<div dir="ltr"><div class="gmail_default" style="font-family:'comic sans ms',sans-serif;font-size:small"><div class="gmail_default">I have been asked to summarize that portion of the EWG's Report pertaining privacy, inclusive of the FAQs. </div><div class="gmail_default"><br></div><div class="gmail_default">Much of what is said can be gleaned from Pages 11-12 and Section VI of the report, Here goes:</div><div class="gmail_default">-----------------------------------------------------------------------------</div><div class="gmail_default">The EWG explicitly adopted that for the next generation RDS, registrants have a right to privacy and the reasonable expectation for the protection of their personal data, even when jurisdictions do not have data protection laws. We explicitly recommended adoption of a policy framework of 'privacy from the start' and implement mechanisms to introduce, harmonize and routinely reinforce this perspective; privacy by design. </div><div class="gmail_default"><br></div><div class="gmail_default">We recommended adoption of several overarching legal principles as framework:</div><div class="gmail_default"><br></div><div class="gmail_default" style="font-family:arial,sans-serif"><font face="trebuchet ms, sans-serif"><i>" Personal data must be:</i></font></div><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i></i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>· processed lawfully, fairly and in a transparent manner in relation to the data subject,</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>· collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes,</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i> · adequate, relevant, and limited to the minimum necessary in relation to the purposes for which they are processed, and</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>· accurate and kept up-to-date as required for the specified purposes.</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i> </i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>Lawful processing, including transfer and disclosure can be – subject to the relevant jurisdiction – based on:</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>• consent of the data subject,</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>• the necessity for the performance of a contract to which the data subject is party, and</i></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"><i>• the necessity for compliance with a legal obligation to which the controller is subject.</i></font></p><div class="gmail_default" style="display:inline"><font face="trebuchet ms, sans-serif"><i>"</i></font></div><font face="trebuchet ms, sans-serif" style="font-size:14.4px"></font><p style="font-family:arial,sans-serif;font-size:14.4px"></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"> </font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;font-family:arial,sans-serif;font-size:14.4px"><font face="trebuchet ms, sans-serif"></font></p><div class="gmail_default" style="display:inline"><font face="trebuchet ms, sans-serif">In addition, the Group adopted as principle the a </font></div><font face="trebuchet ms, sans-serif" style="font-size:14.4px">right<div class="gmail_default" style="font-family:'comic sans ms',sans-serif;font-size:small;display:inline"> of the data subject to</div> access <div class="gmail_default" style="font-family:'comic sans ms',sans-serif;font-size:small;display:inline">the</div> information and a right to rectify inaccuracy <div class="gmail_default" style="font-family:'comic sans ms',sans-serif;font-size:small;display:inline">in the information kept on them.</div></font><div class="gmail_default" style="display:inline"></div><p style="font-family:arial,sans-serif;font-size:14.4px"></p><div class="gmail_default">The report then outlined several ways privacy would be embraced and even enhanced in the next generation RDS:<br></div><div class="gmail_default"><br></div><div class="gmail_default">- ICANN adopt and disseminate a privacy policy</div><div class="gmail_default" style="font-family:arial,sans-serif"><font face="comic sans ms, sans-serif">- Add and use s<span style="font-size:11pt;line-height:15.6933px">tandard contract clauses that are harmonized with privacy and data protection laws and codified in policy</span></font></div><div class="gmail_default" style="font-family:arial,sans-serif"><font face="comic sans ms, sans-serif"><span style="font-size:11pt;line-height:15.6933px">- </span><span style="font-size:11pt;line-height:15.6933px">A “rules engine” to apply data protection laws by jurisdiction</span></font></div><div class="gmail_default">- a pre-validated Contact Directory which offers unique Contact IDs to deter personal data fraud</div><div class="gmail_default">- a centralized interface from whence to access all gTLD registration data </div><div class="gmail_default">- gated dataset beyond a small subset of RD for publication</div><div class="gmail_default">- RDAP or EPP to access gTLD data in the several registration data stores</div><div class="gmail_default">- purpose driven access to data inside the gate and only to users who disclose their identity, are authenticated, request gated data for a previously determined permissible purpose and are accountable. This includes law enforcement. </div><div class="gmail_default" style="font-family:arial,sans-serif"><font face="comic sans ms, sans-serif">- <span style="font-size:11pt;line-height:15.6933px">An accredited Privacy/Proxy Service for general use </span></font></div><div class="gmail_default" style="font-family:arial,sans-serif"><font face="comic sans ms, sans-serif"><span style="font-size:11pt;line-height:15.6933px">- </span><span style="font-size:11pt;line-height:15.6933px">An accredited Secure Protected Credentials Service for persons at risk and in instances where free speech rights may be denied or speakers persecuted.</span></font></div><div class="gmail_default" style="font-family:arial,sans-serif"><span style="font-size:11pt;line-height:15.6933px"><font face="comic sans ms, sans-serif">--------------------------------------------------------------------------------------------</font></span></div><div class="gmail_default" style="font-family:arial,sans-serif"><span style="font-size:11pt;line-height:15.6933px"><font face="comic sans ms, sans-serif"><br></font></span></div><div class="gmail_default" style="font-family:arial,sans-serif"><span style="font-size:11pt;line-height:15.6933px"><font face="comic sans ms, sans-serif">-Carlton</font></span></div></div><div><div class="gmail_signature"><br>==============================<br>Carlton A Samuels<br>Mobile: 876-818-1799<br><i><font color="#33CC00">Strategy, Planning, Governance, Assessment & Turnaround</font></i><br>=============================</div></div>
</div>