[Gnso-rds-pdp-privacy] Privacy Team Checklist - 18 April 13:00
nathalie coupet
nathaliecoupet at yahoo.com
Mon Apr 18 14:30:06 UTC 2016
Good morning All,
Here are my summaries.
Privacy and ProxyServices
P/P services should remain available to registrants irrespectiveof their status as commercial or non-commercial organizations or asindividuals. Further, P/P registrations should not be limited to privateindividuals who use their domains for non-commercial purposes....
P/P customer data is to be validated andverified in a manner consistent with the requirements outlined in the WHOISAccuracy Program Specification of the 2013 RAA
Presentation-EWG-Final Presentation-23jun14
EWG’s FinalReport
•Details a proposed next-generation RegistrationDirectory Service (RDS)
•Strikes a balance between accuracy, access, andaccountability
•Collects, validates and discloses gTLD data forpermissible purposes only
•Leaves minimum data publicly available
•Safeguards the rest through a new paradigm:purpose-driven gated access
•Introduces new contracted parties to
oValidateContact Data
oAccreditRDS Users
Contact Data can contain
•Third-party PBC’s information, authorized for use bythis Domain Name
•Forwarding addresses, supplied by an accredited PrivacyService
•Proxy’s information, supplied by an accredited ProxyService
•Registrant’s own information, if no other choice is made
•Each Contact Holder can opt to gate data not needed forpurpose(s)
Data Protection Principles
•Compliance challenges growing rapidly for WHOIS,exacerbated by new gTLDs
•Mechanisms must be adopted to facilitate routine legallycompliant data collection and transfer between RDS ecosystem actors handlingpersonal data, including
1.Standard Contract Clauses that are harmonized withprivacy and data protection laws, codified in a policy and enforced throughcontracts
2.“Rules Engine” to apply data protection laws
3.RDS Storage Localization to implement a high level ofdata protection
Privacy Principles
•In addition to compliance with data protection laws, theRDS ecosystem must accommodate needs for privacy by including:
oAnaccredited Privacy/Proxy Service
oAnaccredited Secure Protected Credentials Service
•There Accreditation and rules for the provision and useof accredited Privacy/Proxy services
•Outside of domain names registered via accreditedPrivacy/Proxy Services, Registrants must assume responsibility for the domainnames they register
Secure Protected Credentials (Slide 30)
At-RiskEntity
8) SC Registered
Domain Name ↓ ↑ 1) SC Application
Attestor(s)
7) ↓ ↓ 2)
SecureCredential Recipient
Privacy/Proxy Provider 3) SC Application => Secure Credential (SC) Approver
<= 6) Credential and DomainName ↓↑4)Credential ↑↓ 5) DN
Secure Credential Issuer P/P Provider
For persons atrisk, and in instances where free-speech rights may be denied or speakerspersecuted
EWG-FAQs-2014-Update-26June
Summary: P/Pservices with accreditation and rules to provide anonymity. Contact ID publiclyavailable. Rules engine. Validation zand authentication of Registrants, andPurpose-based Contatcs (PBC) with gated access.
Thereshould be accreditation for privacy/proxy service providers and rules regardingprovision and use of accredited privacy/privacy services. The RDS has beendesigned to leverage accredited privacy/proxy services to address routineprivacy needs, incorporating new data elements to facilitate provideridentification, customer contact, and abuse reporting.
TheRDS accommodates needs for anonymity by offering an accredited “secureprotected credentials” service for persons at risk, and in instances wherefree-speech rights may be denied or speakers persecuted.
Aswith other systems that collect personal data, proper system design, securitymeasures, audits and oversight would be needed to minimize data breach risk.Insider abuse should be deterred through security policy, implementation,enforcement and third-party auditing.
Mechanismsshould be adopted to facilitate routine legally compliant data collection andtransfer between actors within the RDS ecosystem. To accomplish this, RDSactors will be held to standard contract clauses that are harmonized with dataprotection and privacy laws, codified in RDS policy, and implemented through a“rules engine” that applies policy as appropriate for each jurisdiction.
Toimprove both accountability and reachability, validated Registrant,Administrative, Technical, Abuse, and Legal Contacts would be required for allnew domain names. However, Registrants would have many ways to be accountablewithout publishing personal data, including inexpensive/free accredited PrivacyServices and new third-party contact options. To deter identity theft, aContact ID could not be used within a domain name registration withoutauthorization.
Whilethe RDS would require every registered domain name to be associated withContact IDs as needed to satisfy permissible purposes, Purpose-Based Contact(PBC) data elements would NOT be publicly available to everyone. The Contact IDfor each PBC would be publicly accessible to all, but PBC names and addresseswould only be accessible to authenticated requestors, authorized to access RDSdata for the specific purpose associated with each Contact.
Norequestor would ever have unfettered access to the entire data set. The RDSdoes not use a one-size-fits-all “gate.” Requestors and their registration dataneeds vary; so would gated access policies. Like most on-line services thathold private data, the RDS would apply policy-defined permissions, driven byrequestor identity and stated purpose, with uniformly-enforced terms ofservice, backed by more consistent measures to deter and mitigate abuse.
TheRDS should store data in jurisdiction(s) where law enforcement is globallytrusted. Interpol should accredit its own members.
Blog Ajayi
Concernedwith data accuracy. Nothing on privacy.
Perrin-Statement-24jun14-en
There are three questionablebasic outcomes:
1) Legalcontact requirement: address and phone number
are mandatoryto provide, and published outside the gate, in the publically
availabledata.
2) Thedefault, if one is a simple registrant who does not want to hire a lawyer
or other actorto assume the role of legal contact and publish their details in
the RDS, topublishing registrant information, notably address and phone
number in theRDS outside the gate.
3) The inclusionof a principle of consent (28), whereby a registrant may
consent to theuse or processing of her gated information for the permissible
purposesenumerated for accredited actors behind the gate.
Rules enginethat enforces jurisdiction, with respect to the privacy rights of individualswho are protected by personal data protection law.
1) Butit only protects individuals, and occasionally legal persons in some
jurisdictions, and only where dataprotection is in place, and would find the
presence of name, address andphone number in a public directory to be in conflict
with data protection law.
Notall data protection regimes would find, or have found, that directory
informationmust be protected.
2) Secondly,it is not clear enough for me how that rules engine would
encode rights..
3) Athird problem with the rules engine, is that it proposes to address regimeswith data protection law only….what happens to organizations that have a constitutionalright to privacy for the purposes of free speech and freedom of association,such as in the United States?
4) Finally,is it fair to individuals in jurisdictions where their countries
havenot enacted data protection law? Does ICANN, in the monopoly administration
of a public resource, not have aresponsibility to set standards on an ethical basis,
based on sound best practice?
Two inadequateremedies:
1) Hire aprivacy proxy/service provider, or proxy contact, if you do not want
your contactdata published in the public portion of the RDS
2) The rulesengine will enforce data protection rights, and place this data
behind thegate.
Consentprinciple.
1) Consentmust be read in the context of legitimacy of purpose, proportionality, rightsto refuse, rights to withdraw consent, specificity of purpose and use, and soon. To offer individuals and organizations the opportunity to consent to theuse of their sensitive, gated data, for all the permissible purposes, that canbe read as providing blanket consent to accredited users behind the gate.If you understand the risks, you will hire a proxy service. From theperspective of an elite North American, this looks like a nobrainer, just hirea proxy.
2) However, wehave a responsibility to examine this from the perspective of a
globaleco-system.
Recommendations:
1. Gate thelegal contact information for individuals and organizations who
wish toprotect their private data
2. Consentneeds to be meaningful, specific, explicit and for legitimate purposes.
A blanketconsent as envisioned here does not meet these requirements
Next-generation-rds-framework-26apr15-en
Input toPDP WG
Privacy
-EWGPrinciples Sect 6&7
-P/PProvider Survey
-WHOIS P/PAbuse Study-Data Protect/Privacy Memo
-GNSO PPSAIWG Report
PDP WG
1) Phase 1: Policy Requirements
Privacy Reqs
-Privacy/Proxy Needs-At-RiskRegNeeds-Data Protection Laws
2) Phase 2: Policy Functional Design
Privacy Design
-Overarching DP Policy-DP LawCompliance-Privacy/Proxy Policies-Secure Protected Creds
3) Phase 3: Implementation and CoexistenceGuidance
Privacy Guidance on
-RDS Privacy PolicyNeeds-Detailed Legal Analysis
-P/P Accreditation Needs-SPC Provider Criteria
Human Rights Council - Report by the UN SpecialRapporteur on the right to privacy
Thebalance between privacy and security might start to tip again in favor of privacy,across borders.
In the resolution the Council emphasizes that Human Rights need to beprotected under all circumstances, at all times and in all environments.
In a world whichbenefits greatly from an Internet withoutborders, the SRP’s consultations indicate widespread support for a generalprinciple of
• Safeguards without borders
• Remedies across borders
Positing privacy as an enabling right asopposed to being an end in itself, the SRP is pursuing an analysis of privacyas an essential right which enables the achievement of an over-archingfundamental right to the free, unhindered development of one’s personality.
The vast revenues derived from themonetisation of personal data to the extent that it has become a marketable andtradable commodity mean that the incentive for changing the business modelsimply on account of privacy concerns is not very high.
While not necessarily the primary target ofcyber-security and cyber-espionage measures, the ordinary citizen may often getcaught in the cross-fire and his or her personal data and on-line activitiesmay end up being monitored in the name of national security in a way which isunnecessary, disproportionate and excessive.
Importance of determining the balance, on theone hand, use of data for the benefit of society under the principles of OpenData and, on the other hand, the established principles we have developed todate with a view to protecting fundamental rights like privacy, autonomy andthe free development of one’s personality. It will be seen that, in many cases,the debate on privacy cannot be usefully divorced from that on the value ofautonomy or self-determination. Germany: since 1983, rise to a constitutional right to“informational self-determination”.
Individual complaints: Every so often, and asthe mandate will become known, the SRP has received and will presumablycontinue to receive complaints from individual members of the public residingin a given national territory or from civil society actors of allegedinfringements of privacy rights.
There is no binding and universally accepteddefinition of privacy. As reaffirmed by the Human Rights Council in resolution28/16 article 12 of the Universal Declaration of Human Rights (UDHR) andarticle 17 of the International Covenant on Civil and Political Rights (ICCPR)constitute the basis of the right to privacy in international human rights law.For the passage of time and the impact of technology, taken together with thedifferent rate of economic development and technology deployment in differentgeographical locations means that legal principles established fifty years ago(ICCPR) or even thirty-five years ago (e.g. the European Convention on DataProtection) let alone seventy years ago (UDHR) may need to be re-visited,further developed and possibly supplemented and complemented to make them morerelevant and useful to the realities of 2016.
Properly speaking, it is not helpful to talkof “privacy vs. security” but rather of “privacy and security” since both privacy and security are desiderata... and both can be taken to be enabling rights rather than ends in themselves.
Brazil and Germany have the right to privacywritten into their constitution and it is the SRP’s contention that a) such aright to dignity and the free, unhindered development of one’s personalityshould be considered to be universally applicable and b) thatalready-recognised rights such as privacy, freedom of expression and freedom ofaccess to information constitute a tripod of enabling rights which are bestconsidered in the context of their usefulness in enabling a human being todevelop his or her personality in the freest of manners.
Conclusions:
1. Privacy has never beenmore at the forefront of political, judicial and personal consciousness than in2016;
2. The tensions betweensecurity, corporate business models and privacy continue to take centre stagebut the last twelve months have been marked by contradictory indicators: somegovernments have continued, in practice and/or in their parliaments to take privacy-hostileattitudes while courts world-wide but especially in the USA and Europe havestruck clear blows in favour of privacy and especially againstdisproportionate, privacy-intrusive measures such as mass surveillance or breaking of encryption.
Judgement on preliminary ruling under Article 267 TFEU fromAudiencia Nacional (Spain)
Summary: The right to be forgotten. InMay 2014, the European Court of Justice ruled against Google in Costeja, a case brought by a Spanish man, Mario CostejaGonzález, who requested the removal of a link to a digitized 1998 article in LaVanguardia newspaper about an auction for his foreclosedhome, for a debt that he had subsequently paid.[40] He initially attempted to have the article removed bycomplaining to the Spanish Data Protection Agency, which rejectedthe claim on the grounds that it was lawful and accurate, but accepted acomplaint against Google and asked Google to remove the results.[41] Google sued in the Spanish Audiencia Nacional (National High Court) which referred a series of questions tothe European Court of Justice.[42] The court ruled in Costeja that search engines are responsiblefor the content they point to and thus, Google was required to comply with EUdata privacy laws.[43][44][45] On its first day of compliance only (May 30, 2014), Googlereceived 12,000 requests to have personal details removed from its searchengine.
-WorldLII Database of National Data PrivacyLegislation (do not need to review the database, just summarize its relevanceto this PDP)
Importantdatabase for the construction of the ‘rules engine’. RDSactors will be held to standard contract clauses that are harmonized with dataprotection and privacy laws, codified in RDS policy, and implemented through a“rules engine” that applies policy as appropriate for each jurisdiction. (EWG)
Nathalie Coupet
On Monday, April 18, 2016 10:03 AM, Lisa Phifer <lisa at corecom.com> wrote:
Dear privacy team,
Today's updated privay team checklist is attached and also posted to
the wiki at:
https://community.icann.org/x/p4xlAw
Thanks to those who volunteered to review additional documents.
David will be following up on pending assignmenta and next steps for
this team to discuss questions listed here:
https://community.icann.org/x/iTeAAw
Best,
Lisa
_______________________________________________
Gnso-rds-pdp-privacy mailing list
Gnso-rds-pdp-privacy at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160418/3c6ef8e5/attachment-0001.html>
More information about the Gnso-rds-pdp-privacy
mailing list