[gnso-rds-pdp-purpose] Purpose sub team
Kathy Kleiman
kathy at kathykleiman.com
Wed Mar 30 22:06:05 UTC 2016
Susan,
Let me understand what you are saying. Although we are designing a NEW
system (the "RDS") we are bound in our evaluation and outlook by
purposes created (reverse engineered really) for the OLD system? I am
not sure that makes sense.
I respectfully submit again: We are the very first PDP WG in the history
of ICANN to work together to rethink and redesign the Whois system --
the new "RDS." *Thus, it falls to /us /to ask and answer the question of
_what is th__e __purpose for whi__ch the registra__tion data is collection?_
*Drawing from principles on the European Commission's website,
specifically /"Obligation of data controllers," /for this evaluation, it
seems clear we need to understand /the //purpose /for which the data is
collected -- in 2016, not necessarily 2002, 2006 or 2012. Earlier
discussions may be instructive or persuasive, but this is a new
evaluation for a new system, right?
Accordingly, I would like to submit the following principles from the
website above to this subgroup and to the WG as a whole:
that our domain name registration data must be:
"collected for explicit and legitimate purposes and used accordingly" AND
"adequate, relevant and not excessive in relation to the purposes for
which it is collected and/or further processed.
There are of course other principles, but these are foundation ones
directly related to our current work finding what we need to evaluate
"purpose."
I look forward to discussing with all.
Source: /Obligations of data controllers,
/http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
Best,
Kathy
On 3/30/2016 12:30 PM, Susan Kawaguchi wrote:
> Thanks Kathy, our work in the sub team is to summarize the existing
> identified purposes for the whole WG to discuss and debate. Some of
> your email below will be useful in that full debate.
>
> Please identify any data you would like to include in the summary by
> pasting relevant sections and highlighting. That way staff and I can
> put it into the template document.
>
> Once this sub team has collected all the information that we determine
> is relevant then we will work on summarizing the data for the full WG.
> Susan Kawaguchi
> Domain Name Manager
> Facebook Legal Dept.
>
>
> From: <gnso-rds-pdp-purpose-bounces at icann.org
> <mailto:gnso-rds-pdp-purpose-bounces at icann.org>> on behalf of Kathy
> Kleiman via gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org
> <mailto:gnso-rds-pdp-purpose at icann.org>>
> Reply-To: Kathy Kleiman <kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com>>
> Date: Tuesday, March 29, 2016 at 8:44 PM
> To: "gnso-rds-pdp-purpose at icann.org
> <mailto:gnso-rds-pdp-purpose at icann.org>"
> <gnso-rds-pdp-purpose at icann.org <mailto:gnso-rds-pdp-purpose at icann.org>>
> Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team
>
> Hi Susan and All,
> I appreciate the goal of this sub-group - to delve into the "purpose"
> of the registration data being collected by the registrars when a gTLD
> domain name is registered. Unfortunately, few of the documents below
> shed much light on this question. The reason why is ICANN inherited
> the WHOIS/domain name registration system from the US Government and
> National Science Foundation. WHOIS was created in the 1980s when all
> of the information included (except the name of the person) was
> business information - a business address (e.g., at Harvard IT), a
> business phone, a business fax.
>
> We are the very first PDP WG in the history of ICANN to work together
> to rethink and redesign the Whois system -- the new "RDS." Thus it
> falls to *us *to answer the question of what is the primary purpose
> for which the registration data is collected, and what data we collect
> for this new system is *"adequate, relevant and not excessive in
> relation to the purposes for which it is collected and/or further
> processed."
> *http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
>
> That's the hard work for us ahead. I would suggest that the purpose
> of domain name registration data is to register a domain name
> technically and operationally within the global DNS.
>
> Further, I note that secondary uses of the data, no matter how
> valuable, cannot drive or change the primary purpose of the data
> collection. In one of the letters in our repository below, sent by
> Peter Schaar (then Data Protection commission of German and Chair of
> the Article 29 Working Party of Data Protection Commissioners created
> under the EU Privacy Directive) warned ICANN that consideration of
> purpose for this data is "an extremely delicate matter" and "can not
> be extended to other purposes just because they are considered
> useful by some potential users of the directories." 2006 -
> https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf
>
> In light of this warning,I submit that the sentence in the materials
> below is mislabeled: "/Purpose:
> //https://community.icann.org/x/YIxlAw/". When I access this link, it
> leads to the question “Who should have access to gTLD registration
> data and why?” (not "what is the primary purpose for which the data is
> collected.") This is a key confusion - and I would ask that it be
> re-labeled.
>
> But in the process, it raises the key question before us: /what is the
> primary purpose for which the registration data is collected //and
> used /versus /what are the secondary purposes to which the
> registration data might also be applied/? I am not saying we have to
> answer this question, but I am saying that Commissioner Schaar's
> letter as well as other letters and materials below indicate that
> there are key "purpose" questions, raise issues that lie at the heart
> of the work of this sub-group, and, if discussed, will allow us to
> provide important clarity and guidance to our larger WG.
>
> I note that there are people with far more experience than I have,
> with data protection laws generally and in drafting national data
> protection laws, in particular. I look forward to their guidance - and
> that of our subgroup overall.
>
> Best,
> Kathy
>
> On 3/28/2016 6:49 PM, Susan Kawaguchi via gnso-rds-pdp-purpose wrote:
>> Thanks all for beginning the work of digging into the resource
>> materials helping to summarize the data. ICANN staff has prepared a
>> template and reference document for our review of all the sources
>> that have identified purposes of registration data.
>>
>> Please take a look at the document.
>>
>> They have defined our first task below. We simply want to identify
>> sections of these documents that our subteam recommends all the WG
>> members read.
>>
>> *_Synopsis of Key Input Documents:
>> _*/[For each document identified by the small team as most helpful, a
>> single paragraph to help educate the full WG. For example,
>> highlighting sections that this small team recommends every WG member
>> read in order to better understand the Question and/or dependencies
>> with between Questions. While this is NOT intended to limit the WG’s
>> consideration of additional or future inputs, it should serve as an
>> indexed a starting point for all WG members to familiarize themselves
>> with each Question and its history.]/
>>
>>
>> In the attached template is a link to all the documents on the wiki
>> that may be relevant. (if there are others not on the wiki please
>> send to the group) It would be helpful to have each sub team member
>> pick one or two of the resources to identify the sections that
>> useful. After we have done that the next step will be to summarize
>> this information but I would like to focus on identification of the
>> resource material first.
>>
>> For ease of reference list of the resource documents below.
>>
>> *_Input Documents that the WG should at minimum consider when
>> addressing this Question:
>> _*/[Hyper-linked list of all key input documents for this Question,
>> noting which of these documents were considered most helpful by the
>> small team when creating the concise summary below. Small teams may
>> identify both existing and additional inputs. However, to minimize
>> duplication of effort, small teams should be sure to include the key
>> inputs already posted on the WG's wiki: /
>>
>> ·/Purpose: //https://community.icann.org/x/YIxlAw///
>>
>> ·/All:
>> //https://community.icann.org/pages/viewpage.action?pageId=56986688/
>>
>> /
>> A starter list is provided below from the WG’s wiki to be reviewed
>> and refined by this small team]/
>>
>> ·WHOIS Task Force Final Report
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.icann.org_en_gnso_whois-2Dtf_report-2D19feb03.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=UJCWyjf_Yj9h-mXfKQh407JGBn-HqOfn636Cw9YQM6w&e=>(2007)
>>
>> ·WHOIS Policy Review Team Final Report
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D11may12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=eQ5JfWGOQ-Z6O6SGReYiS_UZOAzOmzhLjNEMkLNgfLI&e=>
>> (2012)
>>
>> ·SAC055, WHOIS: Blind Men and an Elephant
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_sac-2D055-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=eTfuTPJhmBPZjmCEXHxsYUNZr7X1zelC_b96HcJCyew&e=> (September
>> 2012)
>>
>> ·GAC Communiqués
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gacweb.icann.org_display_GACADV_WHOIS&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=DoW-zpdoAowBLMPKQWpTRd4nZYYZ-fRYaRmQN9bEHWg&e=>
>> regarding WHOIS (2007-2015), especially
>>
>> -GAC Principles Regarding gTLD WHOIS Services
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__whois.icann.org_en_link_gac-2Dprinciples-2Dregarding-2Dgtld-2Dwhois-2Dservices&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=aC_LrNHKioGSOJxMXBDrDd7C-DucXN-5h2-h9_ebgdM&e=>
>> (2007)
>>
>> ·/[Note: All Article 29 inputs identified thus far are listed below,
>> but *this team may wish to focus on purpose aspects* since data
>> protection inputs will be summarized by privacy team.]/
>>
>> ·Article 29 WP statement on the data protection impact of the ICANN
>> RAA (2013-2014)
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_namazi-2Dto-2Dkohnstamm-2D25mar14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=5RRxN0-RdEUiFt3XqtVY5TzXTcL4y-sakmtBEWGihmU&e=>https://www.icann.org/en/system/files/correspondence/namazi-to-kohnstamm-25mar14-en.pdf
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Djeffrey-2D08jan14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=H18mSAohmQbQPmCWpikaNyLvVCAMr2EfAvy5MA6qQJE&e=>https://www.icann.org/en/system/files/correspondence/kohnstamm-to-jeffrey-08jan14-en.pdf
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_jeffrey-2Dto-2Dkohnstamm-2D20sep13-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=G356IMFyx_Rn1-5K8z8NjujBfxPTJ2EEdAquWhKQefU&e=>https://www.icann.org/en/system/files/correspondence/jeffrey-to-kohnstamm-20sep13--
>> en.pdf
>> https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-chehade-06jun13-en.pdf
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Dchehade-2D06jun13-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=bcijkw8yRr1e01E0-ormlwD724Es_fkLWgGtVPlHYjQ&e=>
>>
>> ·Article 29 WP comments on the data protection impact of the revision
>> of the ICANN RAA concerning accuracy and data retention of WHOIS (2012)
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Datallah-2D26sep12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=8CndAF0t6FVqxNraLxjISDAlc8Dv_rcAgEMd0ZhspDA&e=>https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf
>> -
>> https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_news_correspondence_chehade-2Dto-2Dkohnstamm-2D09oct12-2Den&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=6tjOrd4mABV9A5_-HrvnHlz0QmOxMieF3MvYlp8y1uc&e=>
>>
>> ·Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts with
>> Privacy Law (2007)
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_correspondence_cerf-2Dto-2Dschaar-2D24oct07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=9cX2v3zHwdN5ExylckE7ocnTc0WvVMKUoXrYJghNN1s&e=>http://gnso.icann.org/en/correspondence/cerf-to-schaar-24oct07.pdf
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_cerf-2Dto-2Dschaar-2D15mar07-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=qwfbbjP1HtPN7fozQz170fyDS2BMcsZ9gtbgq7olm3M&e=>https://www.icann.org/en/system/files/files/cerf-to-schaar-15mar07-en.pdf
>> - https://www.icann.org/en/correspondence/schaar-to-cerf-12mar07.pdf
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_schaar-2Dto-2Dcerf-2D12mar07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=WlZq4i6cH7wQwxH7a55uiLWhrPQk-Fp6zpwn2mVuqnU&e=>
>>
>> ·Article 29 WP on ICANN’s WHOIS Database Policy (2006)
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=0R4CugyJ25EC8jg23u6f83R-SzcWVUrRuyVhGhPLAeQ&e=>https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_lawson-2Dto-2Dcerf-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=ByhD5fgI-NZozcC_aUmxuJDuiLZ3pQO_CpVev9Dg3kk&e=>https://www.icann.org/en/correspondence/lawson-to-cerf-22jun06.pdf
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_parisse-2Dto-2Dicann-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=Eg5vQ0-fjdyvM70TMY7vCaELvs_gYDm2DvW14IpaRbY&e=>https://www.icann.org/en/correspondence/parisse-to-icann-22jun06.pdf
>> -
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_fingleton-2Dto-2Dcerf-2D20jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kv4LGfw3lG9R7egJM7Mk6PuKfDLEeDFGuCy5-CIr2fQ&e=>https://www.icann.org/en/system/files/files/fingleton-to-cerf-20jun06-en.pdf
>>
>> ·Article 29 WP Opinion on the application of the data protection
>> principles to WHOIS directories
>> Article 29 WP 76 Opinion 2/2003
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_policies_privacy_docs_wpdocs_2003_wp76-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=F1r1QhCy3vX83VjPu0hK_sioGdkBX_5kYphDXpA7l0Q&e=>
>>
>>
>> ·Additional Article 29 WP documents that may be of interest to this
>> PDP WG
>>
>> - Article 29 WP 5 Recommendation 2/97
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_1997_wp5-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=exXWLPNeD0JJDBS3po5Eqp2wiiDkDfO2IPMoQZwon1E&e=>
>>
>> - Article 29 WP 33 Opinion 5/2000
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2000_wp33-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=WcRHBEEerx9M9q_QYYItLTRW3JhXBlHQ8H5sSJiQpvs&e=>
>>
>> - Article 29 WP 41
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2001_wp41-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=02SfVeH8RqQY24RaZY7B8XpuAFHUFPLoj3QI8_XaKGs&e=>Opinion
>> 4/2001
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2001_wp41-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=02SfVeH8RqQY24RaZY7B8XpuAFHUFPLoj3QI8_XaKGs&e=>
>>
>> - Article 29 WP 56 Working Document 5/2002
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2002_wp56-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=X9Bw10En2LV0oPDAhdxCPL6I7d1gEbSX6hxErm1Esto&e=>
>>
>> - Article 29 WP 217 Opinion 4/2014
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2014_wp217-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=YfVNcHS7vB5dNzSX9RM2FPKssGJMmRnv4Jd55L3yqSI&e=>
>>
>> ·Council of Europe Declaration
>>
>> -Declaration of the Committee of Ministers on ICANN, human rights and
>> the rule of law
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__wcd.coe.int_ViewDoc.jsp-3FRef-3DDecl-252803.06.2015-25292&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=bx0o1CZBlk2neLLBrx14hplKaQkSEAoQeWkWG5EFIyA&e=>
>> (3 June 2015)
>>
>> ·EDPS Correspondence regarding Registration Data
>>
>> -Opinion of the European Data Protection Supervisor: Europe's role in
>> shaping the future of Internet Governance
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__secure.edps.europa.eu_EDPSWEB_webdav_site_mySite_shared_Documents_Consultation_Opinions_2014_14-2D06-2D23-5FInternet-5FGovernance-5FEN.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=AUPuK_NYOQqZHqOoYEH2SQFbYSYY8Rea1c5dP-f2KaA&e=>(23
>> June 2014)
>>
>> -ICANN's public consultation on 2013 RAA Data Retention Specification
>> Data Elements and - Legitimate Purposes for Collection and Retention
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__secure.edps.europa.eu_EDPSWEB_webdav_site_mySite_shared_Documents_Consultation_Comments_2014_14-2D04-2D17-5FEDPS-5Fletter-5Fto-5FICANN-5FEN.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=c4mOTCJa_IWm1vL653Z92s249bvTJxJelBLzWP5EVVI&e=>(17
>> April 2014)
>>
>> ·International Working Group on Data Protection in Telecommunications
>> and Media Documents
>>
>> -Common Position relating to Reverse Directories
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_176_rever-5Fen.pdf-3F1201099194&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=djnlHZumj-preTvWxgvUS9ugoRuoHNh5b87d7yksy9w&e=>
>> (Hong Kong, 15.04.1998)
>>
>> -Common Position on Privacy and Data Protection aspects of the
>> Registration of Domain Names on the Internet
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_222_dns-5Fen.pdf-3F1200656953&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=zVDHrz3aQSp2cMnwZKTwDD3UbiABV6J-ukke3MnFmiU&e=>
>> (Crete, 4./5.05.2000)
>>
>> -Common Position on Privacy and Data Protection aspects of the
>> Publication of Personal Data contained in publicly available
>> documents on the Internet
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_220_pd-5Fen.pdf-3F1201099774&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=45Izx42o0mTuSd6Nt88stuPPJhemyRfg2NgD-1nD-gc&e=>
>> (Crete, 4./5.05.2000)
>>
>> -Common Position on Incorporation of telecommunications-specific
>> principles in multilateral privacy agreements: Ten Commandments to
>> protect Privacy in the Internet World
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_216_tc-5Fen.pdf-3F1200658742&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=roY0SNiodoQNgvjU1SwZz-FTVERYApYCThgQ5AENiBY&e=>
>> (Berlin, 13/14.09.2000)
>>
>> -Common Position on data protection aspects in the Draft Convention
>> on cyber-crime of the Council of Europe
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_218_cy-5Fen.pdf-3F1200656876&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=KfVfRAw3W5H3LF4dXL7mtXnB-9Luy_G_NAtdArNp4gU&e=>
>> (Berlin, 13/14.09.2000)
>>
>> ·EWG Recommendations for a Next-Generation RDS
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D06jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=081_TAJEBYybphQqfoPE6BaY0syYr8TX8mOaCvBUlKI&e=>,
>> especially
>>
>> -Section 3, Users and Purposes
>>
>> -Annex C, Example Use Cases
>>
>> -Annex A, Board Questions
>>
>> ·EWG Tutorial
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__london50.icann.org_en_schedule_mon-2Dewg-2Dfinal-2Doverview_presentation-2Dewg-2Dfinal-2Doverview-2D23jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=G5q1dQLGpxVVN_zNOjYsut-v5Cq65X1C1SDW-tf_hmw&e=>Pages
>> 17-20, 37-41and EWG FAQs
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_EWG_EWG-2BFAQs&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=mbe7PZ4gDoicRWqaH8rXPIo4GZ921Hai6KaJx4uCu8Q&e=>
>> 9-12, 67
>>
>> *·*Video FAQ “Is my purpose supported by the RDS?
>> <https://www.youtube.com/watch?v=YzPkxNNfDY4&list=UUl7rV9qJaQEx3GKhtSLx4QA>*”***
>>
>> ·Statements/Blogs by Perrin
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_perrin-2Dstatement-2D24jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kUujOSmulQ5qahX6mQLU7OsJLPAwaaVQHZZ6bY9-Z6M&e=>
>> andSamuels
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.circleid.com_posts_20141011-5Fbuilding-5Fa-5Fbetter-5Fwhois-5Ffor-5Fthe-5Findividual-5Fregistrant_&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=jWs3wR8mHFYW-I49h1MP5t9VJAzx-bMyUXS87I6QZpU&e=>
>>
>> ·Process Framework
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gTLDRDS_Process-2BFramework&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=En6TdFMyuxd7pFs-ZGYPVZWOFhutKC_KObgzky4JtAA&e=>
>> for a PDP on Next-Generation RDS, especially Page 9, Row 1
>>
>>
>> Please let me know which documents you each of you have chosen to
>> review.
>>
>> Thank you all for volunteering.
>> Susan Kawaguchi
>> Domain Name Manager
>> Facebook Legal Dept.
>>
>>
>> From: <gnso-rds-pdp-purpose-bounces at icann.org> on behalf of Kiran
>> Malancharuvil via gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org>
>> Reply-To: Kiran Malancharuvil <Kiran.Malancharuvil at markmonitor.com
>> <mailto:Kiran.Malancharuvil at markmonitor.com>>
>> Date: Monday, March 28, 2016 at 11:57 AM
>> To: "gnso-rds-pdp-purpose at icann.org" <gnso-rds-pdp-purpose at icann.org
>> <mailto:gnso-rds-pdp-purpose at icann.org>>
>> Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team
>>
>> If we are going to table a recent ICANN expert group report on
>> Registration Directory Services, why don’t we start with the Expert
>> Working Group on Registration Directory Services rather than SSAC?
>> It’s much more recent and was subjected to several public comment
>> periods.
>>
>> Thanks,
>>
>> Kiran
>>
>> *From:*gnso-rds-pdp-purpose-bounces at icann.org
>> <mailto:gnso-rds-pdp-purpose-bounces at icann.org>
>> [mailto:gnso-rds-pdp-purpose-bounces at icann.org] *On Behalf Of *Greg
>> Shatan via gnso-rds-pdp-purpose
>> *Sent:* Monday, March 28, 2016 11:53 AM
>> *To:* Ayden Fabien Férdeline
>> *Cc:* Gnso-rds-pdp-purpose at icann.org
>> <mailto:Gnso-rds-pdp-purpose at icann.org>
>> *Subject:* Re: [gnso-rds-pdp-purpose] Purpose sub team
>>
>> Edited below.
>>
>> Greg
>>
>>
>> On Mon, Mar 28, 2016 at 12:46 PM, Ayden Fabien Férdeline
>> <gnso-rds-pdp-purpose at icann.org> wrote:
>>
>> Hello all,
>>
>>
>> Thank you to Susan for setting out the approach we will take in our
>> sub-team. I will begin this exercise by tabling “WHOIS: Blind Men and
>> an Elephant
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__links5.mixmaxusercontent.com_aMjjKHWxnLSD3SEwj_l_JHXwtM1x9354tdJND-3Frn-3DIyZy9mLu5WYjlGQlN3bwJXdw1CckBXLzRmct82cudkI-26re-3DIyZy9mLu5WYjlGQlN3bwJXdw1CckBXLzRmct82cudkI&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=yIpnt7pEScNoV0T60C9yTIJ9Ga0fXAwdStrsm2mmtgk&e=>”,
>> a report from the Security and Stability Advisory Committee (SSAC) in
>> September 2012.
>>
>>
>> The gist of their report is that there are four current uses of the
>> WHOIS service, two of which the SSAC says are legitimate (law
>> enforcement access to data; security practitioner access to data),
>> and two where it is silent on the question of legitimacy (public
>> access to data; intellectual property owner access to data). I have
>> bullet pointed below the main arguments they raise in relation to the
>> purpose of collecting and maintaining this data:
>>
>> * *_Terminology:_*
>> * SSAC disagrees with the term “WHOIS” - prefers three specific
>> terms be used: domain name “registration data,” “access
>> protocol,” and “directory services”.
>> * *_Data Elements:_*
>> * The appearance of email addresses guarantees that spam will be
>> delivered to those email addresses.
>> * *_Purpose:_*
>> * WHOIS was created to provide a means to make contact information
>> available for what was then a very small (and essentially
>> homogeneous in terms of user community) Internet compared to what
>> exists today.
>> * Today there are four main uses of WHOIS:
>> o Public access to details about a domain name registration.
>> + SSAC
>>
>> notes that "It is a widely held belief that the public Internet
>> should have access to domain name registration data."
>>
>>
>> o Law enforcement access to details about a domain name
>> registration.
>> + SSAC says this is a legitimate use case.
>> o Intellectual property owner access to details about a domain
>> name registration.
>> + SSAC
>>
>> notes that "It is a widely held belief that intellectual property
>> owners should have access to domain name registration data."
>>
>>
>> .
>>
>> o Security practitioner access to details about a domain name
>> registration.
>> + SSAC says this is a legitimate use case.
>> * SSAC would like to see research into why users purchase
>> privacy-proxy services. It has heard that some people do so to
>> hide from law enforcement, but would like to see more
>> research/evidence to validate this point. Privacy-proxy services
>> should not hinder the ability to trace the identity of a domain
>> name registrant.
>> * *_Access Levels:_*
>> * SSAC says we need to distinguish between what information is
>> collected and what information is published in an open database.
>> Does not comment any further.
>> * *_Universality:_*
>> * Whatever policy is adopted it should be applied universally
>> across all gTLDs.
>> * *_Accuracy:_*
>> * Whatever data is collected must be accurate and there must be
>> enforcement and compliance mechanisms in place to support this.
>>
>> I hope this summary is useful. Please let me know if you would prefer
>> that I summarise reports in a different way as we move forward with
>> the review of past literature.
>>
>> Best wishes,
>>
>>
>> Ayden Férdeline
>>
>> On Fri, Mar 25, 2016 at 11:28 PM, Susan Kawaguchi via
>> gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org> wrote:
>>
>> Hello All,
>>
>> Thank you for volunteering for the Purpose sub team.
>>
>> This is a list of all that have volunteered - Carlton Samuels,
>> Fabricio Vayra, Susan Prosser, Beth Allegretti, Jim Galvin, Kiran
>> Malancharuvil, Lori Schulman, Vlad Dinculescu, Richard Leaning, Amr
>> Elsadr, Donna Austin, Stephanie Perrin, Tjabbe Bos, Sana Ali, Ayden
>> Ferdeline, Greg Aaron, Jody Kolker, Adrian Cheek, Kathy Kleiman,
>> Chuck Gomes, Maryan Rizinski, Nathalie Coupet, Roger Carney
>>
>> I look forward to working with you all over the next couple of weeks
>> to collect, consolidate, concisely summarize, and then present inputs
>> and information about the purpose of registration data.
>>
>> This is a link to the RDS PDP WG document that describes the approach
>> the WG agreed upon
>> https://community.icann.org/download/attachments/58730879/RDS-PDP-Proposed-Summary-Approach.pdf
>>
>>
>> Would any one like to volunteer to start collecting information on
>> purpose of registration data? I am sure that the RDS PDP WG wiki has
>> resources to start this collection and then we should think of what
>> else should be included. Once we have started collecting the
>> information I think a sub team conference call to discuss what we are
>> collecting would be helpful.
>>
>> Any other ideas on how to approach our work?
>>
>> Looking forward to the discussion.
>>
>> Susan Kawaguchi
>>
>> Domain Name Manager
>>
>> Facebook Legal Dept.
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-purpose mailing list
>> gnso-rds-pdp-purpose at icann.org <mailto:gnso-rds-pdp-purpose at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=E5d7OSngK_MJQ_XYYyZ__P5oY7YGk_RxVxKurwEV69I&e=>
>>
>> Ayden Férdeline
>>
>> +44.77.8018.7421 <tel:%2B44.77.8018.7421>
>>
>> Image removed by sender.
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-purpose mailing list
>> gnso-rds-pdp-purpose at icann.org <mailto:gnso-rds-pdp-purpose at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=E5d7OSngK_MJQ_XYYyZ__P5oY7YGk_RxVxKurwEV69I&e=>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-purpose mailing list
>> gnso-rds-pdp-purpose at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160330/aa1cfbc3/attachment-0001.html>
More information about the gnso-rds-pdp-purpose
mailing list