[gnso-rds-pdp-wg] GNSO Next-Gen RDS PDP Working Group teleconference
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Sat Mar 19 02:21:19 UTC 2016
I think Holly has summarized this issue well. I would add that the
problem with running through "requirements" first before agreeing
purpose, is that the very act of discussing and refining requirements
before defining purpose adulterates the process of defining purpose.
One issue that we never really dealt with, in my view, on the EWG, was
the "value added services" that depend on harvesting robust WHOIS data
sets. I would hate to accept those practices and businesses, which in my
view likely violate data protection law, before we define purpose.
I would also add that data retention is part of the data life cycle, and
cannot be abandoned to some other PDP process, or the next RAA.
Registration data and the purpose of its collection, use, disclosure,
and retention, has to be examined in its entirety.
Stephanie Perrin
On 2016-03-18 21:48, Holly Raiche wrote:
>>
>> Folks
>>
>> I still have very real questions about the order of discussion topics in Phase 1 of the work plan.
>>
>> In item 8, the main topic is ‘develop initial possible requirements lis’t, starting from Questions posed by the Charter. Yet it isn’t until item 12 that we deliberate on possible fundamental requirements.
>>
>> I am guessing that, to make sense of the order listed, we are to start with a list of all possible requirements (item 8) and by item 12, have the discussion as to what of the possible requirements should be accepted and what ‘requirements' will not be.
>>
>> From a data protection perspective (that governs all EU countries, Canada, Australia and many other countries), the place to start is to ask what information - particularly personal information - an individual/organisation NEEDS to collect in order to carry out their task/business. And ONLY that data is collected. Other data protection steps follow: the personal information that is collected must only be used for the purpose(s) for which it was collected, and the information is only disclosed to the individuals/organisations that should have access.
>>
>> So I am assuming that, at item 12 at the latest, those of us living under data protection legislation will look at the list of possible ‘requirements' and insist that only that information that is required for carrying on the business of a registrar or registry is gathered. The questions that follow are then about how that limited information is used, and how that limited information is disclosed.
>>
>> If that is not what is intended by the Work Plan, then we must have the discussion on what information is collected at item 8.
>>
>> And while the EWG is a very useful report and a good place, amongst others, to start, we will not necessarily wind up in the same place that it did - and let’s not assume we will.
>>
>> Cheers
>>
>> Holly
>>
>>
>>
>>
>>
>>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
More information about the gnso-rds-pdp-wg
mailing list