<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font size="+2"><font face="Lucida Grande">These are good
questions Steve. I am at the IWGDPT spring meeting and will
ask if the group or leadership would be able to answer them.
I can assure folks, however, even though I have not personally
gone through the 400 page regulation (many of the folks here
at the meeting are still working their way through the
detailed analysis) that the basic principles of the Directive,
on which the WHOIS analysis is based have not been made
irrelevant. I doubt I will be able to get a formal statement,
but I will certainly ask for guidance from the members of the
group who are engaged on the issue of the RDS. Everyone I
have spoken to expect a rather smooth transition to the new
regime, although certainly there are enough administrative and
enforcement changes to require a great deal of work over the
next few years. <br>
</font></font></p>
<p><font size="+2"><font face="Lucida Grande">Our group,
alternatively and for greater certainty, could of course
simply write to the Article 29 working party and ask what
repercussions the new Regulation might have on their previous
guidance. <br>
</font></font></p>
<p><font size="+2"><font face="Lucida Grande">kind regards,</font></font></p>
<p><font size="+2"><font face="Lucida Grande">Stephanie Perrin</font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2016-04-25 22:47, Metalitz, Steven
wrote:<br>
</div>
<blockquote
cite="mid:E5B4A2ED43DFAE4F9E710FA54FEF8F624BB861FE@LAEX02.MSK.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Grande";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">At
this stage I have one nomination for inclusion among “most
relevant documents”; one comment on previous nominations;
and one question/concern. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">First,
I believe that the Thick Whois PDP report, and the legal
review presented to the Implementation Review Team on Thick
Whois (this is document #6 in the list from the
consolidated PDF) is highly relevant, since it represents
the most recent thinking from ICANN concerning the impact of
privacy/data protection laws on one aspect of the current
RDS (a/k/a Whois).
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Second,
while the Schrems decision, the resulting Privacy Shield
document, and WP 29’s opinion thereon (there is a very
extensive presentation on all this in item #22 of the
consolidated PDF) are certainly important in data protection
discussions generally, I question whether they meet the
“most relevant” criterion for our work. To my knowledge
(and I know I will be corrected if I am wrong!), no ICANN
accredited registrar or registry has ever explicitly relied
upon the former US-EU “safe harbor” regime to justify its
processing or transfer of Whois data. The fact that Schrems
invalidated the safe harbor regime decision, and that the US
and the European Commission subsequently negotiated the
Privacy Shield to replace it, would appear to have no direct
impact on the registration data status quo, at least. To be
clear, I am not questioning the importance of these
documents, only whether they meet the criterion of “greatest
relevance” to our WG’s work.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Third,
as has been pointed out more than once on this list, the new
EU Data Protection Regulation will come into force in two
years (i.e., almost certainly before the output of this
Working Group will have been implemented), and as I
understand it the Regulation will supplant the Data
Protection Framework Directive that has been in force for
more than 20 years. Since the 1995 Framework Directive
provides the basis for many of the documents we have
compiled (including but not limited to all the Article 29 WP
documents), has anyone assessed the extent to which these
other documents remain directly applicable to the issues
before our WG? In other words, leaving to one side the
significance of any given Article 29 WP document for our
work, how will that significance be affected by the fact
that the legal instrument which these documents interpret or
apply will no longer be in force by the time ICANN acts on
our WG’s recommendations? I think we would benefit from
hearing the views of those much closer to the details of the
European developments than I am. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Steve
Metalitz
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#88162E"><o:p> </o:p></span></b></p>
</div>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-privacy-bounces@icann.org">gnso-rds-pdp-privacy-bounces@icann.org</a>
[<a class="moz-txt-link-freetext" href="mailto:gnso-rds-pdp-privacy-bounces@icann.org">mailto:gnso-rds-pdp-privacy-bounces@icann.org</a>]
<b>On Behalf Of </b>Gomes, Chuck<br>
<b>Sent:</b> Monday, April 25, 2016 9:38 AM<br>
<b>To:</b> Stephanie Perrin;
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-privacy@icann.org">gnso-rds-pdp-privacy@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-rds-pdp-privacy] Docs most
relevant in our Privacy Subgroup summary<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Good
question Stephanie. I don’t want to interfere with David’s
role as leader of this team but here is my answer: Relevant
= most helpful in the WG’s task of finalizing a work plan
and in the deliberation we are tasked with doing regarding
the list of charter questions from our charter. Keep in
mind something I said in one of our meetings: Identifying
what are thought to be the most relevant documents does not
mean we will exclude other documents but rather will help us
know which documents to start with.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Chuck<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-privacy-bounces@icann.org">gnso-rds-pdp-privacy-bounces@icann.org</a>
[<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-privacy-bounces@icann.org">mailto:gnso-rds-pdp-privacy-bounces@icann.org</a>]
<b>On Behalf Of </b>Stephanie Perrin<br>
<b>Sent:</b> Monday, April 25, 2016 9:23 AM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-privacy@icann.org">gnso-rds-pdp-privacy@icann.org</a><br>
<b>Subject:</b> Re: [Gnso-rds-pdp-privacy] Docs most
relevant in our Privacy Subgroup summary<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="font-size:18.0pt;font-family:"Lucida
Grande","serif"">Could we please clarify 1)
why we are picking our top 5 and 2) what we mean by
relevant? if we are evaluating ICANN's role as a data
controller in dictating the collection, use, and disclosure
of information, the 2013 RAA is probably the most relevant
document. IF we are trying to help colleagues from
different backgrounds understand what we are talking about
in terms of data protection, Kathy's list is an excellent
one. We need both, in my view. Hence my slowness in
getting off the mark, I am confused. </span><o:p></o:p></p>
<p><span style="font-size:18.0pt;font-family:"Lucida
Grande","serif"">cheers Stephanie</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 2016-04-25 15:19, Gomes, Chuck wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I
think ‘relevant’ is a key word, a point that Lisa made to
the leadership team a few days ago.
</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Chuck</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-privacy-bounces@icann.org">gnso-rds-pdp-privacy-bounces@icann.org</a>
[<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-privacy-bounces@icann.org">mailto:gnso-rds-pdp-privacy-bounces@icann.org</a>]
<b>On Behalf Of </b>Kathy Kleiman<br>
<b>Sent:</b> Monday, April 25, 2016 9:03 AM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-privacy@icann.org">gnso-rds-pdp-privacy@icann.org</a><br>
<b>Subject:</b> [Gnso-rds-pdp-privacy] Docs most
relevant in our Privacy Subgroup summary</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Arial","sans-serif"">Hi
All,tand <br>
I think we have been asked for our list of the most
relevant documents for the Working Group from our Privacy
subgroup. It is hard to choose from the excellent list and
summaries prepared!
<br>
<br>
My thoughts are that the documents below provide the best
overview of pivotal legal principles of data protection,
show the enormous spread of these principles around the
world (particularly recently), and give us guidance for
interpretation of these principles (including what it
means to be a "data controller" and requires) are below. <br>
<br>
Best regards,<br>
Kathy<br>
<br>
In answer to subgroup question "(ii) Which inputs are
likely to be the most important [relevant] during WG
deliberations and why?", I share:<br>
<br>
1) The EU Data Protection Directive 1995 (the best known
of all data protection laws; the legal obligations of all
countries in the EU)<br>
2) The Council of Europe's Treaty 108 on Data Protection
(created in 1981, and signed about 47 countries within and
outside the EU, this is a key founding document of
comprehensive data protection laws)
<br>
<br>
3) Professor Greenleaf's two articles (part of the same
book) set out his studies showing that the adoption of
data protection laws is growing rapidly -- and in 2015 the
number of countries with comprehensive data protection
laws surpassed those without data protections laws. More
than a majority of the countries of the world have now
adopted comprehensive data protection laws and legal
frameworks.
<br>
<br>
4) </span><span
style="font-family:"Arial","sans-serif""
lang="EN-GB">Schrems v. Data Protection Commissioner
(2015)/EU-US Privacy Shield (2016) - very recent cases and
agreements which clearly show that rigorous enforcement of
EU data protection laws is on the rise by high courts and
their decisions are forcing new agreements to be
negotiated which raise the legal requirements for
transferring data from the EU countries to other parts of
the world. The new EU-U.S. Privacy Shield is an important
example of these higher legal requirements. The Article 29
Working Party Opinion on the Privacy Shield -- only about
two weeks old -- is important for its discussion of these
newest of major legal data protection frameworks.<br>
<br>
5) Opinion 2/2003 on the Application of the Data
Protection Principles to the Whois directories is the
Article 29 Working Party's opinion expressly guiding ICANN
on how to apply data protection laws and frameworks to the
Whois issues. What could be more "on point" for our full
Working Group's work? <br>
<br>
6) McIntyre v. Ohio Elections Commission, a decision in
1995 by the US Supreme Court, affirming the importance of
anonymous speech in creating an avenue for important, but
unpopular and minority ideas to enter into a country's
robust political, cultural and artistic discussions. In
this decision, the US Supreme Court found that anonymity
speech is a protected under the US First Amendment and a
person cannot be forced to put her/his name and address on
all of statements.
<br>
<br>
Best regards, <br>
Kathy</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gnso-rds-pdp-privacy mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:Gnso-rds-pdp-privacy@icann.org">Gnso-rds-pdp-privacy@icann.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>