[Gnso-rds-pdp-privacy] Privacy sub-group
Sana Ali
sana.ali2030 at gmail.com
Mon Mar 28 21:51:57 UTC 2016
Fair enough, Greg.
I did not by any means wish to imply we had agreement on how we were approaching this PDP, simply that these were questions that we would eventually need to deliberate on, along with its broader implications. I assure you, solutions are something everyone here is seeking, since I am willing to bet nobody wants to be working on this PDP fifteen years from now ;)
As Chuck said, this is supposed to be a discussion guided by the team lead, and should have a narrower scope than the one we have currently bled into. I’ll wait for the prompt for comment on these matters, as we must to not complicate this process more than it already is.
Sana Ali
sana.ali2030 at gmail.com <mailto:sana.ali2030 at gmail.com>
https://ca.linkedin.com/in/sanaali2030 <https://ca.linkedin.com/in/sanaali2030>
> On Mar 28, 2016, at 5:28 PM, Greg Shatan <gregshatanipc at gmail.com> wrote:
>
> Sana,
>
> You are leapfrogging a lot of steps and jumping to a lot of conclusions. In particular, there is certainly no agreement that "we are approaching this PDP with the notion that the most constrictive (or some could say, the most protective) regimes will be our standard of measurement." Using that as a platform to elevate a preferred set of laws above all others is premature, to say the least. We have not even reached the question of which countries' laws might apply at all, what their relevance might be, why and under what circumstances. The fundamental question is whether any countries' laws need to be limiting factors, not which countries' laws are limiting factors. To start with that second question is to distort our mission. As such, there can be no agreement that EU rulings are of greater relevance.
>
> Similarly, coming to the conclusion that what might be recommended by this WG would be a "violation" of any jurisdiction's law (which may or may not be what rests in a particular court ruling) is vastly premature (though tempting for those who would like it to be so).
>
> Whatever the factors we identify ("limiting" or otherwise), we will need to move from there to solutions. Identifying problems and advocating for a particular result is the easy part of the process, and if that's all we do, we will get nowhere. Finding a set of solutions that garner broad consensus (which by definition means moving away from the results you advocate and working to solve the problems you have identified) is the hard part.
>
> Best regards,
>
> Greg
>
>
> On Mon, Mar 28, 2016 at 4:48 PM, Sana Ali via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy at icann.org <mailto:gnso-rds-pdp-privacy at icann.org>> wrote:
> Hello All,
>
> I’d like to chime in here.
> It is an important distinction being made by Kiran, and perhaps it is not the most useful way of approaching this exercise, to come in thinking there is an obvious answer, or best practice. There clearly is not a universally agreed set of principles we can turn to as of yet, which is why we find ourselves here trying to work through these issues as part of this PDP. It is something to be arrived at and it will require consideration of multiple stakeholder goals and needs. The tone we adopt at this early stage should reflect our willingness to be nuanced in this discussion and I think it will help us avoid a lot of roadblocks later on.
>
> Having said that, I would like to once more draw attention to what Amr said.
>
> "Fair enough, but what I hope we as a group do take into consideration is how EU rulings impact our approach to how contracted parties that exist within the EU comply with contractual obligations with ICANN.”
>
> Whether EU rulings on privacy can be judged to be international best practice, is not the question we should be attempting to answer here, at least not first and foremost. What we should be attempting to answer, is if there is anything within those rulings, which places limitations on what proposals we can arrive at with regards to what information is shared and with who. Once we answer that question, we can address the further question of whether these limitations are problematic enough to require us answering the more fundamental question of which countries' laws do we classify as limiting factors on this PDP and ICANN’s work in general? As Greg has stated elsewhere, perhaps we will find it within our remit to assess all countries for their privacy regulations before coming to this decision. If we are approaching this PDP with the notion that the most constrictive (or some could say, the most protective) regimes will be our standard of measurement, then we can probably agree, the EU’s rulings on data protection and privacy will be of greater relevance to this PDP than the privacy regulations of a country that offers fewer such constrictions/protections, whether it be the US, or Pakistan.
>
> I think ultimately, we will have to answer the jurisdictional question at some stage, the question is whether we will choose to do it here and now. Will enough people within this process find EU privacy rulings too constrictive and worthy of causing ICANN contracted parties to have to ‘violate’?
> If so, does ICANN even have the ability to contractually demand this violation on behalf of contracted parties?
> These are big questions, and I by no means have an answer to them. But they naturally follow if we were to at some stage take issue with EU privacy rulings, whether we agree with Ayden that they count as international best practice or not. They are certainly of relevance, so thank you for bringing them up, Ayden.
>
>
> Sana Ali
> sana.ali2030 at gmail.com <mailto:sana.ali2030 at gmail.com>
> https://ca.linkedin.com/in/sanaali2030 <https://ca.linkedin.com/in/sanaali2030>
>
>
>
>
>
>> On Mar 28, 2016, at 4:02 PM, Kiran Malancharuvil via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy at icann.org <mailto:gnso-rds-pdp-privacy at icann.org>> wrote:
>>
>> Stephanie,
>>
>>
>> There is a HUGE difference between acknowledging that something is important to a field of study and crowning it the “top” and calling it an “international best practice.”
>>
>>
>> Thanks,
>>
>> Kiran
>>
>>
>> From: gnso-rds-pdp-privacy-bounces at icann.org <mailto:gnso-rds-pdp-privacy-bounces at icann.org> [mailto:gnso-rds-pdp-privacy-bounces at icann.org <mailto:gnso-rds-pdp-privacy-bounces at icann.org>] On Behalf Of Stephanie Perrin via Gnso-rds-pdp-privacy
>> Sent: Monday, March 28, 2016 12:38 PM
>> To: gnso-rds-pdp-privacy at icann.org <mailto:gnso-rds-pdp-privacy at icann.org>
>> Subject: Re: [Gnso-rds-pdp-privacy] Privacy sub-group
>>
>>
>>
>> With great respect Greg, there is a field called privacy scholarship, and in that field folks absolutely do pay a great deal of attention to the rulings of the EU Court of Justice, and the opinions of the Article 29 working group. You are free to make the argument that thought leadership rests in the United States or anywhere else (Cate, Westin, etc) but there are a great many US privacy scholars who look to the EU for thought leadership (Reidenberg, Schwartz, Solove, Rotenberg, Nissenbaum, Gellman, I could go on but that might be tedious). So I think it is not really fair to rule out recent contributions if they are important, and the material Ayden is introducing certainly qualifies as important in my book.
>> The fact is that there has been a struggle going on for the last 25 years between the US and Europe over the regulatory vs non-regulatory approach to privacy. Lets explicitly put that on the table and recognize our differences on this matter.
>> Kind regards
>> stephanie
>>
>> On 2016-03-28 13:43, Greg Shatan via Gnso-rds-pdp-privacy wrote:
>>
>> Ayden,
>>
>>
>> EU rulings do not necessarily impact the law in the rest of the world, much less California. I would not categorize an attempt to embrace EU principles as a "race to the top" nor would I categorize those principles as "international best practices." Certainly, we as a group should not adopt such attitudes. But, hey, it's nice to know where you stand.
>>
>>
>>
>>
>> Best regards,
>>
>>
>> Greg Shatan
>>
>>
>>
>>
>> <image001.jpg>
>>
>> Gregory S. Shatan | Partner
>> McCARTER & ENGLISH, LLP
>>
>> 245 Park Avenue, 27th Floor | New York, New York 10167
>> T: 212-609-6873 <tel:212-609-6873>
>> F: 212-416-7613 <tel:212-416-7613>
>> gshatan @mccarter.com <mailto:gshatan%20 at mccarter.com> | www.mccarter.com <http://www.mccarter.com/>
>>
>> BOSTON | HARTFORD | STAMFORD | NEW YORK | NEWARK
>> EAST BRUNSWICK | PHILADELPHIA | WILMINGTON | WASHINGTON, DC
>>
>>
>>
>> On Mon, Mar 28, 2016 at 12:01 PM, Ayden Fabien Férdeline <gnso-rds-pdp-privacy at icann.org <mailto:gnso-rds-pdp-privacy at icann.org>> wrote:
>>
>> Hello all,
>>
>>
>> I would like to introduce some material relating to the 'right to be forgotten' in Europe. Here's a court judgement <https://links2.mixmaxusercontent.com/aMjjKHWxnLSD3SEwj/l/Y6pG8Inj7cxRfeEQg?rn=IyZy9mLu5WYjlGQ5NWY2lmcw1CckBXLzRmct82cudmI&re=IyZy9mLu5WYjlGQ5NWY2lmcw1CckBXLzRmct82cudmI> <http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=11654 <http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=11654>>.
>>
>>
>> The protection of personal data in Europe is seen as a fundamental right on equal standing with all other human rights. The Court of Justice of the European Union has consistently held that any and all data processing must be subject to stringent proportionality assessments.
>>
>>
>> It has been unsuccessfully argued that allowing users to delete their data is an affront to other fundamental rights such as free speech. The Court of Justice of the EU has consistently ruled that if and when the privacy interests of the data subject outweigh the public interest, the individual should be able to enforce his or her 'right to be forgotten'.
>>
>>
>> This decision is something we should carefully consider when looking at how long we retain information for. Certainly once a domain name has expired, it would be difficult to justify under these rulings the continued storage of the sensitive personal information of registrants.
>>
>>
>> I appreciate that EU rulings do not necessarily impact Californian law, but hey, why not have a race to the top and adopt international best practices in privacy law… :-)
>>
>>
>> Best wishes,
>>
>>
>> Ayden Férdeline
>>
>>
>> On Sun, Mar 27, 2016 at 5:37 AM, David Cake via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy at icann.org <mailto:gnso-rds-pdp-privacy at icann.org>> wrote:
>>
>> Welcome all of you to the Privacy sub-team. Thanks to all of you for volunteering.
>>
>>
>> Our task is first to collect information on privacy issues relevant to registration data. Then we will go on to decide how best to present that information for use of the working group - we may consolidate, summarise, prioritise etc in order to make the important information easily available. Hopefully the privacy experts on this group will help us locate the most important material, and make it easily digestible to the broader working group.
>>
>> This is a link to the RDS PDP WG document that describes the approach the WG agreed upon https://community.icann.org/download/attachments/58730879/RDS-PDP-Proposed-Summary-Approach.pdf <https://community.icann.org/download/attachments/58730879/RDS-PDP-Proposed-Summary-Approach.pdf>
>>
>> At this early stage, we are in collection mode - please send documents that you think will be valuable to the group. If you add a bit more information for context as to why you think it would be useful, that will probably be very helpful for later work.
>>
>>
>> Looking forward to working with you all.
>>
>>
>> David
>>
>>
>>
>>
>> _______________________________________________
>> Gnso-rds-pdp-privacy mailing list
>> Gnso-rds-pdp-privacy at icann.org <mailto:Gnso-rds-pdp-privacy at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
>>
>>
>> Ayden Férdeline
>>
>> +44.77.8018.7421 <tel:%2B44.77.8018.7421>
>> <image002.jpg>
>>
>>
>> _______________________________________________
>> Gnso-rds-pdp-privacy mailing list
>> Gnso-rds-pdp-privacy at icann.org <mailto:Gnso-rds-pdp-privacy at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Gnso-rds-pdp-privacy mailing list
>> Gnso-rds-pdp-privacy at icann.org <mailto:Gnso-rds-pdp-privacy at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
>>
>>
>> _______________________________________________
>> Gnso-rds-pdp-privacy mailing list
>> Gnso-rds-pdp-privacy at icann.org <mailto:Gnso-rds-pdp-privacy at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
>
> _______________________________________________
> Gnso-rds-pdp-privacy mailing list
> Gnso-rds-pdp-privacy at icann.org <mailto:Gnso-rds-pdp-privacy at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160328/be23bb0c/attachment-0001.html>
More information about the Gnso-rds-pdp-privacy
mailing list