[gnso-rds-pdp-purpose] Purpose Team Checklist - 7 April
Vayra, Fabricio (Perkins Coie)
FVayra at perkinscoie.com
Mon Apr 11 16:08:15 UTC 2016
I reviewed the following and have included the most pertinent language (if any - implicit or explicit) to purpose:
Article 29 Opinions and other docs:
· Article 29 WP 76 Opinion 2/2003 (http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf)
o essential to determine in very clear terms what is the purpose of the Whois and which purpose(s) can be considered as legitimate and compatible to the original purpose;
o data should be relevant and not excessive for the specific purpose;
o necessary to look for less intrusive methods that would still serve the purpose of the Whois directories without having all data directly available on-line to everybody;
o data needs to be accurate; and
o data should not be used for bulk marketing.
· Article 29 WP 5 Recommendation 2/97 (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/1997/wp5_en.pdf)
o Nothing about purpose; simply takes note of the Report and Guidance by the International Working Group on Data Protection in Telecommunications ("Budapest - Berlin Memorandum on Data Protection and Privacy on the Internet"); Considers that this initiative might contribute to the improvement of the protection of fundamental rights of individuals, in particular their privacy, on a worldwide basis.
· Article 29 WP 33 Opinion 5/2000 (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2000/wp33_en.pdf)
o Nothing about purpose; simply states that specific and informed consent of the subscriber must be obtained prior to the inclusion of his personal data into all kinds of public directories (traditional telephony, mobile telephony, electronic mail, electronic signatures etc.) used for reverse or multi-criteria searches. (Article 29 WP 76 Opinion 2/2003 says the same thing)
· Article 29 WP 41 Opinion 4/2001 (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2001/wp41_en.pdf)
o Nothing about purpose; simply states the Council of Europe, in promoting international co-operation in matters of cyber-crime outside its own membership, needs to pay particular attention to the protection of fundamental rights and freedoms, especially the right to privacy and personal data protection.
· Article 29 WP 56 Working Document 5/2002 (http://www.cnpd.public.lu/en/publications/groupe-art29/wp056_en.pdf)
o Nothing about purpose; this is a working document that admits to "not offer definitive solutions concerning all possible issues related to this question" of processing of personal data on the Internet by non-EU based web sites.
· Article 29 WP 217 Opinion 4/2014 (http://www.cnpd.public.lu/fr/publications/groupe-art29/wp217_en.pdf)
o Document analyzes the criteria set down in Article 7 of Directive 95/46/EC for making data processing legitimate. Focusing on the legitimate interests of the controller, it provides guidance on how to apply Article 7(f) under the current legal framework and makes recommendations for future improvements. Article 7 requires that personal data shall only be processed if at least one of six legal grounds listed in that Article apply. In particular, personal data shall only be processed (a) based on the data subject's unambiguous consent; or if -briefly put -processing is necessary for:
(b) performance of a contract with the data subject;
(c) compliance with a legal obligation imposed on the controller;
(d) protection of the vital interests of the data subject;
(e) performance of a task carried out in the public interest; or
(f) legitimate interests pursued by the controller, subject to an additional balancing test against the data subject's rights and interests.
· Notes that the law must "comply with data protection law, including the requirement of necessity, proportionality and purpose limitation."
· Notes that "[i]n data protection discourse, "purpose' is the specific reason why the data are processed.
Council of Europe
· Declaration of the Committee of Ministers on ICANN, human rights and the rule of law (3 June 2015) (https://search.coe.int/cm/Pages/result_details.aspx?ObjectID=09000016805c3417)
o Nothing about purpose; simply states the contractual policies and services made accessible to the public by ICANN involve the processing and retention of personal data that can necessitate compliance with national law and may raise issues under Article 8 of the European Convention on Human Rights with regard to the right to private and family life.
Other purpose-related resources not yet identified that I found important to summarize are the white and green papers that were drafted to support/create ICANN:
· Green Paper (https://www.ntia.doc.gov/legacy/ntiahome/domainname/022098fedreg.htm)
o The job of policing trademarks could be considerably easier if domain name databases were readily searchable through a common interface to determine what names are registered, who holds those domain names, and how to contact a domain name holder. Many trademark holders find the current registration search tool, who is, too limited in its functioning to be effective for this purpose. A more robust and flexible search tool, which features multiple field or string searching and retrieves similar names, could be employed or developed to meet the needs of trademark holders. The databases also could be kept up to date by a requirement that domain name registrants maintain up-to-date contact information.
o Appendix 2--Minimum Dispute Resolution and Other Procedures Related to Trademarks
1. Minimum Application Requirements.
a. Sufficient owner and contact information (e.g., names, mail address for service of process, e-mail address, telephone and fax numbers, etc.) to enable an interested party to contact either the owner/applicant or its designated representative
...
2. Searchable Database Requirements.
a. Utilizing a simple, easy-to-use, standardized search interface that features multiple field or string searching and the retrieval of similar names, the following information must be included in all registry databases, and available to anyone with
access to the Internet:
--Up-to-date ownership and contact information;
--Up-to-date and historical chain of title information for the
domain name;
--A mail address for service of process;
--The date of the domain name registration; and
--The date an objection to registration of the domain name was
filed.
3. Updated Ownership, Contact and Use Information.
a. At any time there is a change in ownership, the domain name owner must submit the following information:
--Up-to-date contact and ownership information; and
--A description of how the owner is using the domain name, or, if
the domain name is not in use, a statement to that effect.
· White Paper (https://www.icann.org/resources/unthemed-pages/white-paper-2012-02-25-en)
o Trademark Issues. Trademark holders and domain name registrants and others should have access to searchable databases of registered domain names that provide information necessary to contact a domain name registrant when a conflict arises between a trademark holder and a domain name holder. To this end, we anticipate that the policies established by the new corporation would provide that following information would be included in all registry databases and available to anyone with access to the Internet:
§ up-to-date registration and contact information;
§ up-to-date and historical chain of registration information for the domain name;
§ a mail address for service of process;
§ the date of domain name registration;
§ the date that any objection to the registration of the domain name is filed; and
§ any other information determined by the new corporation to be reasonably necessary to resolve disputes between domain name registrants and trademark holders expeditiously.
· Final Report from the Expert Working Group on gTLD Directory Services: A Next-Generation Registration Directory Service (RDS) (https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf)
o Purpose is mentioned 25 separate times throughout the report, including in the overall EWG recommendation for "a paradigm shift to a next-generation RDS that collects, validates and discloses gTLD registration data for permissible purposes only. While basic data would remain publicly available, the rest would be accessible only to accredited requestors who identify themselves, state their purpose, and agree to be held accountable for appropriate use."
...
"The EWG is confident that this Final Report fulfills the ICANN Board's directive to help redefine the purpose and provision of gTLD registration data, providing a solid foundation to help the ICANN community (through the Generic Names Supporting
Organization, GNSO) create a new global policy for gTLD directory services."
o See in more detail Sections on Purpose, specifically: II(b) Purpose, III(b) RDS Users and Purposes, III(c) Purposes to be Accommodated or Prohibited, III(e) Purpose-Based Contact Principles, III(f) Purpose-Based Contact Roles and Responsibilities
I hope that this is helpful to the discussion.
Thanks,
Fab
Fabricio Vayra | Perkins Coie LLP
PARTNER
700 Thirteenth Street, N.W. Suite 600
Washington, DC 20005-3960
D. +1.202.654.6255
F. +1.202.654.9678
E. FVayra at perkinscoie.com<mailto:FVayra at perkinscoie.com>
[cid:image001.jpg at 01D054C5.01001EE0]
-----Original Message-----
From: gnso-rds-pdp-purpose-bounces at icann.org [mailto:gnso-rds-pdp-purpose-bounces at icann.org] On Behalf Of Lisa Phifer via gnso-rds-pdp-purpose
Sent: Thursday, April 07, 2016 1:03 AM
To: gnso-rds-pdp-purpose at icann.org
Subject: [gnso-rds-pdp-purpose] Purpose Team Checklist - 7 April
Hello all,
Another updated purpose team checklist (attached) has been posted to
the wiki at:
https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_p4xlAw&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=gvpmravAB-fS7Vlt9vf77zJdRaKbCELdwGcI6t5Hc_Y&e=
Just follow the link above if you're looking for the latest daily
update of any team's checklist.
The purpose team still has several documents left without volunteers:
* Article 29 WP statement on the data protection impact of the ICANN
RAA (2013-2014)
* Article 29 WP comments on the data protection impact of the
revision of the ICANN RAA concerning accuracy and data retention of
WHOIS (2012)
* Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts with
Privacy Law (2007)
* Article 29 WP on ICANN's WHOIS Database Policy (2006)
* Article 29 WP Opinion on the application of the data protection
principles to WHOIS directories
* Additional Article 29 WP documents that may be of interest to this PDP WG
* Council of Europe
<https://urldefense.proofpoint.com/v2/url?u=https-3A__wcd.coe.int_ViewDoc.jsp-3FRef-3DDecl-252803.06.2015-25292&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=Sbyu-m5yWi4KEWqKpy55aaGyq0AOMgOQxfPPBy84Ygs&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__wcd.coe.int_ViewDoc.jsp-3FRef-3DDecl-252803.06.2015-25292&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=Sbyu-m5yWi4KEWqKpy55aaGyq0AOMgOQxfPPBy84Ygs&e=%20> >Declaration
of the Committee of Ministers on ICANN, human rights and the rule of
law (3 June 2015)
*
<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=kGTvjQm-wpEoHmd833PT540JTGZBgA1H1pXd6_zRnv4&e= <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=kGTvjQm-wpEoHmd833PT540JTGZBgA1H1pXd6_zRnv4&e=%20> >European
Commission Website: Obligations of Data Controllers
*
<https://urldefense.proofpoint.com/v2/url?u=http-3A__london50.icann.org_en_schedule_mon-2Dewg-2Dfinal-2Doverview_presentation-2Dewg-2Dfinal-2Doverview-2D23jun14-2Den.pdf&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=jn8nuvyP-vyW9HokbMSDs6AjcSQqi9C8oIOiMjEGoSw&e= <https://urldefense.proofpoint.com/v2/url?u=http-3A__london50.icann.org_en_schedule_mon-2Dewg-2Dfinal-2Doverview_presentation-2Dewg-2Dfinal-2Doverview-2D23jun14-2Den.pdf&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=jn8nuvyP-vyW9HokbMSDs6AjcSQqi9C8oIOiMjEGoSw&e=%20> >EWG
Tutorial Pages 17-20, 37-41 and
<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_EWG_EWG-2BFAQs&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=Ki6wS9Pi4ZdPQu3tdXSeVhE3CpER8sj2iJjJFAEPZ5s&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_EWG_EWG-2BFAQs&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=Ki6wS9Pi4ZdPQu3tdXSeVhE3CpER8sj2iJjJFAEPZ5s&e=%20> >EWG FAQs 9-12, 67
and Video FAQ
"<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DYzPkxNNfDY4-26list-3DUUl7rV9qJaQEx3GKhtSLx4QA&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=6t45B_sQVvz_nQ_akQU4BeED8p3l6JFjTa5UornVJ8M&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DYzPkxNNfDY4-26list-3DUUl7rV9qJaQEx3GKhtSLx4QA&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=6t45B_sQVvz_nQ_akQU4BeED8p3l6JFjTa5UornVJ8M&e=%20> >Is
my purpose supported by the RDS?"
* Statements/Blogs by
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_perrin-2Dstatement-2D24jun14-2Den.pdf&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=8rpl501KM0PlE3IDM5DpeP-J0nMV-6FM1tmndjQ5CZ8&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_perrin-2Dstatement-2D24jun14-2Den.pdf&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=8rpl501KM0PlE3IDM5DpeP-J0nMV-6FM1tmndjQ5CZ8&e=%20> >Perrin
and<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.circleid.com_posts_20141011-5Fbuilding-5Fa-5Fbetter-5Fwhois-5Ffor-5Fthe-5Findividual-5Fregistrant_&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=27-iqtb5uC49N43enMMbttdUxCOCpwadqxSumXPB2Cg&e= <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.circleid.com_posts_20141011-5Fbuilding-5Fa-5Fbetter-5Fwhois-5Ffor-5Fthe-5Findividual-5Fregistrant_&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=27-iqtb5uC49N43enMMbttdUxCOCpwadqxSumXPB2Cg&e=%20> >
Samuels
*
<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gTLDRDS_Process-2BFramework&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=MXb7KE4dq5biHDUeyzORjXsQsrTCFg2le5Tdnsgq4Xw&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gTLDRDS_Process-2BFramework&d=CwIBAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=PGInTFho90i6xU-IAeJaaEdBM2AxG-xTA5TlXr1eILM&s=MXb7KE4dq5biHDUeyzORjXsQsrTCFg2le5Tdnsgq4Xw&e=%20> >Process
Framework for a PDP on Next-Generation RDS, Page 9, Row 1 (hint: see
questions/subquestions mind map)
If you'd like to review and summarize any of these remaining docs,
please reply to this message.
Best, Lisa
________________________________
NOTICE: This communication may contain privileged or other confidential information. If you have received it in error, please advise the sender by reply email and immediately delete the message and any attachments without copying or disclosing the contents. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160411/735058de/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4701 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160411/735058de/image001-0001.jpg>
More information about the gnso-rds-pdp-purpose
mailing list