[gnso-rds-pdp-wg] RDS 5 Charter questions

[Ayden Férdeline]

Hi Susan,
Thanks for sharing these reflections. I understand the desire not to complicate
this task. As someone who is new to the ICANN community and its approach to
policy-making – and, also, someone who is an advocate of privacy – it would seem
to me that all the costs and burdens associated with rallying against an
open-access Registration Directory Service have been put on some stakeholders,
while proponents of the status quo profit from the lack of consensus or inertia
on a different path forward. I say this not to demonise any views, but to
clarify that I do indeed share your perspective that we don’t want to be
permanently gridlocked here.
This is actually why my preference would be to go down the path that was
suggested on our call yesterday – from what I recall, it would mean three
opportunities for public comment, and a mandate to focus our energies on
understanding Users/Purposes, Privacy, and Data Elements before we consider
whether or not gated access is necessary or whether or not records should be
accurate. It seems a little premature to me to consider the latter points when
we have not yet established if there is a basis for collecting registration data
in the first place. I share your point, though, that we should be distinguishing
between individuals and commercial entities – which is not to presuppose that
there ultimately will be a need for variations in treatment if the RDS is
warranted.
We can make our work easier, however. If we decide upon a standard by which to
assess whether or not the RDS complies with, say, data privacy laws, we might
have a more straightforward exercise ahead. And on that point I would like to
note that just because the Internet originated in the US and its governance
framework has been historically dominated by US-based actors does not mean we
should by default turn to US law for contextual protections or principles. I
would like to respectfully suggest that European instruments such as the
European Convention on Human Rights, standards set by the European Union Data
Protection Directive, and Convention 108 of the Council of Europe might be
helpful starting points. These are not obscure laws or conventions which apply
to no one: the EU population is over 500 million people, far greater than that
of the US.
I am not a lawyer and I do not come at this topic with the same institutional
knowledge that others do have. I do not know all the details or decisions that
have led us to this point where, it would seem, the (political) cost to move
away from the current default is so very high. I say this to be clear, from the
onset, that I might well be misinformed or wrong about how we move forward in
this working group. However, it is my view that just because the Internet is by
nature cross-border does not mean that it should be treated as a self-governing
realm beyond the reach of national laws. WHOIS today, to me, seems to subvert
and/or undermine domestic norms and institutions in many territories worldwide.
I don’t want to get into the question of sovereignty online, but it would be
helpful to at least establish whether or not we believe ICANN should mandate
through its contracts with registrars that they comply with local legal
regulations, or whether we instead believe that market forces should be driving
fundamental decisions about the nature of the Internet.
You can probably guess my position here, but I’d like to think we can reach some
common ground. What are we more concerned about – the rights of the data subject
and controller, or the rights of those who wish to monetise it? To come up with,
like we have, a list of something like 780 possible requirements for the RDS
strikes me as a recipe for disaster. It seems inevitable that we will
accidentally impose huge costs on some stakeholder groups – the unintended
consequence of trying to achieve some short-term policy goal not to do with any
functional imperative of the Internet itself, but to meet someone’s obscure
interest. That’s why I want to hammer down on what data is being collected, why
it is being used, and what are the implications for privacy before we proceed
any further.

Just my $0.02.
- Ayden





On Tue, Jun 14, 2016 10:51 PM, Susan Kawaguchi susank at fb.com wrote:
Hello All,
I have been thinking about the RDS discussion from this morning’s meeting and
wanted to clarify my personal position (not as a vice chair of the WG) I think
we will complicate our task if we initially limit the discussion to three of the
charter questions relating to users/purposes, privacy and data elements. Much
thought went into drafting the charter and brainstorming how a WG should
approach deliberations.
Users/Purposes Privacy Data elements Access Accuracy
All of the above are very interrelated and I can’t imagine that we can
sufficiently discuss one or two without the others.
One other issue that comes to mind is that we must keep in mind PII data but we
also have to be wary of creating requirements that convey data protection rights
of individuals to commercial entities. For each of the topics above we need to
address how it would affect an individual or a commercial entity.
I think we should move forward with the original plan according to the Charter
and discuss all 5 issues in the first pass. Susan Kawaguchi Domain Name Manager Facebook Legal Dept.

Ayden Férdeline Statement of Interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160615/a1d51432/attachment.html>