 2016 

I have been asked to summarize that portion of the EWG's Report pertaining
privacy, inclusive of the FAQs.

Much of what is said can be gleaned from Pages 11-12 and Section VI of the
report, Here goes:
-----------------------------------------------------------------------------
The EWG explicitly adopted that for the next generation RDS, registrants
have a right to privacy and the reasonable expectation for the protection
of their personal data, even when jurisdictions do not have data protection
laws. We explicitly recommended adoption of a policy framework of 'privacy
from the start' and implement mechanisms to introduce, harmonize and
routinely reinforce this perspective; privacy by design.

We recommended adoption of  several overarching legal principles as
framework:

*" Personal data must be:*

*· processed lawfully, fairly and in a transparent manner in relation to
the data subject,*

*· collected for specific, explicit and legitimate purposes and not further
processed in a way incompatible with those purposes,*

* · adequate, relevant, and limited to the minimum necessary in relation to
the purposes for which they are processed, and*

*· accurate and kept up-to-date as required for the specified purposes.*



*Lawful processing, including transfer and disclosure can be – subject to
the relevant jurisdiction – based on:*

*• consent of the data subject,*

*• the necessity for the performance of a contract to which the data
subject is party, and*

*• the necessity for compliance with a legal obligation to which the
controller is subject.*
*​"​*



​In addition, the Group adopted as principle the a
right
​ of the data subject to
 access
​the
 information and a right to rectify inaccuracy
​in the information kept on them.
​

The report then outlined several ways privacy would be embraced and even
enhanced in the next generation RDS:

- ICANN adopt and disseminate a privacy policy
- Add and use standard contract clauses that are harmonized with privacy
and data protection laws and codified in policy
-  A “rules engine” to apply data protection laws by jurisdiction
- a pre-validated Contact Directory which offers unique Contact IDs to
deter personal data fraud
- a centralized interface from whence to access all gTLD registration data

- gated dataset beyond a small subset of RD for publication
- RDAP or EPP to access gTLD data in the several registration data stores
- purpose driven access to data inside the gate and only to users who
disclose their identity, are authenticated, request gated data for a
previously determined permissible purpose and are accountable. This
includes law enforcement.
- An accredited Privacy/Proxy Service for general use
- An accredited Secure Protected Credentials Service for persons at risk
and in instances where free speech rights may be denied or speakers
persecuted.
--------------------------------------------------------------------------------------------

-Carlton

==============================
Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*
=============================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160411/7e5e8a0d/attachment.html>

More information about the Gnso-rds-pdp-privacy mailing list