[gnso-rds-pdp-purpose] Purpose sub team

Susan Kawaguchi susank at fb.com
Thu Mar 31 16:53:20 UTC 2016 

Thank you Susan!  This is exactly what we are looking for in gathering reference information.  I will make sure it is included in our document to summarize.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


From: "Prosser, Susan" <susan at domaintools.com<mailto:susan at domaintools.com>>
Date: Wednesday, March 30, 2016 at 10:48 PM
To: Susan kawaguchi <susank at fb.com<mailto:susank at fb.com>>, "gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>" <gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>>
Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team

Hello Susan,
I opted to review the EWG Final report as it seemed most relevant to our discussion.  I kept to the strict perspective of purpose only, not delving into access, justification, methodology, etc as that will be discussed in the group.  If this needs expansion, please let me know.

EWG Recommendations for a Next-Generation RDS<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D06jun14-2Den.pdf&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=asOgaNDWLE5wlJcCMNuaDVtTTPa9sLyIEdEORbCj7ko&s=ayzWaiHB0Yd4HBGPNd5ltKYA-wa1aS2bAQI_rl_5h-Y&e=>, especially

- Section 3, Users and Purposes
“Although the EWG did not attempt to identify all possible use cases, it endeavoured to explore a representative sample in hopes of rigorously identifying kinds of users and their purposes in wanting access to gTLD registration data. However, the RDS must be designed with the ability to accommodate new users and permissible purposes that are likely to emerge over time.” (Page 26)

The EWG’s did  summarize "permissible" purposes the EWG identified at the time.  The purposes identified are listed below. For brevity of email, I did not include the full definitions.  They can be found in Section III, Table 2 Purpose Definitions, Pages 26-27.

Purpose:
Domain Name Control
Personal Data Protection
Technical Issue Resolution
Domain Name Certification
Individual Internet Use
Business Domain Name Purchase or Sale
Academic / Public Interest DNS Research
Legal Actions
Regulatory and Contractual Enforcement
Criminal Investigation & DNS Abuse Mitigation
DNS Transparency

It should be noted the EWG identified an additional purpose, Malicious Internet Activities, which it did not further include in the "permissible" purposes.

- Annex C, Example Use Cases

Using the same permissible purpose listing provided in Section III, Annex C included examples of specific uses for clarity.  For example Domain Name Control is required in registration and transfer, among other purposes OR Regulatory and Contractual Enforcement for UDRP proceeding and Tax investigations.  The full list of example use cases along with a specific example of Technical Issue Resolution purpose is available on Pages 126-128.

- Annex A, Board Questions

Annex A, Board Questions, Pages 123-124
“The Board resolution that directed the EWG’s work included a series of specific questions to be answered as it conducted its analysis. This Annex references the sections of this Report that address the Board’s concerns.”

The initial question presented to EWG was by the Board was:
EWG to redefine the purpose of:
• collecting,
• maintaining, and
• providing access to gTLD registration data, and
• consider safeguards for protecting data

This was addressed in Section III, Users & Purposes and Section VI, Improving Accountability (presented above in email)

In addition, Section III addressed the following Board Questions that were around use and purpose of data.  I included them as a reference point to raise awareness of Board concerns in clarifying various use cases and purposes:

  *   Why are data collected?
  *   Who needs the data and why?
  *   Law enforcement access to details about a domain name registration?
  *   Intellectual property owner access to details about a domain name registration?
  *   Security practitioner access to details about a domain name registration?
  *   What value does the public realize with access to registration data?
  *   What comprises a legitimate law enforcement need?
  *   What registration data and to what level of accuracy comprises valuable information to a law enforcement agent that is looking for the real identity of the responsible party?
  *   Is the desired domain name registration data access consistent with access that intellectual property owners have to similar types of data in other industries?
  *   Of all the registration data available, what does an intellectual property owner need access to?
A separate question:  What purpose will the data serve?  Was addressed in ANNEX D: PURPOSES AND DATA NEEDS, Pages 129-132
Annex D defined the registration data element and mapped it to Purposes defined by EWG in Section III, Table 2 with Section VI(a) Data Elements.  This reference is useful for specific currently defined registration data elements purposes.

Please let me know if you need clarity on my review.
-Susan


  *


~~~~
Susan Prosser
VP, Client Services
DomainTools, LLC

T: (206) 838-9060
E: susan at domaintools.com<mailto:susan at domaintools.com>
PGP:  A2C4D2A4

On Wed, Mar 30, 2016 at 3:27 PM, Susan Kawaguchi via gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>> wrote:
Hi Kathy,

Absolutely NOT saying that we are bound to purposes created for the OLD system as a full working group.  I am saying that Chuck has asked us as a sub team to look at the purposes identified in all the resources on the wiki and summarize what the FULL working group should look at and review.  His direction was in hopes that we can help the full working group to come up to speed with the history and as you have said it is “instructive".  If you have new ideas or other sources previously unidentified  we can note those and add those to the summary but we cannot debate these issues as a sub team.  We need to reserve that discussion for the full working group.


I will add the following to list to summarize.
Accordingly, I would like to submit the following principles from the website above to this subgroup and to the WG as a whole:
that our domain name registration data must be:
"collected for explicit and legitimate purposes and used accordingly" AND
"adequate, relevant and not excessive in relation to the purposes for which it is collected and/or further processed.
There are of course other principles, but these are foundation ones directly related to our current work finding what we need to evaluate "purpose.”
Source: Obligations of data controllers, <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=m13S24LECLXPtj_swjcYuaRrfN0Ivm7n-iesQzQTd7k&e=> http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=pJC9zAyofGwRYg6TVhm52nY-WzvsNAkMUrOgYeimNtE&e=>
Best,
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


From: Kathy Kleiman <kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>>
Date: Wednesday, March 30, 2016 at 3:06 PM
To: Susan kawaguchi <susank at fb.com<mailto:susank at fb.com>>, "gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>" <gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>>
Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team

Susan,
Let me understand what you are saying. Although we are designing a NEW system (the "RDS") we are bound in our evaluation and outlook by purposes created (reverse engineered really) for the OLD system?  I am not sure that makes sense.

I respectfully submit again: We are the very first PDP WG in the history of ICANN to work together to rethink and redesign the Whois system -- the new "RDS." Thus, it falls to us to ask and answer the question of what is the purpose for which the registration data is collection?

Drawing from principles on the European Commission's website, specifically "Obligation of data controllers," for this evaluation, it seems clear we need to understand the purpose for which the data is collected -- in 2016, not necessarily 2002, 2006 or 2012. Earlier discussions may be instructive or persuasive, but this is a new evaluation for a new system, right?

Accordingly, I would like to submit the following principles from the website above to this subgroup and to the WG as a whole:
that our domain name registration data must be:
"collected for explicit and legitimate purposes and used accordingly" AND
"adequate, relevant and not excessive in relation to the purposes for which it is collected and/or further processed.
There are of course other principles, but these are foundation ones directly related to our current work finding what we need to evaluate "purpose."

I look forward to discussing with all.
Source: Obligations of data controllers, <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=m13S24LECLXPtj_swjcYuaRrfN0Ivm7n-iesQzQTd7k&e=> http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=pJC9zAyofGwRYg6TVhm52nY-WzvsNAkMUrOgYeimNtE&e=>

Best,
Kathy


On 3/30/2016 12:30 PM, Susan Kawaguchi wrote:
Thanks Kathy,  our work in the sub team is to summarize the existing identified purposes for the whole WG to discuss and debate.  Some of your email below will be useful in that full debate.

Please identify any data you would like to include in the summary by pasting relevant sections and highlighting.  That way staff and I can put it into the template document.

Once this sub team has collected all the information that we determine is relevant then we will work on summarizing the data for the full WG.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


From: <<mailto:gnso-rds-pdp-purpose-bounces at icann.org>gnso-rds-pdp-purpose-bounces at icann.org<mailto:gnso-rds-pdp-purpose-bounces at icann.org>> on behalf of Kathy Kleiman via gnso-rds-pdp-purpose <<mailto:gnso-rds-pdp-purpose at icann.org>gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>>
Reply-To: Kathy Kleiman <kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>>
Date: Tuesday, March 29, 2016 at 8:44 PM
To: "<mailto:gnso-rds-pdp-purpose at icann.org>gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>" <gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>>
Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team

Hi Susan and All,
I appreciate the goal of this sub-group - to delve into the "purpose" of the registration data being collected by the registrars when a gTLD domain name is registered. Unfortunately, few of the documents below shed much light on this question. The reason why is ICANN inherited the WHOIS/domain name registration system from the US Government and National Science Foundation. WHOIS was created in the 1980s when all of the information included (except the name of the person) was business information - a business address (e.g., at Harvard IT), a business phone, a business fax.

We are the very first PDP WG in the history of ICANN to work together to rethink and redesign the Whois system -- the new "RDS." Thus it falls to us to answer the question of what is the primary purpose for which the registration data is collected, and what data we collect for this new system is "adequate, relevant and not excessive in relation to the purposes for which it is collected and/or further processed." http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_data-2Dcollection_obligations_index-5Fen.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=m13S24LECLXPtj_swjcYuaRrfN0Ivm7n-iesQzQTd7k&e=>

That's the hard work for us ahead.  I would suggest that the purpose of domain name registration data is to register a domain name technically and operationally within the global DNS.

Further, I note that secondary uses of the data, no matter how valuable, cannot drive or change the primary purpose of the data collection. In one of the letters in our repository below, sent by Peter Schaar (then Data Protection commission of German and Chair of the Article 29 Working Party of Data Protection Commissioners created under the EU Privacy Directive) warned ICANN that consideration of purpose for this data is "an extremely delicate matter" and "can not  be  extended  to  other  purposes  just because they are considered useful by some potential users of the directories."  2006 - https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=0R4CugyJ25EC8jg23u6f83R-SzcWVUrRuyVhGhPLAeQ&e=>

In light of this warning,I submit that the sentence in the materials below is mislabeled: "Purpose: https://community.icann.org/x/YIxlAw<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_YIxlAw&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=4ulwlJb7ZYRvUQUY6A9v6rncMkmX6lLaN77w9-8MaNU&e=>". When I access this link, it leads to the question “Who should have access to gTLD registration data and why?” (not "what is the primary purpose for which the data is collected.") This is a key confusion - and  I would ask that it be re-labeled.

But in the process, it raises the key question before us: what is the primary purpose for which the registration data is collected and used versus what are the secondary purposes to which the registration data might also be applied?  I am not saying we have to answer this question, but I am saying that Commissioner Schaar's letter as well as other letters and materials below indicate that there are key "purpose" questions, raise issues that lie at the heart of the work of this sub-group, and, if discussed, will allow us to provide important clarity and guidance to our larger WG.

I note that there are people with far more experience than I have, with data protection laws generally and in drafting national data protection laws, in particular. I look forward to their guidance - and that of our subgroup overall.

Best,
Kathy

On 3/28/2016 6:49 PM, Susan Kawaguchi via gnso-rds-pdp-purpose wrote:
Thanks all for beginning the work of digging into the resource materials helping to summarize the data.   ICANN staff has prepared a template and reference document for our review of all the sources that have identified purposes of registration data.

Please take a look at the document.

They have defined our first task below.  We simply want to identify sections of these documents that our subteam recommends all the WG members read.

Synopsis of Key Input Documents:
[For each document identified by the small team as most helpful, a single paragraph to help educate the full WG. For example, highlighting sections that this small team recommends every WG member read in order to better understand the Question and/or dependencies with between Questions. While this is NOT intended to limit the WG’s consideration of additional or future inputs, it should serve as an indexed a starting point for all WG members to familiarize themselves with each Question and its history.]

In the attached template is a link to all the documents on the wiki that may be relevant.  (if there are others not on the wiki please send to the group)   It would be helpful to have each sub team member pick one or two of the resources to identify the sections that useful.  After we have done that the next step will be to summarize this information but I would like to focus on identification of the resource material first.

For ease of reference list of the resource documents below.

Input Documents that the WG should at minimum consider when addressing this Question:
[Hyper-linked list of all key input documents for this Question, noting which of these documents were considered most helpful by the small team when creating the concise summary below. Small teams may identify both existing and additional inputs. However, to minimize duplication of effort, small teams should be sure to include the key inputs already posted on the WG's wiki:

·       Purpose: <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_YIxlAw&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=4ulwlJb7ZYRvUQUY6A9v6rncMkmX6lLaN77w9-8MaNU&e=> https://community.icann.org/x/YIxlAw<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_YIxlAw&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=lmxaHDV04ZIQXkRcbCy4aDZxNn4OYCTA1sBQ6fVET0E&e=>

·       All: <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_pages_viewpage.action-3FpageId-3D56986688&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=mj7I2ex8lomam8IRoF4KsKfrYBsO7MSLUjStS1iXX5A&e=> https://community.icann.org/pages/viewpage.action?pageId=56986688<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_pages_viewpage.action-3FpageId-3D56986688&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=JlOCe__cfGH4QyebCuwGw1mj7ByVN_7nmkVeGzM43-Q&e=>

A starter list is provided below from the WG’s wiki to be reviewed and refined by this small team]



·       WHOIS Task Force Final Report<https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.icann.org_en_gnso_whois-2Dtf_report-2D19feb03.htm&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=UJCWyjf_Yj9h-mXfKQh407JGBn-HqOfn636Cw9YQM6w&e=> (2007)

·       WHOIS Policy Review Team Final Report<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D11may12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=eQ5JfWGOQ-Z6O6SGReYiS_UZOAzOmzhLjNEMkLNgfLI&e=> (2012)

·       SAC055, WHOIS: Blind Men and an Elephant<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_sac-2D055-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=eTfuTPJhmBPZjmCEXHxsYUNZr7X1zelC_b96HcJCyew&e=> (September 2012)

·       GAC Communiqués<https://urldefense.proofpoint.com/v2/url?u=https-3A__gacweb.icann.org_display_GACADV_WHOIS&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=DoW-zpdoAowBLMPKQWpTRd4nZYYZ-fRYaRmQN9bEHWg&e=> regarding WHOIS (2007-2015), especially
-        GAC Principles Regarding gTLD WHOIS Services<https://urldefense.proofpoint.com/v2/url?u=http-3A__whois.icann.org_en_link_gac-2Dprinciples-2Dregarding-2Dgtld-2Dwhois-2Dservices&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=aC_LrNHKioGSOJxMXBDrDd7C-DucXN-5h2-h9_ebgdM&e=> (2007)

·       [Note: All Article 29 inputs identified thus far are listed below, but this team may wish to focus on purpose aspects since data protection inputs will be summarized by privacy team.]

·       Article 29 WP statement on the data protection impact of the ICANN RAA (2013-2014)
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_namazi-2Dto-2Dkohnstamm-2D25mar14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=5RRxN0-RdEUiFt3XqtVY5TzXTcL4y-sakmtBEWGihmU&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_namazi-2Dto-2Dkohnstamm-2D25mar14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=5RRxN0-RdEUiFt3XqtVY5TzXTcL4y-sakmtBEWGihmU&e=> https://www.icann.org/en/system/files/correspondence/namazi-to-kohnstamm-25mar14-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_namazi-2Dto-2Dkohnstamm-2D25mar14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=kSl-Q_4MhNsTkh_-C_t_NSivlbqx5_7XxEEST5JTyho&e=>
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Djeffrey-2D08jan14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=H18mSAohmQbQPmCWpikaNyLvVCAMr2EfAvy5MA6qQJE&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Djeffrey-2D08jan14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=H18mSAohmQbQPmCWpikaNyLvVCAMr2EfAvy5MA6qQJE&e=> https://www.icann.org/en/system/files/correspondence/kohnstamm-to-jeffrey-08jan14-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Djeffrey-2D08jan14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=kBO7q4lISrzwz9uIhjmx-bf0Q-VHMBXux6BnJHEiBcs&e=>
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_jeffrey-2Dto-2Dkohnstamm-2D20sep13-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=G356IMFyx_Rn1-5K8z8NjujBfxPTJ2EEdAquWhKQefU&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_jeffrey-2Dto-2Dkohnstamm-2D20sep13&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=8wsE_gKCCxnQv1EyPLooOZYr3Kn_Ax9p54aIqV-jJgQ&e=> https://www.icann.org/en/system/files/correspondence/jeffrey-to-kohnstamm-20sep13<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_jeffrey-2Dto-2Dkohnstamm-2D20sep13&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=Mw7pIliHdAOYV8ZMpRPCixRBGEXuLeqnHzD6e1JSbus&e=>-- en.pdf
https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-chehade-06jun13-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Dchehade-2D06jun13-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=bcijkw8yRr1e01E0-ormlwD724Es_fkLWgGtVPlHYjQ&e=>

·       Article 29 WP comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS (2012)
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Datallah-2D26sep12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=8CndAF0t6FVqxNraLxjISDAlc8Dv_rcAgEMd0ZhspDA&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Datallah-2D26sep12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=8CndAF0t6FVqxNraLxjISDAlc8Dv_rcAgEMd0ZhspDA&e=> https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_kohnstamm-2Dto-2Dcrocker-2Datallah-2D26sep12-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=nAxWZCHz7_a7_C7rEuaLYm3eoElY7c7aZjTfdD1vC8Y&e=>
- https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_news_correspondence_chehade-2Dto-2Dkohnstamm-2D09oct12-2Den&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=6tjOrd4mABV9A5_-HrvnHlz0QmOxMieF3MvYlp8y1uc&e=>

·       Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts with Privacy Law (2007)
- <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_correspondence_cerf-2Dto-2Dschaar-2D24oct07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=9cX2v3zHwdN5ExylckE7ocnTc0WvVMKUoXrYJghNN1s&e=> <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_correspondence_cerf-2Dto-2Dschaar-2D24oct07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=9cX2v3zHwdN5ExylckE7ocnTc0WvVMKUoXrYJghNN1s&e=> http://gnso.icann.org/en/correspondence/cerf-to-schaar-24oct07.pdf<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_correspondence_cerf-2Dto-2Dschaar-2D24oct07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=lQ9Rc5pOvF0W8zu4asgCdWxMA5Ej5j0PmX3F7RlQTig&e=>
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_cerf-2Dto-2Dschaar-2D15mar07-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=qwfbbjP1HtPN7fozQz170fyDS2BMcsZ9gtbgq7olm3M&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_cerf-2Dto-2Dschaar-2D15mar07-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=qwfbbjP1HtPN7fozQz170fyDS2BMcsZ9gtbgq7olm3M&e=> https://www.icann.org/en/system/files/files/cerf-to-schaar-15mar07-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_cerf-2Dto-2Dschaar-2D15mar07-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=kRDU9sbdBIB8vXZvahu8Czpj7OAc1mFXX68UAVRJf7k&e=>
- https://www.icann.org/en/correspondence/schaar-to-cerf-12mar07.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_schaar-2Dto-2Dcerf-2D12mar07.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=WlZq4i6cH7wQwxH7a55uiLWhrPQk-Fp6zpwn2mVuqnU&e=>

·       Article 29 WP on ICANN’s WHOIS Database Policy (2006)
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=0R4CugyJ25EC8jg23u6f83R-SzcWVUrRuyVhGhPLAeQ&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=0R4CugyJ25EC8jg23u6f83R-SzcWVUrRuyVhGhPLAeQ&e=> https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_schaar-2Dto-2Dcerf-2D22jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=aE7SwRdj359pjt5pCdSveYyTaTA4299PAIh4A2DH1oI&e=>
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_lawson-2Dto-2Dcerf-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=ByhD5fgI-NZozcC_aUmxuJDuiLZ3pQO_CpVev9Dg3kk&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_lawson-2Dto-2Dcerf-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=ByhD5fgI-NZozcC_aUmxuJDuiLZ3pQO_CpVev9Dg3kk&e=> https://www.icann.org/en/correspondence/lawson-to-cerf-22jun06.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_lawson-2Dto-2Dcerf-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=bIfUMOYsNN9aESOnohBg6qEXmxm3VaIdkdHpK9Gl_2k&e=>
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_parisse-2Dto-2Dicann-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=Eg5vQ0-fjdyvM70TMY7vCaELvs_gYDm2DvW14IpaRbY&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_parisse-2Dto-2Dicann-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=Eg5vQ0-fjdyvM70TMY7vCaELvs_gYDm2DvW14IpaRbY&e=> https://www.icann.org/en/correspondence/parisse-to-icann-22jun06.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_correspondence_parisse-2Dto-2Dicann-2D22jun06.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=R-2FZz1H1Dqt8ESnB5TwF_qyvnK-suBWdXJhcH91IUk&e=>
- <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_fingleton-2Dto-2Dcerf-2D20jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kv4LGfw3lG9R7egJM7Mk6PuKfDLEeDFGuCy5-CIr2fQ&e=> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_fingleton-2Dto-2Dcerf-2D20jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kv4LGfw3lG9R7egJM7Mk6PuKfDLEeDFGuCy5-CIr2fQ&e=> https://www.icann.org/en/system/files/files/fingleton-to-cerf-20jun06-en.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_fingleton-2Dto-2Dcerf-2D20jun06-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=Y2M1nqZWKQ6xMSXCHo7qVV7WHX06Bk3XVQctMznRFwY&e=>

·       Article 29 WP Opinion on the application of the data protection principles to WHOIS directories
Article 29 WP 76 Opinion 2/2003<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_policies_privacy_docs_wpdocs_2003_wp76-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=F1r1QhCy3vX83VjPu0hK_sioGdkBX_5kYphDXpA7l0Q&e=>

·       Additional Article 29 WP documents that may be of interest to this PDP WG

-        Article 29 WP 5 Recommendation 2/97<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_1997_wp5-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=exXWLPNeD0JJDBS3po5Eqp2wiiDkDfO2IPMoQZwon1E&e=>

-        Article 29 WP 33 Opinion 5/2000<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2000_wp33-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=WcRHBEEerx9M9q_QYYItLTRW3JhXBlHQ8H5sSJiQpvs&e=>

-        Article 29 WP 41<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2001_wp41-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=02SfVeH8RqQY24RaZY7B8XpuAFHUFPLoj3QI8_XaKGs&e=> Opinion 4/2001 <https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2001_wp41-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=02SfVeH8RqQY24RaZY7B8XpuAFHUFPLoj3QI8_XaKGs&e=>

-        Article 29 WP 56 Working Document 5/2002<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2002_wp56-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=X9Bw10En2LV0oPDAhdxCPL6I7d1gEbSX6hxErm1Esto&e=>

-        Article 29 WP 217 Opinion 4/2014<https://urldefense.proofpoint.com/v2/url?u=http-3A__ec.europa.eu_justice_data-2Dprotection_article-2D29_documentation_opinion-2Drecommendation_files_2014_wp217-5Fen.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=YfVNcHS7vB5dNzSX9RM2FPKssGJMmRnv4Jd55L3yqSI&e=>

·       Council of Europe Declaration

-        Declaration of the Committee of Ministers on ICANN, human rights and the rule of law<https://urldefense.proofpoint.com/v2/url?u=https-3A__wcd.coe.int_ViewDoc.jsp-3FRef-3DDecl-252803.06.2015-25292&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=bx0o1CZBlk2neLLBrx14hplKaQkSEAoQeWkWG5EFIyA&e=> (3 June 2015)

·       EDPS Correspondence regarding Registration Data

-        Opinion of the European Data Protection Supervisor: Europe's role in shaping the future of Internet Governance<https://urldefense.proofpoint.com/v2/url?u=https-3A__secure.edps.europa.eu_EDPSWEB_webdav_site_mySite_shared_Documents_Consultation_Opinions_2014_14-2D06-2D23-5FInternet-5FGovernance-5FEN.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=AUPuK_NYOQqZHqOoYEH2SQFbYSYY8Rea1c5dP-f2KaA&e=> (23 June 2014)

-        ICANN's public consultation on 2013 RAA Data Retention Specification Data Elements and - Legitimate Purposes for Collection and Retention<https://urldefense.proofpoint.com/v2/url?u=https-3A__secure.edps.europa.eu_EDPSWEB_webdav_site_mySite_shared_Documents_Consultation_Comments_2014_14-2D04-2D17-5FEDPS-5Fletter-5Fto-5FICANN-5FEN.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=c4mOTCJa_IWm1vL653Z92s249bvTJxJelBLzWP5EVVI&e=> (17 April 2014)

·       International Working Group on Data Protection in Telecommunications and Media Documents

-        Common Position relating to Reverse Directories<https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_176_rever-5Fen.pdf-3F1201099194&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=djnlHZumj-preTvWxgvUS9ugoRuoHNh5b87d7yksy9w&e=> (Hong Kong, 15.04.1998)

-        Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet<https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_222_dns-5Fen.pdf-3F1200656953&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=zVDHrz3aQSp2cMnwZKTwDD3UbiABV6J-ukke3MnFmiU&e=> (Crete, 4./5.05.2000)

-        Common Position on Privacy and Data Protection aspects of the Publication of Personal Data contained in publicly available documents on the Internet<https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_220_pd-5Fen.pdf-3F1201099774&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=45Izx42o0mTuSd6Nt88stuPPJhemyRfg2NgD-1nD-gc&e=> (Crete, 4./5.05.2000)

-        Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements: Ten Commandments to protect Privacy in the Internet World<https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_216_tc-5Fen.pdf-3F1200658742&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=roY0SNiodoQNgvjU1SwZz-FTVERYApYCThgQ5AENiBY&e=> (Berlin, 13/14.09.2000)

-        Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe<https://urldefense.proofpoint.com/v2/url?u=https-3A__datenschutz-2Dberlin.de_attachments_218_cy-5Fen.pdf-3F1200656876&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=KfVfRAw3W5H3LF4dXL7mtXnB-9Luy_G_NAtdArNp4gU&e=> (Berlin, 13/14.09.2000)

·       EWG Recommendations for a Next-Generation RDS<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_final-2Dreport-2D06jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=081_TAJEBYybphQqfoPE6BaY0syYr8TX8mOaCvBUlKI&e=>, especially

-        Section 3, Users and Purposes

-        Annex C, Example Use Cases

-        Annex A, Board Questions

·       EWG Tutorial <https://urldefense.proofpoint.com/v2/url?u=http-3A__london50.icann.org_en_schedule_mon-2Dewg-2Dfinal-2Doverview_presentation-2Dewg-2Dfinal-2Doverview-2D23jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=G5q1dQLGpxVVN_zNOjYsut-v5Cq65X1C1SDW-tf_hmw&e=> Pages 17-20, 37-41and EWG FAQs<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_EWG_EWG-2BFAQs&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=mbe7PZ4gDoicRWqaH8rXPIo4GZ921Hai6KaJx4uCu8Q&e=> 9-12, 67

·       Video FAQ “Is my purpose supported by the RDS?<https://www.youtube.com/watch?v=YzPkxNNfDY4&list=UUl7rV9qJaQEx3GKhtSLx4QA>”

·       Statements/Blogs by Perrin<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_perrin-2Dstatement-2D24jun14-2Den.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=kUujOSmulQ5qahX6mQLU7OsJLPAwaaVQHZZ6bY9-Z6M&e=> and Samuels<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.circleid.com_posts_20141011-5Fbuilding-5Fa-5Fbetter-5Fwhois-5Ffor-5Fthe-5Findividual-5Fregistrant_&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=jWs3wR8mHFYW-I49h1MP5t9VJAzx-bMyUXS87I6QZpU&e=>

·       Process Framework<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_gTLDRDS_Process-2BFramework&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=En6TdFMyuxd7pFs-ZGYPVZWOFhutKC_KObgzky4JtAA&e=> for a PDP on Next-Generation RDS, especially Page 9, Row 1

Please let me know which documents you each of you have chosen to review.

Thank you all for volunteering.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


From: <<mailto:gnso-rds-pdp-purpose-bounces at icann.org>gnso-rds-pdp-purpose-bounces at icann.org<mailto:gnso-rds-pdp-purpose-bounces at icann.org>> on behalf of Kiran Malancharuvil via gnso-rds-pdp-purpose <gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>>
Reply-To: Kiran Malancharuvil <Kiran.Malancharuvil at markmonitor.com<mailto:Kiran.Malancharuvil at markmonitor.com>>
Date: Monday, March 28, 2016 at 11:57 AM
To: "<mailto:gnso-rds-pdp-purpose at icann.org>gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>" <gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>>
Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team

If we are going to table a recent ICANN expert group report on Registration Directory Services, why don’t we start with the Expert Working Group on Registration Directory Services rather than SSAC?  It’s much more recent and was subjected to several public comment periods.

Thanks,

Kiran

From:gnso-rds-pdp-purpose-bounces at icann.org<mailto:gnso-rds-pdp-purpose-bounces at icann.org> [mailto:gnso-rds-pdp-purpose-bounces at icann.org] On Behalf Of Greg Shatan via gnso-rds-pdp-purpose
Sent: Monday, March 28, 2016 11:53 AM
To: Ayden Fabien Férdeline
Cc: Gnso-rds-pdp-purpose at icann.org<mailto:Gnso-rds-pdp-purpose at icann.org>
Subject: Re: [gnso-rds-pdp-purpose] Purpose sub team

Edited below.

Greg




On Mon, Mar 28, 2016 at 12:46 PM, Ayden Fabien Férdeline <<mailto:gnso-rds-pdp-purpose at icann.org>gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>> wrote:
Hello all,

Thank you to Susan for setting out the approach we will take in our sub-team. I will begin this exercise by tabling “WHOIS: Blind Men and an Elephant<https://urldefense.proofpoint.com/v2/url?u=https-3A__links5.mixmaxusercontent.com_aMjjKHWxnLSD3SEwj_l_JHXwtM1x9354tdJND-3Frn-3DIyZy9mLu5WYjlGQlN3bwJXdw1CckBXLzRmct82cudkI-26re-3DIyZy9mLu5WYjlGQlN3bwJXdw1CckBXLzRmct82cudkI&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=yIpnt7pEScNoV0T60C9yTIJ9Ga0fXAwdStrsm2mmtgk&e=>”, a report from the Security and Stability Advisory Committee (SSAC) in September 2012.

The gist of their report is that there are four current uses of the WHOIS service, two of which the SSAC says are legitimate (law enforcement access to data; security practitioner access to data), and two where it is silent on the question of legitimacy (public access to data; intellectual property owner access to data). I have bullet pointed below the main arguments they raise in relation to the purpose of collecting and maintaining this data:

  *   Terminology:
  *   SSAC disagrees with the term “WHOIS” - prefers three specific terms be used: domain name “registration data,” “access protocol,” and “directory services”.
  *   Data Elements:
  *   The appearance of email addresses guarantees that spam will be delivered to those email addresses.
  *   Purpose:
  *   WHOIS was created to provide a means to make contact information available for what was then a very small (and essentially homogeneous in terms of user community) Internet compared to what exists today.
  *   Today there are four main uses of WHOIS:
     *   Public access to details about a domain name registration.
        *   SSAC
​notes that "It is a widely held belief that the public Internet should have access to domain name registration data."
​

     *   Law enforcement access to details about a domain name registration.
        *   SSAC says this is a legitimate use case.
     *   Intellectual property owner access to details about a domain name registration.
        *   SSAC
​notes that "It is a widely held belief that intellectual property owners should have access to domain name registration data."
​
.

     *   Security practitioner access to details about a domain name registration.
        *   SSAC says this is a legitimate use case.
  *   SSAC would like to see research into why users purchase privacy-proxy services. It has heard that some people do so to hide from law enforcement, but would like to see more research/evidence to validate this point. Privacy-proxy services should not hinder the ability to trace the identity of a domain name registrant.
  *   Access Levels:
  *   SSAC says we need to distinguish between what information is collected and what information is published in an open database. Does not comment any further.
  *   Universality:
  *   Whatever policy is adopted it should be applied universally across all gTLDs.
  *   Accuracy:
  *   Whatever data is collected must be accurate and there must be enforcement and compliance mechanisms in place to support this.
I hope this summary is useful. Please let me know if you would prefer that I summarise reports in a different way as we move forward with the review of past literature.

Best wishes,

Ayden Férdeline

On Fri, Mar 25, 2016 at 11:28 PM, Susan Kawaguchi via gnso-rds-pdp-purpose <<mailto:gnso-rds-pdp-purpose at icann.org>gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>> wrote:

Hello All,

Thank you for volunteering for the Purpose sub team.

This is a list of all that have volunteered -  Carlton Samuels, Fabricio Vayra, Susan Prosser, Beth Allegretti, Jim Galvin, Kiran Malancharuvil, Lori Schulman, Vlad Dinculescu, Richard Leaning, Amr Elsadr, Donna Austin, Stephanie Perrin, Tjabbe Bos, Sana Ali, Ayden Ferdeline, Greg Aaron, Jody Kolker, Adrian Cheek, Kathy Kleiman, Chuck Gomes, Maryan Rizinski, Nathalie Coupet, Roger Carney


I look forward to working with you all over the next couple of weeks to collect, consolidate, concisely summarize, and then present inputs and information about the purpose of registration data.

This is a link to the RDS PDP WG document that describes the approach the WG agreed upon  <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_58730879_RDS-2DPDP-2DProposed-2DSummary-2DApproach.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=jj7FzBqU1aFCmtm6xGYZ_ul-tjcUKBbUb3B0xOqiVdY&e=> https://community.icann.org/download/attachments/58730879/RDS-PDP-Proposed-Summary-Approach.pdf<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_58730879_RDS-2DPDP-2DProposed-2DSummary-2DApproach.pdf&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=JkCwjTKahcdizdmtWegMGvSax9n4000LkdQ1V1b_80A&s=OXmX24xRRfQOe2uNKC2gvceBYO2V8_OlZP08LbRJ-Lg&e=>

Would any one like to volunteer to start collecting information on purpose of registration data?  I am sure that the RDS PDP WG wiki has resources to start this collection and then we should think of what else should be included.    Once we have started collecting the information I think a sub team conference call to discuss what we are collecting would be helpful.

Any other ideas on how to approach our work?

Looking forward to the discussion.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=E5d7OSngK_MJQ_XYYyZ__P5oY7YGk_RxVxKurwEV69I&e=>


Ayden Férdeline
+44.77.8018.7421<tel:%2B44.77.8018.7421>
[Image removed by sender.]


_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=mDMhW9B--jmtTN0Mneg8s2Aa-wco-YonCU1kdHYXoFQ&s=E5d7OSngK_MJQ_XYYyZ__P5oY7YGk_RxVxKurwEV69I&e=>




_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMDaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=rGFzr0y8W-A7r959HLcPL7LkQv1AKxyfnEQ3l9poXoM&s=JxBIbick34wImXplHinKxNXDAajYwR_0rDX246Q1YMY&e=>



_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose at icann.org<mailto:gnso-rds-pdp-purpose at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dpurpose&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=asOgaNDWLE5wlJcCMNuaDVtTTPa9sLyIEdEORbCj7ko&s=nTagqtWQXh9MER1o5BAYgk6USuPg0e0VLrddQ4ZUE-A&e=>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160331/e071b8e6/attachment-0001.html>

More information about the gnso-rds-pdp-purpose mailing list