[Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Metalitz, Steven
met at msk.com
Mon Apr 25 20:47:36 UTC 2016
At this stage I have one nomination for inclusion among "most relevant documents"; one comment on previous nominations; and one question/concern.
First, I believe that the Thick Whois PDP report, and the legal review presented to the Implementation Review Team on Thick Whois (this is document #6 in the list from the consolidated PDF) is highly relevant, since it represents the most recent thinking from ICANN concerning the impact of privacy/data protection laws on one aspect of the current RDS (a/k/a Whois).
Second, while the Schrems decision, the resulting Privacy Shield document, and WP 29's opinion thereon (there is a very extensive presentation on all this in item #22 of the consolidated PDF) are certainly important in data protection discussions generally, I question whether they meet the "most relevant" criterion for our work. To my knowledge (and I know I will be corrected if I am wrong!), no ICANN accredited registrar or registry has ever explicitly relied upon the former US-EU "safe harbor" regime to justify its processing or transfer of Whois data. The fact that Schrems invalidated the safe harbor regime decision, and that the US and the European Commission subsequently negotiated the Privacy Shield to replace it, would appear to have no direct impact on the registration data status quo, at least. To be clear, I am not questioning the importance of these documents, only whether they meet the criterion of "greatest relevance" to our WG's work.
Third, as has been pointed out more than once on this list, the new EU Data Protection Regulation will come into force in two years (i.e., almost certainly before the output of this Working Group will have been implemented), and as I understand it the Regulation will supplant the Data Protection Framework Directive that has been in force for more than 20 years. Since the 1995 Framework Directive provides the basis for many of the documents we have compiled (including but not limited to all the Article 29 WP documents), has anyone assessed the extent to which these other documents remain directly applicable to the issues before our WG? In other words, leaving to one side the significance of any given Article 29 WP document for our work, how will that significance be affected by the fact that the legal instrument which these documents interpret or apply will no longer be in force by the time ICANN acts on our WG's recommendations? I think we would benefit from hearing the views of those much closer to the details of the European developments than I am.
Steve Metalitz
From: gnso-rds-pdp-privacy-bounces at icann.org [mailto:gnso-rds-pdp-privacy-bounces at icann.org] On Behalf Of Gomes, Chuck
Sent: Monday, April 25, 2016 9:38 AM
To: Stephanie Perrin; gnso-rds-pdp-privacy at icann.org
Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Good question Stephanie. I don't want to interfere with David's role as leader of this team but here is my answer: Relevant = most helpful in the WG's task of finalizing a work plan and in the deliberation we are tasked with doing regarding the list of charter questions from our charter. Keep in mind something I said in one of our meetings: Identifying what are thought to be the most relevant documents does not mean we will exclude other documents but rather will help us know which documents to start with.
Chuck
From: gnso-rds-pdp-privacy-bounces at icann.org<mailto:gnso-rds-pdp-privacy-bounces at icann.org> [mailto:gnso-rds-pdp-privacy-bounces at icann.org] On Behalf Of Stephanie Perrin
Sent: Monday, April 25, 2016 9:23 AM
To: gnso-rds-pdp-privacy at icann.org<mailto:gnso-rds-pdp-privacy at icann.org>
Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused.
cheers Stephanie
On 2016-04-25 15:19, Gomes, Chuck wrote:
I think 'relevant' is a key word, a point that Lisa made to the leadership team a few days ago.
Chuck
From: gnso-rds-pdp-privacy-bounces at icann.org<mailto:gnso-rds-pdp-privacy-bounces at icann.org> [mailto:gnso-rds-pdp-privacy-bounces at icann.org] On Behalf Of Kathy Kleiman
Sent: Monday, April 25, 2016 9:03 AM
To: gnso-rds-pdp-privacy at icann.org<mailto:gnso-rds-pdp-privacy at icann.org>
Subject: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Hi All,tand
I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared!
My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below.
Best regards,
Kathy
In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share:
1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU)
2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws)
3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks.
4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks.
5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work?
6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements.
Best regards,
Kathy
_______________________________________________
Gnso-rds-pdp-privacy mailing list
Gnso-rds-pdp-privacy at icann.org<mailto:Gnso-rds-pdp-privacy at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy<https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160425/294a3654/attachment.html>
More information about the Gnso-rds-pdp-privacy
mailing list