[gnso-rds-pdp-wg] Some items missing from triage document

Greg Shatan gregshatanipc at gmail.com
Wed Jul 20 23:31:37 UTC 2016 

​Perhaps an unflitered version​ can be circulated so all the information is
available "out of the box"?









*Gregory S. Shatan | Partner *McCARTER & ENGLISH, LLP

245 Park Avenue, 27th Floor | New York, New York 10167
T: 212-609-6873
C: 917-816-6428
F: 212-416-7613
gshatan at mccarter.com | www.mccarter.com

BOSTON | HARTFORD | STAMFORD | NEW YORK | NEWARK
EAST BRUNSWICK | PHILADELPHIA  | WILMINGTON | WASHINGTON, DC

On Wed, Jul 20, 2016 at 4:53 PM, Stephanie Perrin <
stephanie.perrin at mail.utoronto.ca> wrote:

> As I predicted, I was still having trouble getting the doc to unfurl (I
> think possibly the different versions of Msoft Office may be a problem, but
> likely it is just my doofus lack of skills in excel) so I called up an
> expert and found the right thing to do....I had to insert and remove
> filters.
>
> A tremendous amount of work ladies, kudos to Susan and Lisa for pulling
> this together.  Tons of material to decipher.
>
> cheers Stephanie
>
> On 2016-07-20 15:03, Susan Kawaguchi wrote:
>
> Kathy,
>
> Just checking to see if you were able to filter the document to see the
> full list of PR?
>
> Best
> Susan Kawaguchi
> Domain Name Manager
> Facebook Legal Dept.
>
>
> From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Kathy Kleiman <
> kathy at kathykleiman.com>
> Date: Tuesday, July 19, 2016 at 8:27 PM
> To: "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
> Subject: [gnso-rds-pdp-wg] Some items missing from triage document
>
> I have been reviewing the triaged document. Am I correct in seeing that
> over 130 Privacy Items [PR] have been reduced to 4? In that case, we are
> missing much. Unlike other areas of this triaged document, Privacy has been
> stripped to its most skeletal provisions. What's missing is the breadth,
> depth and nuances of privacy and data protection laws, and frankly, the
> full obligations to which Registrars, Registries and ICANN must comply.
> This fullness was captured in our original analysis of the Privacy
> documents and reflected in the Possible Requirements doc.
>
> I urge the WG to keep this triaged document open as others may have
> additional items to add that should be added.
>
> At a minimum, here are some of the critical missing elements (below).
>
> Kathy
>
>
> ------------------------------------------------------------------------------------------------------------------------
>
> *[PR-D01-R01]* – “. . . in some jurisdictions, privacy rights extend to
> legal persons and to entities with respect to free speech and freedom of
> association.” (Next to last paragraph on p.81)
>
> *[PR-D25-R04]* – Council of Europe's Treaty 108 on Data Protections,
> Article 6, Special categories of data, restricts the collection of data
> under its privacy laws to only that data that is: “Personal data revealing
> racial origin, political opinions or religious or other beliefs, as well as
> personal data concerning health or sexual life, may not be processed
> automatically unless domestic law provides appropriate safeguards. The same
> shall apply to personal data relating to criminal convictions.”
>
> *[PR-D26-R06] – *According to the *Directive
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__eur-2Dlex.europa.eu_legal-2Dcontent_EN_TXT_-3Furi-3DURISERV-253Al14012&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=BU5LMkSSXQNZZOe2cLNekjWHbhNTTVdRetC-Xcx7AQo&e=>
> (33),* whereas data which are capable by their nature of infringing
> fundamental freedoms or privacy should not be processed unless the data
> subject gives his explicit consent; whereas, however, derogations from this
> prohibition must be explicitly provided for in respect of specific needs,
> in particular where the processing of these data is carried out for certain
> health-related purposes by persons subject to a legal obligation of
> professional secrecy or in the course of legitimate activities by certain
> associations or foundations the purpose of which is to permit the exercise
> of fundamental freedoms;
>
> *[PR-D28-R01]* – “The people or bodies that collect and manage personal
> data are called "data controllers". They must respect EU law when handling
> the data entrusted to them.”
>
> *[PR-D28-R02]* – The EU Privacy Directive “refers to the persons or
> entities which collect and process personal data as ‘data controllers’. For
> instance, a medical practitioner is usually the controller of his patients'
> data; a company is the controller of data on its clients and employees; a
> sports club is controller of its members' data and a library of its
> borrowers' data.” See also *[UP-D28-R03]*
>
> *[PR-D28-R03]* – Data controllers determine 'the purposes and the means
> of the processing of personal data'. This applies to both public and
> private sectors. See also *[UP-D28-R04]*
>
> *[PR-D28-R04]* – “Data controllers must respect the privacy and data
> protection rights of those whose personal data is entrusted to them. They
> must:
>
>    -
>
>    collect and process personal data only when this is legally permitted;
>    -
>
>    respect certain obligations regarding the processing of personal data;
>    -
>
>    respond to complaints regarding breaches of data protection rules;
>    -
>
>
> *collaborate with national data protection supervisory authorities. (note:
>    highlights are in the original) See also [UP-D28-R05]*
>
> *[PR-D30-R04]* – Because the Privacy Shield will also be used to transfer
> data outside the US, the WP29 insists that onward transfers from a Privacy
> Shield entity to third country recipients should provide the same level of
> protection on all aspects of the Shield (including national security) and
> should not lead to lower or circumvent EU data protection principles pg. 3
>
> *[PR-D30-R05]* – The requirement for a third country to ensure an
> adequate level of data protection was further defined by the CJEU in
> Schrems…It also indicated that the wording ‘adequate level of protection’
> must be understood as “requiring the third country in fact to ensure, by
> reason of its domestic law or its international commitments, a level of
> protection of fundamental rights and freedoms that is essentially
> equivalent to that guaranteed within the European Union by virtue of the
> Directive read in the light of the Charter” pg.10
>
> *[PR-D31-R03]* – On personal data, the Africa Union convention makes
> personal data processing subject to a declaration before the protection
> authority and each authority may establish standards for such processing.
> Article 8: Objective of this Convention states with respect to personal
> data:
>
>    -
>
>    “Each State Party shall commit itself to establishing a legal
>    framework aimed at strengthening fundamental rights and public freedoms,
>    particularly the protection of physical data, and punish any violation of
>    privacy without prejudice to the principle of free flow of personal data.
>    -
>
>    The mechanism so established shall ensure that any form of data
>    processing respects the fundamental freedoms and rights of natural persons
>    while recognizing the prerogatives of the State, the rights of local
>    communities and the purposes for which the businesses were established.”
>
> *[PR-D31-R08] – *Article 14: Specific principles for the processing of
> sensitive data, states: “State Parties shall undertake to prohibit any data
> collection and processing revealing racial, ethnic and regional origin,
> parental filiation, political opinions, religious or philosophical beliefs,
> trade union membership, sex life and genetic information or, more
> generally, data on the state of health of the data subject.” …
>
> *[PR-D37-R03] – *The U.S. Supreme Court Case – McIntyre v. Ohio Elections
> Commission, states that, “Despite readers' curiosity and the public's
> interest in identifying the creator of a work of art, an author generally
> is free to decide whether or not to disclose her true identity. The
> decision in favor of anonymity may be motivated by fear of economic or
> official retaliation, by concern about social ostracism, or merely by a
> desire to preserve as much of one's privacy as possible. Whatever the
> motivation may be, at least in the field of literary endeavor, the interest
> in having anonymous works enter the marketplace of ideas unquestionably
> outweighs any public interest in requiring disclosure as a condition of
> entry.”
>
> *[PR-D38-R01]* – The following sections of the Ghana Protection Act could
> possibly confer requirements on a gTLD directory service.
>
> *[PR-D38-R02]* – Section 17, Privacy of the individual, states: “A person
> who processes data shall take into account the privacy of the individual by
> applying the following principles: (a) accountability, (b) lawfulness of
> processing, (c) specification of purpose, (d) compatibility of further
> processing with purpose of collection, (e) quality of information, (f)
> openness, (g) data security safeguards, and (h) data subject participation.”
>
> *[PR-D39-R05]* – Section 26, Prohibition on processing of special
> personal information, states: “A responsible party may, subject to section
> 27, not process personal information concerning—
>
>    1.
>
>    the religious or philosophical beliefs, race or ethnic origin, trade
>    union membership, political persuasion, health or sex life or biometric
>    information of a data subject; or
>    2.
>
>    the criminal behaviour of a data subject to the extent that such
>    information relates to—
>
>
>    1.
>
>       the alleged commission by a data subject of any offence; or
>       2.
>
>       any proceedings in respect of any offence allegedly committed by a
>       data subject or the disposal of such proceedings.”
>
> *[PR-D44-R02]* – [gTLD directory services policies must take into
> consideration this statement by Professor Greenleaf: ] “Countries without
> data privacy laws now in a minority.” “Future growth: Heading toward
> ubiquity.” “Global growth is likely to continue beyond 2020.
>
> *[PR-D44-R03] – * [gTLD directory services policies must take into
> consideration] Greenleaf's years of research [which] are summarized in
> his finding that by the end of this decade the number of countries with
> data privacy laws, all of which have a strong ‘family resemblance,’ will be
> between 66% and 80% of all independent jurisdictions globally.
>
>
>
> On 7/18/2016 1:47 PM, Lisa Phifer wrote:
>
> Dear all,
>
>
>
> The next GNSO Next-Gen RDS PDP Working Group teleconference is scheduled
> for *Wednesday, 20 July at 05:00 UTC for 90 minutes.*
>
> Note that for some this is Tuesday evening: 22:00 PDT (Tuesday), 01:00
> EDT, 06:00 London, 07:00 CEST. For other times: http://tinyurl.com/jnhobkh
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__tinyurl.com_jnhobkh&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=_0YeK9yAw9M3VCGlFZ93H44Jm_erLRA3Vc7plSGMEys&e=>
>
> Attached please find materials for this meeting, also linked to the
> meeting page on the wiki below.
>
>
>
> *Proposed Agenda for RDS PDP WG Call *
>
> 1. Roll call/SOI updates
> 2. Brief updates on:
>
>    - Completion of work task #11 (final clean v13 attached)
>    - Doodle poll results/ICANN57 planning
>    - Update on problem statement
>
> 3. Review and discuss triage of possible requirements (see D3 Triage,
> below)
>
> ·        *RDS PDP List of Possible Requirements D3 - TriageInProgress -
> 13 July.docx
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_56986791_RDS-2520PDP-2520List-2520of-2520Possible-2520Requirements-2520D3-2520-2D-2520TriageInProgress-2520-2D-252013-2520July.docx-3Fversion-3D1-26modificationDate-3D1468513314000-26api-3Dv2&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=dAnEqVGRvNLnd7HzReILHaOm1mTA4ZhFBitH93_7N-s&e=>
> (previously distributed)*
>
> ·        An Excel workbook version is also available for filtering on
> phase and group: *PRSpreadsheets-D3Triage-13July.xlsx
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_60490860_PRSpreadsheets-2DD3Triage-2D13July.xlsx-3Fversion-3D1-26modificationDate-3D1468861768733-26api-3Dv2&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=X6sXeFQd-bC5KPzStgNO2EiahNYL3GJWhVbwFowbWjg&e=>
> (attached)*
>
> 4. Start work on purpose and use cases (see Example Use Cases attached)
>
> ·        EWG Report - Example Use Case and Related Data Annexes.doc
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_60490860_EWG-2520Report-2520-2D-2520Use-2520Case-2520and-2520Data-2520Annexes.doc-3Fversion-3D1-26modificationDate-3D1468862831998-26api-3Dv2&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=1JFVwAxlxlRoLHk-DuFbzA3DV3Ror5qGt2-Vid-Dkc0&e=>
>
> ·        During this meeting, RDS PDP WG members will be invited to
> volunteer to draft use cases.
>
> ·        Draft example use cases listed on pages 1-2 of the attached may
> be used as input by volunteers if they wish.
>
> 5. Confirm Next Meeting - Tuesday 26 July
>
>
>
>
>
> Meeting Materials: https://community.icann.org/x/bASbAw
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_bASbAw&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=98nWiuANmTZtl5GyIur_2IoN9MFTdcML9HXEVrIWaUo&e=>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=tqmtJYU7tT2jcsKP-b0v-rGvVswWSqfs2DZ48lrHUsU&s=u7ljHOR432MM6l_cUsh8CEKO85kbj7ZqRcgtggO0he8&e=>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160720/eabde525/attachment.html>

More information about the gnso-rds-pdp-wg mailing list