[Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Tue Apr 26 06:07:41 UTC 2016
These are good questions Steve. I am at the IWGDPT spring meeting and
will ask if the group or leadership would be able to answer them. I can
assure folks, however, even though I have not personally gone through
the 400 page regulation (many of the folks here at the meeting are still
working their way through the detailed analysis) that the basic
principles of the Directive, on which the WHOIS analysis is based have
not been made irrelevant. I doubt I will be able to get a formal
statement, but I will certainly ask for guidance from the members of the
group who are engaged on the issue of the RDS. Everyone I have spoken
to expect a rather smooth transition to the new regime, although
certainly there are enough administrative and enforcement changes to
require a great deal of work over the next few years.
Our group, alternatively and for greater certainty, could of course
simply write to the Article 29 working party and ask what repercussions
the new Regulation might have on their previous guidance.
kind regards,
Stephanie Perrin
On 2016-04-25 22:47, Metalitz, Steven wrote:
>
> At this stage I have one nomination for inclusion among “most relevant
> documents”; one comment on previous nominations; and one
> question/concern.
>
> First, I believe that the Thick Whois PDP report, and the legal review
> presented to the Implementation Review Team on Thick Whois (this is
> document #6 in the list from the consolidated PDF) is highly
> relevant, since it represents the most recent thinking from ICANN
> concerning the impact of privacy/data protection laws on one aspect of
> the current RDS (a/k/a Whois).
>
> Second, while the Schrems decision, the resulting Privacy Shield
> document, and WP 29’s opinion thereon (there is a very extensive
> presentation on all this in item #22 of the consolidated PDF) are
> certainly important in data protection discussions generally, I
> question whether they meet the “most relevant” criterion for our
> work. To my knowledge (and I know I will be corrected if I am
> wrong!), no ICANN accredited registrar or registry has ever explicitly
> relied upon the former US-EU “safe harbor” regime to justify its
> processing or transfer of Whois data. The fact that Schrems
> invalidated the safe harbor regime decision, and that the US and the
> European Commission subsequently negotiated the Privacy Shield to
> replace it, would appear to have no direct impact on the registration
> data status quo, at least. To be clear, I am not questioning the
> importance of these documents, only whether they meet the criterion of
> “greatest relevance” to our WG’s work.
>
> Third, as has been pointed out more than once on this list, the new EU
> Data Protection Regulation will come into force in two years (i.e.,
> almost certainly before the output of this Working Group will have
> been implemented), and as I understand it the Regulation will supplant
> the Data Protection Framework Directive that has been in force for
> more than 20 years. Since the 1995 Framework Directive provides the
> basis for many of the documents we have compiled (including but not
> limited to all the Article 29 WP documents), has anyone assessed the
> extent to which these other documents remain directly applicable to
> the issues before our WG? In other words, leaving to one side the
> significance of any given Article 29 WP document for our work, how
> will that significance be affected by the fact that the legal
> instrument which these documents interpret or apply will no longer be
> in force by the time ICANN acts on our WG’s recommendations? I think
> we would benefit from hearing the views of those much closer to the
> details of the European developments than I am.
>
> Steve Metalitz
>
> **
>
> *From:*gnso-rds-pdp-privacy-bounces at icann.org
> [mailto:gnso-rds-pdp-privacy-bounces at icann.org] *On Behalf Of *Gomes,
> Chuck
> *Sent:* Monday, April 25, 2016 9:38 AM
> *To:* Stephanie Perrin; gnso-rds-pdp-privacy at icann.org
> *Subject:* Re: [Gnso-rds-pdp-privacy] Docs most relevant in our
> Privacy Subgroup summary
>
> Good question Stephanie. I don’t want to interfere with David’s role
> as leader of this team but here is my answer: Relevant = most helpful
> in the WG’s task of finalizing a work plan and in the deliberation we
> are tasked with doing regarding the list of charter questions from our
> charter. Keep in mind something I said in one of our meetings:
> Identifying what are thought to be the most relevant documents does
> not mean we will exclude other documents but rather will help us know
> which documents to start with.
>
> Chuck
>
> *From:*gnso-rds-pdp-privacy-bounces at icann.org
> <mailto:gnso-rds-pdp-privacy-bounces at icann.org>
> [mailto:gnso-rds-pdp-privacy-bounces at icann.org] *On Behalf Of
> *Stephanie Perrin
> *Sent:* Monday, April 25, 2016 9:23 AM
> *To:* gnso-rds-pdp-privacy at icann.org
> <mailto:gnso-rds-pdp-privacy at icann.org>
> *Subject:* Re: [Gnso-rds-pdp-privacy] Docs most relevant in our
> Privacy Subgroup summary
>
> Could we please clarify 1) why we are picking our top 5 and 2) what we
> mean by relevant? if we are evaluating ICANN's role as a data
> controller in dictating the collection, use, and disclosure of
> information, the 2013 RAA is probably the most relevant document. IF
> we are trying to help colleagues from different backgrounds understand
> what we are talking about in terms of data protection, Kathy's list is
> an excellent one. We need both, in my view. Hence my slowness in
> getting off the mark, I am confused.
>
> cheers Stephanie
>
> On 2016-04-25 15:19, Gomes, Chuck wrote:
>
> I think ‘relevant’ is a key word, a point that Lisa made to the
> leadership team a few days ago.
>
> Chuck
>
> *From:*gnso-rds-pdp-privacy-bounces at icann.org
> <mailto:gnso-rds-pdp-privacy-bounces at icann.org>
> [mailto:gnso-rds-pdp-privacy-bounces at icann.org] *On Behalf Of
> *Kathy Kleiman
> *Sent:* Monday, April 25, 2016 9:03 AM
> *To:* gnso-rds-pdp-privacy at icann.org
> <mailto:gnso-rds-pdp-privacy at icann.org>
> *Subject:* [Gnso-rds-pdp-privacy] Docs most relevant in our
> Privacy Subgroup summary
>
> Hi All,tand
> I think we have been asked for our list of the most relevant
> documents for the Working Group from our Privacy subgroup. It is
> hard to choose from the excellent list and summaries prepared!
>
> My thoughts are that the documents below provide the best overview
> of pivotal legal principles of data protection, show the enormous
> spread of these principles around the world (particularly
> recently), and give us guidance for interpretation of these
> principles (including what it means to be a "data controller" and
> requires) are below.
>
> Best regards,
> Kathy
>
> In answer to subgroup question "(ii) Which inputs are likely to be
> the most important [relevant] during WG deliberations and why?", I
> share:
>
> 1) The EU Data Protection Directive 1995 (the best known of all
> data protection laws; the legal obligations of all countries in
> the EU)
> 2) The Council of Europe's Treaty 108 on Data Protection (created
> in 1981, and signed about 47 countries within and outside the EU,
> this is a key founding document of comprehensive data protection
> laws)
>
> 3) Professor Greenleaf's two articles (part of the same book) set
> out his studies showing that the adoption of data protection laws
> is growing rapidly -- and in 2015 the number of countries with
> comprehensive data protection laws surpassed those without data
> protections laws. More than a majority of the countries of the
> world have now adopted comprehensive data protection laws and
> legal frameworks.
>
> 4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy
> Shield (2016) - very recent cases and agreements which clearly
> show that rigorous enforcement of EU data protection laws is on
> the rise by high courts and their decisions are forcing new
> agreements to be negotiated which raise the legal requirements for
> transferring data from the EU countries to other parts of the
> world. The new EU-U.S. Privacy Shield is an important example of
> these higher legal requirements. The Article 29 Working Party
> Opinion on the Privacy Shield -- only about two weeks old -- is
> important for its discussion of these newest of major legal data
> protection frameworks.
>
> 5) Opinion 2/2003 on the Application of the Data Protection
> Principles to the Whois directories is the Article 29 Working
> Party's opinion expressly guiding ICANN on how to apply data
> protection laws and frameworks to the Whois issues. What could be
> more "on point" for our full Working Group's work?
>
> 6) McIntyre v. Ohio Elections Commission, a decision in 1995 by
> the US Supreme Court, affirming the importance of anonymous speech
> in creating an avenue for important, but unpopular and minority
> ideas to enter into a country's robust political, cultural and
> artistic discussions. In this decision, the US Supreme Court found
> that anonymity speech is a protected under the US First Amendment
> and a person cannot be forced to put her/his name and address on
> all of statements.
>
> Best regards,
> Kathy
>
>
>
> _______________________________________________
>
> Gnso-rds-pdp-privacy mailing list
>
> Gnso-rds-pdp-privacy at icann.org <mailto:Gnso-rds-pdp-privacy at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160426/64698efa/attachment-0001.html>
More information about the Gnso-rds-pdp-privacy
mailing list