[Gnso-rds-pdp-privacy] [gnso-rds-pdp-purpose] Purpose sub team

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Thu Mar 31 17:59:59 UTC 2016


Kudos to you for doing all that work Susan!  It is quite a tome.

I would like to note that the EWG did not address the purpose of 
registration data collection, use and disclosure.  As the lone privacy 
expert there, I objected rather strenuously to this approach (i.e. going 
straight to use cases) but was overruled.  I would also like to note 
that the RAA negotiations, which had not concluded, were considered out 
of scope.  In my view, it is folly to try to determine the desirability, 
scope, and structure of a potential new RDS whilst ignoring the fact 
that the RAA, as the instrument developed by the Data Controller (ICANN) 
to enforce the collection, use, disclosure and retention of data on the 
part of registrars (the data processors) was going on in a separate 
activity.  As a newbie recruit who had a full time job (I was using my 
accumulated vacation and evenings to work on the EWG as a volunteer) I 
regret that I did not become aware of what was going on with the RAA 
negotiations until the deal was announced.  Most unfortunate, but I was 
not a member of any stakeholder group at the time and if anyone told me 
it slipped right by with all the other masses of info I was trying to 
absorb. Had I known, I would have objected until the matters under 
discussion in the RAA were at least discussed in the group.
Therefore I would say that the EWG report needs to be viewed with the 
following strong caveats:

 1. the actual purpose of the collection, use, disclosure, and retention
    of personal data was not discussed, we enumerated existing uses and
    voted on whether they were permissible.  This is fundamentally
    different, although it sounds the same.  Absent a purpose of the
    actual initial collection of registration data, as the DPAs have
    been telling ICANN since 2000, one cannot determine whether the uses
    that have sprung up are permissible.
 2. the initial report was a far cry from the final report, which has
    not received the comment of the community.  It is therefore the
    product of a substantially non-transparent process where there was a
    deficit in civil society participation.  (I carry the burden of
    being a large part of that deficit, ignorant as I was of ICANN
    process and history)

Others who participated in the EWG will likely disagree with me, but 
this is my considered view.  The report must be taken with a pound of 
salt. The dissent that I wrote on it was only on a few important privacy 
issues, but in terms of substance and process, there are many other issues.
Stephanie Perrin


On 2016-03-31 12:53, Susan Kawaguchi via gnso-rds-pdp-purpose wrote:
> Thank you Susan!  This is exactly what we are looking for in gathering 
> reference information.  I will make sure it is included in our 
> document to summarize.
> Susan Kawaguchi
> Domain Name Manager
> Facebook Legal Dept.
>
>
> From: "Prosser, Susan" <susan at domaintools.com 
> <mailto:susan at domaintools.com>>
> Date: Wednesday, March 30, 2016 at 10:48 PM
> To: Susan kawaguchi <susank at fb.com <mailto:susank at fb.com>>, 
> "gnso-rds-pdp-purpose at icann.org 
> <mailto:gnso-rds-pdp-purpose at icann.org>" 
> <gnso-rds-pdp-purpose at icann.org <mailto:gnso-rds-pdp-purpose at icann.org>>
> Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team
>
> Hello Susan,
> I opted to review the EWG Final report as it seemed most relevant to 
> our discussion.  I kept to the strict perspective of purpose only, not 
> delving into access, justification, methodology, etc as that will be 
> discussed in the group.  If this needs expansion, please let me know.
>
> EWG Recommendations for a Next-Generation RDS 
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D06jun14-2Den.pdf&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=asOgaNDWLE5wlJcCMNuaDVtTTPa9sLyIEdEORbCj7ko&s=ayzWaiHB0Yd4HBGPNd5ltKYA-wa1aS2bAQI_rl_5h-Y&e=>, 
> especially
>
> - Section 3, Users and Purposes
>
> /“//Although the EWG did not attempt to identify all possible use 
> cases, it endeavoured to explore a representative sample in hopes of 
> rigorously identifying kinds of users and their purposes in wanting 
> access to gTLD registration data. However, the RDS must be designed 
> with the ability to accommodate new users and permissible purposes 
> that are likely to emerge over time.” //(Page 26)///
>
> The EWG’s did  summarize "permissible" purposes the EWG identified at 
> the time.  The purposes identified are listed below. For brevity of 
> email, I did not include the full definitions.  They can be found 
> in Section III, Table 2 Purpose Definitions, Pages 26-27.
>
> _Purpose_:
>
> Domain Name Control
>
> Personal Data Protection
>
> Technical Issue Resolution
>
> Domain Name Certification
>
> Individual Internet Use
>
> Business Domain Name Purchase or Sale
>
> Academic / Public Interest DNS Research
>
> Legal Actions
>
> Regulatory and Contractual Enforcement
>
> Criminal Investigation & DNS Abuse Mitigation
>
> DNS Transparency
>
>
> It should be noted the EWG identified an additional purpose, Malicious 
> Internet Activities, which it did not further include in the 
> "permissible" purposes.
>
> - Annex C, Example Use Cases
>
> Using the same permissible purpose listing provided in Section III, 
> Annex C included examples of specific uses for clarity.  For example 
> Domain Name Control is required in registration and transfer, among 
> other purposes OR Regulatory and Contractual Enforcement for UDRP 
> proceeding and Tax investigations.  The full list of example use cases 
> along with a specific example of Technical Issue Resolution purpose is 
> available on Pages 126-128.
>
> - Annex A, Board Questions
>
> Annex A, Board Questions, Pages 123-124
>
> /“The Board resolution that directed the EWG’s work included a series 
> of specific questions to be answered as it conducted its analysis. 
> This Annex references the sections of this Report that address the 
> Board’s concerns.”/
>
>
> The initial question presented to EWG was by the Board was:
>
> EWG to redefine the purpose of:
>
> • collecting,
>
> • maintaining, and
>
> • providing access to gTLD registration data, and
>
> • consider safeguards for protecting data
>
>
> This was addressed in Section III, Users & Purposes and Section VI, 
> Improving Accountability (presented above in email)
>
> In addition, Section III addressed the following Board Questions that 
> were around use and purpose of data.  I included them as a reference 
> point to raise awareness of Board concerns in clarifying various use 
> cases and purposes:
>
>   * Why are data collected?
>   * Who needs the data and why?
>   * Law enforcement access to details about a domain name registration?
>   * Intellectual property owner access to details about a domain name
>     registration?
>   * Security practitioner access to details about a domain name
>     registration?
>   * What value does the public realize with access to registration data?
>   * What comprises a legitimate law enforcement need?
>   * What registration data and to what level of accuracy comprises
>     valuable information to a law enforcement agent that is looking
>     for the real identity of the responsible party?
>   * Is the desired domain name registration data access consistent
>     with access that intellectual property owners have to similar
>     types of data in other industries?
>   * Of all the registration data available, what does an intellectual
>     property owner need access to?
>
> A separate question:  What purpose will the data serve?  Was addressed 
> in ANNEX D: PURPOSES AND DATA NEEDS, Pages 129-132
>
> Annex D defined the registration data element and mapped it to 
> Purposes defined by EWG in Section III, Table 2 with Section VI(a) 
> Data Elements.  This reference is useful for specific currently 
> defined registration data elements purposes.
>
>
> Please let me know if you need clarity on my review.
>
> -Susan
>
>  *
>
>
>
>
> ~~~~
> Susan Prosser
> VP, Client Services
> DomainTools, LLC
>
> T: (206) 838-9060
> E: susan at domaintools.com <mailto:susan at domaintools.com>
> PGP:  A2C4D2A4
>
> On Wed, Mar 30, 2016 at 3:27 PM, Susan Kawaguchi via 
> gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org 
> <mailto:gnso-rds-pdp-purpose at icann.org>> wrote:
>
>     Hi Kathy,
>
>     Absolutely NOT saying that we are bound to purposes created for
>     the OLD system as a full working group.  I am saying that Chuck
>     has asked us as a sub team to look at the purposes identified in
>     all the resources on the wiki and summarize what the FULL working
>     group should look at and review.  His direction was in hopes that
>     we can help the full working group to come up to speed with the
>     history and as you have said it is “instructive".  If you have new
>     ideas or other sources previously unidentified  we can note those
>     and add those to the summary but we cannot debate these issues as
>     a sub team.  We need to reserve that discussion for the full
>     working group.
>
>
>     I will add the following to list to summarize.
>     Accordingly, I would like to submit the following principles from
>     the website above to this subgroup and to the WG as a whole:
>     that our domain name registration data must be:
>     "collected for explicit and legitimate purposes and used
>     accordingly" AND
>     "adequate, relevant and not excessive in relation to the purposes
>     for which it is collected and/or further processed.
>     There are of course other principles, but these are foundation
>     ones directly related to our current work finding what we need to
>     evaluate "purpose.”
>     Source: /Obligations of data controllers,
>     /http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=pJC9zAyofGwRYg6TVhm52nY-WzvsNAkMUrOgYeimNtE&e=>
>     Best,
>     Susan Kawaguchi
>     Domain Name Manager
>     Facebook Legal Dept.
>
>
>     From: Kathy Kleiman <kathy at kathykleiman.com
>     <mailto:kathy at kathykleiman.com>>
>     Date: Wednesday, March 30, 2016 at 3:06 PM
>     To: Susan kawaguchi <susank at fb.com <mailto:susank at fb.com>>,
>     "gnso-rds-pdp-purpose at icann.org
>     <mailto:gnso-rds-pdp-purpose at icann.org>"
>     <gnso-rds-pdp-purpose at icann.org
>     <mailto:gnso-rds-pdp-purpose at icann.org>>
>     Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team
>
>     Susan,
>     Let me understand what you are saying. Although we are designing a
>     NEW system (the "RDS") we are bound in our evaluation and outlook
>     by purposes created (reverse engineered really) for the OLD
>     system?  I am not sure that makes sense.
>
>     I respectfully submit again: We are the very first PDP WG in the
>     history of ICANN to work together to rethink and redesign the
>     Whois system -- the new "RDS." *Thus, it falls to /us /to ask and
>     answer the question of _what is th__e __purpose for whi__ch the
>     registra__tion data is collection?_
>
>     *Drawing from principles on the European Commission's website,
>     specifically /"Obligation of data controllers," /for this
>     evaluation, it seems clear we need to understand /the //purpose
>     /for which the data is collected -- in 2016, not necessarily 2002,
>     2006 or 2012. Earlier discussions may be instructive or
>     persuasive, but this is a new evaluation for a new system, right?
>
>     Accordingly, I would like to submit the following principles from
>     the website above to this subgroup and to the WG as a whole:
>     that our domain name registration data must be:
>     "collected for explicit and legitimate purposes and used
>     accordingly" AND
>     "adequate, relevant and not excessive in relation to the purposes
>     for which it is collected and/or further processed.
>     There are of course other principles, but these are foundation
>     ones directly related to our current work finding what we need to
>     evaluate "purpose."
>
>     I look forward to discussing with all.
>     Source: /Obligations of data controllers,
>     /http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=pJC9zAyofGwRYg6TVhm52nY-WzvsNAkMUrOgYeimNtE&e=>
>
>     Best,
>     Kathy
>
>
>     On 3/30/2016 12:30 PM, Susan Kawaguchi wrote:
>>     Thanks Kathy,  our work in the sub team is to summarize the
>>     existing identified purposes for the whole WG to discuss and
>>     debate.  Some of your email below will be useful in that full
>>     debate.
>>
>>     Please identify any data you would like to include in the summary
>>     by pasting relevant sections and highlighting.  That way staff
>>     and I can put it into the template document.
>>
>>     Once this sub team has collected all the information that we
>>     determine is relevant then we will work on summarizing the data
>>     for the full WG.
>>     Susan Kawaguchi
>>     Domain Name Manager
>>     Facebook Legal Dept.
>>
>>
>>     From: <gnso-rds-pdp-purpose-bounces at icann.org
>>     <mailto:gnso-rds-pdp-purpose-bounces at icann.org>> on behalf of
>>     Kathy Kleiman via gnso-rds-pdp-purpose
>>     <gnso-rds-pdp-purpose at icann.org
>>     <mailto:gnso-rds-pdp-purpose at icann.org>>
>>     Reply-To: Kathy Kleiman <kathy at kathykleiman.com
>>     <mailto:kathy at kathykleiman.com>>
>>     Date: Tuesday, March 29, 2016 at 8:44 PM
>>     To: "gnso-rds-pdp-purpose at icann.org
>>     <mailto:gnso-rds-pdp-purpose at icann.org>"
>>     <gnso-rds-pdp-purpose at icann.org
>>     <mailto:gnso-rds-pdp-purpose at icann.org>>
>>     Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team
>>
>>     Hi Susan and All,
>>     I appreciate the goal of this sub-group - to delve into the
>>     "purpose" of the registration data being collected by the
>>     registrars when a gTLD domain name is registered. Unfortunately,
>>     few of the documents below shed much light on this question. The
>>     reason why is ICANN inherited the WHOIS/domain name registration
>>     system from the US Government and National Science Foundation.
>>     WHOIS was created in the 1980s when all of the information
>>     included (except the name of the person) was business information
>>     - a business address (e.g., at Harvard IT), a business phone, a
>>     business fax.
>>
>>     We are the very first PDP WG in the history of ICANN to work
>>     together to rethink and redesign the Whois system -- the new
>>     "RDS." Thus it falls to *us *to answer the question of what is
>>     the primary purpose for which the registration data is collected,
>>     and what data we collect for this new system is *"adequate,
>>     relevant and not excessive in relation to the purposes for which
>>     it is collected and/or further processed."
>>     *http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=m13S24LECLXPtj_swjcYuaRrfN0Ivm7n-iesQzQTd7k&e=>
>>
>>     That's the hard work for us ahead.  I would suggest that the
>>     purpose of domain name registration data is to register a domain
>>     name technically and operationally within the global DNS.
>>
>>     Further, I note that secondary uses of the data, no matter how
>>     valuable, cannot drive or change the primary purpose of the data
>>     collection. In one of the letters in our repository below, sent
>>     by Peter Schaar (then Data Protection commission of German and
>>     Chair of the Article 29 Working Party of Data Protection
>>     Commissioners created under the EU Privacy Directive) warned
>>     ICANN that consideration of purpose for this data is "an
>>     extremely delicate matter" and "can not  be  extended  to  other
>>     purposes  just because they are considered useful by some
>>     potential users of the directories."  2006 -
>>     https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf
>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=0R4CugyJ25EC8jg23u6f83R-SzcWVUrRuyVhGhPLAeQ&e=>
>>
>>     In light of this warning,I submit that the sentence in the
>>     materials below is mislabeled: "/Purpose:
>>     //https://community.icann.org/x/YIxlAw
>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_YIxlAw&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=4ulwlJb7ZYRvUQUY6A9v6rncMkmX6lLaN77w9-8MaNU&e=>/".
>>     When I access this link, it leads to the question “Who should
>>     have access to gTLD registration data and why?” (not "what is the
>>     primary purpose for which the data is collected.") This is a key
>>     confusion - and  I would ask that it be re-labeled.
>>
>>     But in the process, it raises the key question before us: /what
>>     is the primary purpose for which the registration data is
>>     collected //and used /versus /what are the secondary purposes to
>>     which the registration data might also be applied/?  I am not
>>     saying we have to answer this question, but I am saying that
>>     Commissioner Schaar's letter as well as other letters and
>>     materials below indicate that there are key "purpose" questions,
>>     raise issues that lie at the heart of the work of this sub-group,
>>     and, if discussed, will allow us to provide important clarity and
>>     guidance to our larger WG.
>>
>>     I note that there are people with far more experience than I
>>     have, with data protection laws generally and in drafting
>>     national data protection laws, in particular. I look forward to
>>     their guidance - and that of our subgroup overall.
>>
>>     Best,
>>     Kathy
>>
>>     On 3/28/2016 6:49 PM, Susan Kawaguchi via gnso-rds-pdp-purpose wrote:
>>>     Thanks all for beginning the work of digging into the resource
>>>     materials helping to summarize the data.   ICANN staff has
>>>     prepared a template and reference document for our review of all
>>>     the sources that have identified purposes of registration data.
>>>
>>>     Please take a look at the document.
>>>
>>>     They have defined our first task below.  We simply want to
>>>     identify sections of these documents that our subteam recommends
>>>     all the WG members read.
>>>
>>>     *_Synopsis of Key Input Documents:
>>>     _*/[For each document identified by the small team as most
>>>     helpful, a single paragraph to help educate the full WG. For
>>>     example, highlighting sections that this small team recommends
>>>     every WG member read in order to better understand the Question
>>>     and/or dependencies with between Questions. While this is NOT
>>>     intended to limit the WG’s consideration of additional or future
>>>     inputs, it should serve as an indexed a starting point for all
>>>     WG members to familiarize themselves with each Question and its
>>>     history.]/
>>>
>>>
>>>     In the attached template is a link to all the documents on the
>>>     wiki that may be relevant.  (if there are others not on the wiki
>>>     please send to the group)   It would be helpful to have each sub
>>>     team member pick one or two of the resources to identify the
>>>     sections that useful.  After we have done that the next step
>>>     will be to summarize this information but I would like to focus
>>>     on identification of the resource material first.
>>>
>>>     For ease of reference list of the resource documents below.
>>>
>>>     *_Input Documents that the WG should at minimum consider when
>>>     addressing this Question:
>>>     _*/[Hyper-linked list of all key input documents for this
>>>     Question, noting which of these documents were considered most
>>>     helpful by the small team when creating the concise summary
>>>     below. Small teams may identify both existing and additional
>>>     inputs. However, to minimize duplication of effort, small teams
>>>     should be sure to include the key inputs already posted on the
>>>     WG's wiki: /
>>>
>>>     ·/Purpose: //https://community.icann.org/x/YIxlAw
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_YIxlAw&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=lmxaHDV04ZIQXkRcbCy4aDZxNn4OYCTA1sBQ6fVET0E&e=>/
>>>
>>>     ·/All:
>>>     //https://community.icann.org/pages/viewpage.action?pageId=56986688
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_pages_viewpage.action-3FpageId-3D56986688&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=JlOCe__cfGH4QyebCuwGw1mj7ByVN_7nmkVeGzM43-Q&e=>/
>>>
>>>     /
>>>     A starter list is provided below from the WG’s wiki to be
>>>     reviewed and refined by this small team]/
>>>
>>>     ·WHOIS Task Force Final Report
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.icann.org_en_gnso_whois-2Dtf_report-2D19feb03.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=UJCWyjf_Yj9h-mXfKQh407JGBn-HqOfn636Cw9YQM6w&e=>(2007)
>>>
>>>     ·WHOIS Policy Review Team Final Report
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D11may12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=eQ5JfWGOQ-Z6O6SGReYiS_UZOAzOmzhLjNEMkLNgfLI&e=>
>>>     (2012)
>>>
>>>     ·SAC055, WHOIS: Blind Men and an Elephant
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_sac-2D055-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=eTfuTPJhmBPZjmCEXHxsYUNZr7X1zelC_b96HcJCyew&e=> (September
>>>     2012)
>>>
>>>     ·GAC Communiqués
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__gacweb.icann.org_display_GACADV_WHOIS&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=DoW-zpdoAowBLMPKQWpTRd4nZYYZ-fRYaRmQN9bEHWg&e=>
>>>     regarding WHOIS (2007-2015), especially
>>>
>>>     -GAC Principles Regarding gTLD WHOIS Services
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__whois.icann.org_en_link_gac-2Dprinciples-2Dregarding-2Dgtld-2Dwhois-2Dservices&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=aC_LrNHKioGSOJxMXBDrDd7C-DucXN-5h2-h9_ebgdM&e=>
>>>     (2007)
>>>
>>>     ·/[Note: All Article 29 inputs identified thus far are listed
>>>     below, but *this team may wish to focus on purpose aspects*
>>>     since data protection inputs will be summarized by privacy team.]/
>>>
>>>     ·Article 29 WP statement on the data protection impact of the
>>>     ICANN RAA (2013-2014)
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_namazi-2Dto-2Dkohnstamm-2D25mar14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=5RRxN0-RdEUiFt3XqtVY5TzXTcL4y-sakmtBEWGihmU&e=>https://www.icann.org/en/system/files/correspondence/namazi-to-kohnstamm-25mar14-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_namazi-2Dto-2Dkohnstamm-2D25mar14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=kSl-Q_4MhNsTkh_-C_t_NSivlbqx5_7XxEEST5JTyho&e=>
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Djeffrey-2D08jan14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=H18mSAohmQbQPmCWpikaNyLvVCAMr2EfAvy5MA6qQJE&e=>https://www.icann.org/en/system/files/correspondence/kohnstamm-to-jeffrey-08jan14-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Djeffrey-2D08jan14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=kBO7q4lISrzwz9uIhjmx-bf0Q-VHMBXux6BnJHEiBcs&e=>
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_jeffrey-2Dto-2Dkohnstamm-2D20sep13-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=G356IMFyx_Rn1-5K8z8NjujBfxPTJ2EEdAquWhKQefU&e=>https://www.icann.org/en/system/files/correspondence/jeffrey-to-kohnstamm-20sep13
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_jeffrey-2Dto-2Dkohnstamm-2D20sep13&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=Mw7pIliHdAOYV8ZMpRPCixRBGEXuLeqnHzD6e1JSbus&e=>--
>>>     en.pdf
>>>     https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-chehade-06jun13-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Dchehade-2D06jun13-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=bcijkw8yRr1e01E0-ormlwD724Es_fkLWgGtVPlHYjQ&e=>
>>>
>>>     ·Article 29 WP comments on the data protection impact of the
>>>     revision of the ICANN RAA concerning accuracy and data retention
>>>     of WHOIS (2012)
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Datallah-2D26sep12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=8CndAF0t6FVqxNraLxjISDAlc8Dv_rcAgEMd0ZhspDA&e=>https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Datallah-2D26sep12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=nAxWZCHz7_a7_C7rEuaLYm3eoElY7c7aZjTfdD1vC8Y&e=>
>>>     -
>>>     https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_news_correspondence_chehade-2Dto-2Dkohnstamm-2D09oct12-2Den&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=6tjOrd4mABV9A5_-HrvnHlz0QmOxMieF3MvYlp8y1uc&e=>
>>>
>>>     ·Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts
>>>     with Privacy Law (2007)
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_correspondence_cerf-2Dto-2Dschaar-2D24oct07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=9cX2v3zHwdN5ExylckE7ocnTc0WvVMKUoXrYJghNN1s&e=>http://gnso.icann.org/en/correspondence/cerf-to-schaar-24oct07.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_correspondence_cerf-2Dto-2Dschaar-2D24oct07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=lQ9Rc5pOvF0W8zu4asgCdWxMA5Ej5j0PmX3F7RlQTig&e=>
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_cerf-2Dto-2Dschaar-2D15mar07-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=qwfbbjP1HtPN7fozQz170fyDS2BMcsZ9gtbgq7olm3M&e=>https://www.icann.org/en/system/files/files/cerf-to-schaar-15mar07-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_cerf-2Dto-2Dschaar-2D15mar07-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=kRDU9sbdBIB8vXZvahu8Czpj7OAc1mFXX68UAVRJf7k&e=>
>>>     -
>>>     https://www.icann.org/en/correspondence/schaar-to-cerf-12mar07.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_schaar-2Dto-2Dcerf-2D12mar07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=WlZq4i6cH7wQwxH7a55uiLWhrPQk-Fp6zpwn2mVuqnU&e=>
>>>
>>>     ·Article 29 WP on ICANN’s WHOIS Database Policy (2006)
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=0R4CugyJ25EC8jg23u6f83R-SzcWVUrRuyVhGhPLAeQ&e=>https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=aE7SwRdj359pjt5pCdSveYyTaTA4299PAIh4A2DH1oI&e=>
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_lawson-2Dto-2Dcerf-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=ByhD5fgI-NZozcC_aUmxuJDuiLZ3pQO_CpVev9Dg3kk&e=>https://www.icann.org/en/correspondence/lawson-to-cerf-22jun06.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_lawson-2Dto-2Dcerf-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=bIfUMOYsNN9aESOnohBg6qEXmxm3VaIdkdHpK9Gl_2k&e=>
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_parisse-2Dto-2Dicann-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=Eg5vQ0-fjdyvM70TMY7vCaELvs_gYDm2DvW14IpaRbY&e=>https://www.icann.org/en/correspondence/parisse-to-icann-22jun06.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_parisse-2Dto-2Dicann-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=R-2FZz1H1Dqt8ESnB5TwF_qyvnK-suBWdXJhcH91IUk&e=>
>>>     -
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_fingleton-2Dto-2Dcerf-2D20jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kv4LGfw3lG9R7egJM7Mk6PuKfDLEeDFGuCy5-CIr2fQ&e=>https://www.icann.org/en/system/files/files/fingleton-to-cerf-20jun06-en.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_fingleton-2Dto-2Dcerf-2D20jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=Y2M1nqZWKQ6xMSXCHo7qVV7WHX06Bk3XVQctMznRFwY&e=>
>>>
>>>     ·Article 29 WP Opinion on the application of the data protection
>>>     principles to WHOIS directories
>>>     Article 29 WP 76 Opinion 2/2003
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_policies_privacy_docs_wpdocs_2003_wp76-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=F1r1QhCy3vX83VjPu0hK_sioGdkBX_5kYphDXpA7l0Q&e=>
>>>
>>>
>>>     ·Additional Article 29 WP documents that may be of interest to
>>>     this PDP WG
>>>
>>>     - Article 29 WP 5 Recommendation 2/97
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_1997_wp5-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=exXWLPNeD0JJDBS3po5Eqp2wiiDkDfO2IPMoQZwon1E&e=>
>>>
>>>     - Article 29 WP 33 Opinion 5/2000
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2000_wp33-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=WcRHBEEerx9M9q_QYYItLTRW3JhXBlHQ8H5sSJiQpvs&e=>
>>>
>>>     - Article 29 WP 41
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2001_wp41-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=02SfVeH8RqQY24RaZY7B8XpuAFHUFPLoj3QI8_XaKGs&e=>Opinion
>>>     4/2001
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2001_wp41-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=02SfVeH8RqQY24RaZY7B8XpuAFHUFPLoj3QI8_XaKGs&e=>
>>>
>>>     - Article 29 WP 56 Working Document 5/2002
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2002_wp56-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=X9Bw10En2LV0oPDAhdxCPL6I7d1gEbSX6hxErm1Esto&e=>
>>>
>>>     - Article 29 WP 217 Opinion 4/2014
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2014_wp217-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=YfVNcHS7vB5dNzSX9RM2FPKssGJMmRnv4Jd55L3yqSI&e=>
>>>
>>>     ·Council of Europe Declaration
>>>
>>>     -Declaration of the Committee of Ministers on ICANN, human
>>>     rights and the rule of law
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__wcd.coe.int_ViewDoc.jsp-3FRef-3DDecl-252803.06.2015-25292&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=bx0o1CZBlk2neLLBrx14hplKaQkSEAoQeWkWG5EFIyA&e=>
>>>     (3 June 2015)
>>>
>>>     ·EDPS Correspondence regarding Registration Data
>>>
>>>     -Opinion of the European Data Protection Supervisor: Europe's
>>>     role in shaping the future of Internet Governance
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__secure.edps.europa.eu_EDPSWEB_webdav_site_mySite_shared_Documents_Consultation_Opinions_2014_14-2D06-2D23-5FInternet-5FGovernance-5FEN.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=AUPuK_NYOQqZHqOoYEH2SQFbYSYY8Rea1c5dP-f2KaA&e=>(23
>>>     June 2014)
>>>
>>>     -ICANN's public consultation on 2013 RAA Data Retention
>>>     Specification Data Elements and - Legitimate Purposes for
>>>     Collection and Retention
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__secure.edps.europa.eu_EDPSWEB_webdav_site_mySite_shared_Documents_Consultation_Comments_2014_14-2D04-2D17-5FEDPS-5Fletter-5Fto-5FICANN-5FEN.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=c4mOTCJa_IWm1vL653Z92s249bvTJxJelBLzWP5EVVI&e=>(17
>>>     April 2014)
>>>
>>>     ·International Working Group on Data Protection in
>>>     Telecommunications and Media Documents
>>>
>>>     -Common Position relating to Reverse Directories
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_176_rever-5Fen.pdf-3F1201099194&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=djnlHZumj-preTvWxgvUS9ugoRuoHNh5b87d7yksy9w&e=>
>>>     (Hong Kong, 15.04.1998)
>>>
>>>     -Common Position on Privacy and Data Protection aspects of the
>>>     Registration of Domain Names on the Internet
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_222_dns-5Fen.pdf-3F1200656953&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=zVDHrz3aQSp2cMnwZKTwDD3UbiABV6J-ukke3MnFmiU&e=>
>>>     (Crete, 4./5.05.2000)
>>>
>>>     -Common Position on Privacy and Data Protection aspects of the
>>>     Publication of Personal Data contained in publicly available
>>>     documents on the Internet
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_220_pd-5Fen.pdf-3F1201099774&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=45Izx42o0mTuSd6Nt88stuPPJhemyRfg2NgD-1nD-gc&e=>
>>>     (Crete, 4./5.05.2000)
>>>
>>>     -Common Position on Incorporation of telecommunications-specific
>>>     principles in multilateral privacy agreements: Ten Commandments
>>>     to protect Privacy in the Internet World
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_216_tc-5Fen.pdf-3F1200658742&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=roY0SNiodoQNgvjU1SwZz-FTVERYApYCThgQ5AENiBY&e=>
>>>     (Berlin, 13/14.09.2000)
>>>
>>>     -Common Position on data protection aspects in the Draft
>>>     Convention on cyber-crime of the Council of Europe
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_218_cy-5Fen.pdf-3F1200656876&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=KfVfRAw3W5H3LF4dXL7mtXnB-9Luy_G_NAtdArNp4gU&e=>
>>>     (Berlin, 13/14.09.2000)
>>>
>>>     ·EWG Recommendations for a Next-Generation RDS
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D06jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=081_TAJEBYybphQqfoPE6BaY0syYr8TX8mOaCvBUlKI&e=>,
>>>     especially
>>>
>>>     -Section 3, Users and Purposes
>>>
>>>     -Annex C, Example Use Cases
>>>
>>>     -Annex A, Board Questions
>>>
>>>     ·EWG Tutorial
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__london50.icann.org_en_schedule_mon-2Dewg-2Dfinal-2Doverview_presentation-2Dewg-2Dfinal-2Doverview-2D23jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=G5q1dQLGpxVVN_zNOjYsut-v5Cq65X1C1SDW-tf_hmw&e=>Pages
>>>     17-20, 37-41and EWG FAQs
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_EWG_EWG-2BFAQs&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=mbe7PZ4gDoicRWqaH8rXPIo4GZ921Hai6KaJx4uCu8Q&e=>
>>>     9-12, 67
>>>
>>>     *·*Video FAQ “Is my purpose supported by the RDS?
>>>     <https://www.youtube.com/watch?v=YzPkxNNfDY4&list=UUl7rV9qJaQEx3GKhtSLx4QA>*”***
>>>
>>>     ·Statements/Blogs by Perrin
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_perrin-2Dstatement-2D24jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kUujOSmulQ5qahX6mQLU7OsJLPAwaaVQHZZ6bY9-Z6M&e=>
>>>     andSamuels
>>>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.circleid.com_posts_20141011-5Fbuilding-5Fa-5Fbetter-5Fwhois-5Ffor-5Fthe-5Findividual-5Fregistrant_&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=jWs3wR8mHFYW-I49h1MP5t9VJAzx-bMyUXS87I6QZpU&e=>
>>>
>>>     ·Process Framework
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gTLDRDS_Process-2BFramework&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=En6TdFMyuxd7pFs-ZGYPVZWOFhutKC_KObgzky4JtAA&e=>
>>>     for a PDP on Next-Generation RDS, especially Page 9, Row 1
>>>
>>>
>>>     Please let me know which documents you each of you have chosen
>>>     to review.
>>>
>>>     Thank you all for volunteering.
>>>     Susan Kawaguchi
>>>     Domain Name Manager
>>>     Facebook Legal Dept.
>>>
>>>
>>>     From: <gnso-rds-pdp-purpose-bounces at icann.org
>>>     <mailto:gnso-rds-pdp-purpose-bounces at icann.org>> on behalf of
>>>     Kiran Malancharuvil via gnso-rds-pdp-purpose
>>>     <gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>>
>>>     Reply-To: Kiran Malancharuvil
>>>     <Kiran.Malancharuvil at markmonitor.com
>>>     <mailto:Kiran.Malancharuvil at markmonitor.com>>
>>>     Date: Monday, March 28, 2016 at 11:57 AM
>>>     To: "gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>"
>>>     <gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>>
>>>     Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team
>>>
>>>     If we are going to table a recent ICANN expert group report on
>>>     Registration Directory Services, why don’t we start with the
>>>     Expert Working Group on Registration Directory Services rather
>>>     than SSAC?  It’s much more recent and was subjected to several
>>>     public comment periods.
>>>
>>>     Thanks,
>>>
>>>     Kiran
>>>
>>>     *From:*gnso-rds-pdp-purpose-bounces at icann.org
>>>     <mailto:gnso-rds-pdp-purpose-bounces at icann.org>
>>>     [mailto:gnso-rds-pdp-purpose-bounces at icann.org] *On Behalf Of
>>>     *Greg Shatan via gnso-rds-pdp-purpose
>>>     *Sent:* Monday, March 28, 2016 11:53 AM
>>>     *To:* Ayden Fabien Férdeline
>>>     *Cc:* Gnso-rds-pdp-purpose at icann.org
>>>     <mailto:Gnso-rds-pdp-purpose at icann.org>
>>>     *Subject:* Re: [gnso-rds-pdp-purpose] Purpose sub team
>>>
>>>     Edited below.
>>>
>>>     Greg
>>>
>>>
>>>     On Mon, Mar 28, 2016 at 12:46 PM, Ayden Fabien Férdeline
>>>     <gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>> wrote:
>>>
>>>     Hello all,
>>>
>>>
>>>     Thank you to Susan for setting out the approach we will take in
>>>     our sub-team. I will begin this exercise by tabling “WHOIS:
>>>     Blind Men and an Elephant
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__links5.mixmaxusercontent.com_aMjjKHWxnLSD3SEwj_l_JHXwtM1x9354tdJND-3Frn-3DIyZy9mLu5WYjlGQlN3bwJXdw1CckBXLzRmct82cudkI-26re-3DIyZy9mLu5WYjlGQlN3bwJXdw1CckBXLzRmct82cudkI&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=yIpnt7pEScNoV0T60C9yTIJ9Ga0fXAwdStrsm2mmtgk&e=>”,
>>>     a report from the Security and Stability Advisory Committee
>>>     (SSAC) in September 2012.
>>>
>>>
>>>     The gist of their report is that there are four current uses of
>>>     the WHOIS service, two of which the SSAC says are legitimate
>>>     (law enforcement access to data; security practitioner access to
>>>     data), and two where it is silent on the question of legitimacy
>>>     (public access to data; intellectual property owner access to
>>>     data). I have bullet pointed below the main arguments they raise
>>>     in relation to the purpose of collecting and maintaining this data:
>>>
>>>       * *_Terminology:_*
>>>       * SSAC disagrees with the term “WHOIS” - prefers three
>>>         specific terms be used: domain name “registration data,”
>>>         “access protocol,” and “directory services”.
>>>       * *_Data Elements:_*
>>>       * The appearance of email addresses guarantees that spam will
>>>         be delivered to those email addresses.
>>>       * *_Purpose:_*
>>>       * WHOIS was created to provide a means to make contact
>>>         information available for what was then a very small (and
>>>         essentially homogeneous in terms of user community) Internet
>>>         compared to what exists today.
>>>       * Today there are four main uses of WHOIS:
>>>           o Public access to details about a domain name registration.
>>>               + SSAC
>>>
>>>     ​notes that "It is a widely held belief that the public Internet
>>>     should have access to domain name registration data."
>>>>>>
>>>           o Law enforcement access to details about a domain name
>>>             registration.
>>>               + SSAC says this is a legitimate use case.
>>>           o Intellectual property owner access to details about a
>>>             domain name registration.
>>>               + SSAC
>>>
>>>     ​notes that "It is a widely held belief that intellectual
>>>     property owners should have access to domain name registration
>>>     data."
>>>>>>
>>>     .
>>>
>>>           o Security practitioner access to details about a domain
>>>             name registration.
>>>               + SSAC says this is a legitimate use case.
>>>       * SSAC would like to see research into why users purchase
>>>         privacy-proxy services. It has heard that some people do so
>>>         to hide from law enforcement, but would like to see more
>>>         research/evidence to validate this point. Privacy-proxy
>>>         services should not hinder the ability to trace the identity
>>>         of a domain name registrant.
>>>       * *_Access Levels:_*
>>>       * SSAC says we need to distinguish between what information is
>>>         collected and what information is published in an open
>>>         database. Does not comment any further.
>>>       * *_Universality:_*
>>>       * Whatever policy is adopted it should be applied universally
>>>         across all gTLDs.
>>>       * *_Accuracy:_*
>>>       * Whatever data is collected must be accurate and there must
>>>         be enforcement and compliance mechanisms in place to support
>>>         this.
>>>
>>>     I hope this summary is useful. Please let me know if you would
>>>     prefer that I summarise reports in a different way as we move
>>>     forward with the review of past literature.
>>>
>>>     Best wishes,
>>>
>>>
>>>     Ayden Férdeline
>>>
>>>     On Fri, Mar 25, 2016 at 11:28 PM, Susan Kawaguchi via
>>>     gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>> wrote:
>>>
>>>     Hello All,
>>>
>>>     Thank you for volunteering for the Purpose sub team.
>>>
>>>     This is a list of all that have volunteered -  Carlton Samuels,
>>>     Fabricio Vayra, Susan Prosser, Beth Allegretti, Jim Galvin,
>>>     Kiran Malancharuvil, Lori Schulman, Vlad Dinculescu, Richard
>>>     Leaning, Amr Elsadr, Donna Austin, Stephanie Perrin, Tjabbe Bos,
>>>     Sana Ali, Ayden Ferdeline, Greg Aaron, Jody Kolker, Adrian
>>>     Cheek, Kathy Kleiman, Chuck Gomes, Maryan Rizinski, Nathalie
>>>     Coupet, Roger Carney
>>>
>>>     I look forward to working with you all over the next couple of
>>>     weeks to collect, consolidate, concisely summarize, and then
>>>     present inputs and information about the purpose of registration
>>>     data.
>>>
>>>     This is a link to the RDS PDP WG document that describes the
>>>     approach the WG agreed upon
>>>     https://community.icann.org/download/attachments/58730879/RDS-PDP-Proposed-Summary-Approach.pdf
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_58730879_RDS-2DPDP-2DProposed-2DSummary-2DApproach.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=OXmX24xRRfQOe2uNKC2gvceBYO2V8_OlZP08LbRJ-Lg&e=>
>>>
>>>
>>>     Would any one like to volunteer to start collecting information
>>>     on purpose of registration data?  I am sure that the RDS PDP WG
>>>     wiki has resources to start this collection and then we should
>>>     think of what else should be included.  Once we have started
>>>     collecting the information I think a sub team conference call to
>>>     discuss what we are collecting would be helpful.
>>>
>>>     Any other ideas on how to approach our work?
>>>
>>>     Looking forward to the discussion.
>>>
>>>     Susan Kawaguchi
>>>
>>>     Domain Name Manager
>>>
>>>     Facebook Legal Dept.
>>>
>>>
>>>     _______________________________________________
>>>     gnso-rds-pdp-purpose mailing list
>>>     gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>
>>>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=E5d7OSngK_MJQ_XYYyZ__P5oY7YGk_RxVxKurwEV69I&e=>
>>>
>>>     Ayden Férdeline
>>>
>>>     +44.77.8018.7421 <tel:%2B44.77.8018.7421>
>>>
>>>     Image removed by sender.
>>>
>>>
>>>     _______________________________________________
>>>     gnso-rds-pdp-purpose mailing list
>>>     gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>
>>>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=E5d7OSngK_MJQ_XYYyZ__P5oY7YGk_RxVxKurwEV69I&e=>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     gnso-rds-pdp-purpose mailing list
>>>     gnso-rds-pdp-purpose at icann.org
>>>     <mailto:gnso-rds-pdp-purpose at icann.org>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>>>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=JxBIbick34wImXplHinKxNXDAajYwR_0rDX246Q1YMY&e=>
>>
>
>
>     _______________________________________________
>     gnso-rds-pdp-purpose mailing list
>     gnso-rds-pdp-purpose at icann.org <mailto:gnso-rds-pdp-purpose at icann.org>
>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=asOgaNDWLE5wlJcCMNuaDVtTTPa9sLyIEdEORbCj7ko&s=nTagqtWQXh9MER1o5BAYgk6USuPg0e0VLrddQ4ZUE-A&e=>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-purpose mailing list
> gnso-rds-pdp-purpose at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160331/a89b687c/attachment-0001.html>


More information about the Gnso-rds-pdp-privacy mailing list