<div dir="ltr">Hello All, <div><br></div><div>Kathy has given some great insights on Privacy and Data protection laws, I believe with the 109 countries that have these laws, we can start the work to review the intersection of these laws as we do two things </div><div><br></div><div>1. Proceed with what Farrels was about to suggest - Benchmark study for data protection and privacy in all countried and later submit a report to a larger community. </div><div><br></div><div>2. Since we have the laws in 109 countries we can proceed to make a review assessment. </div><div><br></div><div>On the suggestion made by Farell;</div><div><br></div><div><ul style="font-size:12.8px"><li style="margin-left:15px">what information is required for a domain name management : efficiency, traceability, openness ?<br></li><li style="margin-left:15px">what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true.</li></ul><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I think this is the point to start the Brainstorming. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Could we use a google docs as we start the Review process and Assessment? Based on the opening suggestions given by Farell. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I am beginning to see the direction of Assessment and Review. </span></div><span style="font-size:12.8px;line-height:1.5"></span></div></div><div hspace="streak-pt-mark" style="max-height:1px"><img style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=aZG5kYW5uYW5nQGdtYWlsLmNvbQ%3D%3D&type=zerocontent&guid=e6ef04ac-8f04-4bfe-9c6a-f23cda9a04aa"><font color="#ffffff" size="1">ᐧ</font></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div> <br>Regards <br>Nanghaka Daniel K.<br>Executive Director - ILICIT Africa / Council Member - FOSSFA / Community Lead - ISOC Uganda Chapter<br>Mobile +256 772 898298 (Uganda)<br></div><div>Skype: daniel.nanghaka<br></div><div><br></div><div>----------------------------------------- <i><span>"Working for Africa" </span></i>-----------------------------------------<br><img src="https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPOGxHaDhJMGZwN2c&revid=0BwH7MatcY6gPWmQyTXJIdWtScmN2ZUxpRDBpZG8wZUd5ZkhBPQ" height="87" width="87"> <img src="https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPeFAxdFF3Skk4b3M&revid=0BwH7MatcY6gPK2MxMkFyME5BWS9hb0VQMFRmTVFTMlB2SENRPQ" height="73" width="278"><br><img src="https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPSF9OWXFHYkV3ZVk&revid=0BwH7MatcY6gPcURiZC9meEU1cEJzaGk3TTBjOUE2NWNxSEg0PQ" height="86" width="436"><br></div></div></div></div></div></div>
<br><div class="gmail_quote">On Sun, Apr 3, 2016 at 2:57 PM, Farell Folly via Gnso-rds-pdp-privacy <span dir="ltr"><<a href="mailto:gnso-rds-pdp-privacy@icann.org" target="_blank">gnso-rds-pdp-privacy@icann.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello All,<div><ol></ol><span style="line-height:1.5"><ol><li><span style="line-height:1.5">Dear kathy, Thank you very much for this information. I was about to suggest we proceed to a benchmark study for data protection and privacy in all countries, or we submit our later report to a larger community (UN or any organization with a high number of member states compare to the Council of Europe(an) -Union). It is a very good point to have such a list of countries with or without data privacy laws.</span><br></li><li><span style="line-height:1.5">However, we don't have the content of all those laws (to know other countries'requirements also) and time won't permit us to doing so. Therefore, I suggest we base our job on the principles which are accepted by a highest number of countries, or collected let's say an organization with the highest number of member states in the world that ratified such laws.</span><br></li><li><span style="line-height:1.5">The Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, adopted on April 2014 ("ARTICLE 29 DATA PROTECTION WORKING PARTY"), is in my opinion a very good document, but it is based on European principles under 95/46/EC. The good news is many African countries (include mine) adopted most of legal principles of Europe but not all them, nor the countries outside Europe and Africa. So we really need to check whether the six grounds stated in this document apply everywhere or whether there is an incompatibility with those six grounds with another principle in any country outside Europe.</span><br></li><li><span style="line-height:1.5">Most of the grounds are related to the user consent while one explicitly recommends to make some balance tests : necessity against data subject freedom or right to protection against freedom of expression.</span><br></li><li><b style="line-height:1.5">All the documents provided by most of us are mostly dealing with "what information can be accessed and why", but according to EWG final report data privacy/protection should also address mechanisms (systems, equipements, procedures) to implement to ensure. That is the HOW (to access and to ensure that information is accessed in the right manner)</b><span style="line-height:1.5">.</span><br></li></ol></span><ol></ol><ol></ol><ol></ol><ol></ol><div>My suggestion : is let's brainstorm (may be too late) about </div><div><ul><li>what information is required for a domain name management : efficiency, traceability, openness ?<br></li><li>what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true.</li></ul><span style="line-height:1.5">WHOIS informations should have some mandatory information and optional depending on local regulation.</span><br><span style="line-height:1.5">Users can choose which information can be made public and the conditions associated with. Some policies might apply to registrars to not make those information public, but available, however, for efficiency, traceability and any other legal reason.</span><br></div></div><br><div class="gmail_quote"><div><div class="h5"><div dir="ltr">Le sam. 2 avr. 2016 à 23:54, Kathy Kleiman via Gnso-rds-pdp-privacy <<a href="mailto:gnso-rds-pdp-privacy@icann.org" target="_blank">gnso-rds-pdp-privacy@icann.org</a>> a écrit :<br></div></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div bgcolor="#FFFFFF" text="#000000">
David and All,<br>
I appreciate this Privacy sub-group mission of seeking additional
information about privacy and data protection frameworks and laws
that impact our work in this WG. The world has changed significantly
since the founding of ICANN,
particularly re: privacy and data protection laws. Currently, 109
countries have data protection laws – more than half the world –
and the number is growing rapidly.
<p>I. <b>Global Data Protection Laws <br>
</b></p>
<p>These countries exist in ICANN's key regions, with countries in
Africa, Asia & the Pacific, Europe, Latin America and North
America. I can't imagine any registrar who is not touched by these
laws or representing registrants in these regions. Per the mandate
of this sub-group, we are asked to lay out
information about these data protection laws and frameworks and to
that end, I attach:
</p>
<ol>
<li>
<p>“Global Tables of Data Privacy Laws and Bills (4<sup>th</sup>
Ed, January 2015)” with 109 countries; and</p>
</li>
<li>
<p>“Global data privacy laws 2015,” an article by Professor
Greenleaf, which lays out the clear and rapid path of privacy
law adoption. He writes in the opening to this article:</p>
<p>“This is the fourth in a series of articles which has
documented the increasing number of countries with data
privacy laws, initially assessed in mid-2011 to an (unexpected
high) 76, expanding through new laws and further research to
89 by early 2012, and then by mid-2013 to 99. The number of
countries which have now enacted data privacy laws has risen
to 109 over the past eighteen months.” (attached)</p>
</li>
</ol>
<b>II. Council of Europe</b>
<p>Further, the Council of Europe's Treaty 108 on Data Protection is
signed by 47 countries with 3 more in the process of signing. All
are listed in this attachment and I would like to request that
this treaty and its signatories become an official part of our
sub-group record: </p>
<p><a href="http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=o943zouk" target="_blank"></a><a href="http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=o943zouk" target="_blank">http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=o943zouk</a></p>
<br>
III. <b>European Union</b>
<p style="font-weight:normal">Finally, the European Data Protection
Directive, 1995, is a key document for the 28 countries of the
European Union and a foundation document for the dozens of data
protection laws that followed around the world. The 28 members of
the
EU are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany,
Greece,
Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden and the UK. I would ask that the Directive be included in
our materials,
<a href="http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012" target="_blank"></a><a href="http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012" target="_blank">http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012</a>.
</p>
<p>Tx again for this important collection of documents.</p>
<p>Best,</p>
Kathy
<br>
</div></div></div>
_______________________________________________<br>
Gnso-rds-pdp-privacy mailing list<br>
<a href="mailto:Gnso-rds-pdp-privacy@icann.org" target="_blank">Gnso-rds-pdp-privacy@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy</a></blockquote></div></div><span class="HOEnZb"><font color="#888888"><div dir="ltr">-- <br></div><div dir="ltr">Best regards,<div><br><div>@__f_f__</div></div></div>
</font></span><br>_______________________________________________<br>
Gnso-rds-pdp-privacy mailing list<br>
<a href="mailto:Gnso-rds-pdp-privacy@icann.org">Gnso-rds-pdp-privacy@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy</a><br></blockquote></div><br></div>