[gnso-rds-pdp-wg] [renamed] Key early questions
Kimpián Péter
kimpian.peter at naih.hu
Tue May 10 10:23:30 UTC 2016
Dear All,
Totally agree with Stephanie, I would also add that every data processing
must be fair and lawful and for every each data processing activity the
data controller must have a valid legal base. Therefore as already
emphasized since Marrakesh the definition of the purpose of data processing
(which also means data collection) is the most important task of the WG. The
WG should present - I think - a proposal which clearly defines the purpose
of data processing of ICANN and made on behalf of/or following the
instruction of ICANN and to clearly state whether they are lawful and to
which legal base to choose for the processing (for certain purpose data
controller=registrar, registries will face problems if using one or another
legal base in certain part of the world or even for data coming from certain
part of the world) .
If there are multiple purposes - I think - the WG should be able to
demonstrate the same for every each of them.
In all high level multi- and bilateral international treaties (ex: art 12 of
Universal Declaration of Human Rights) and in 109 (!) countries' national
(current number of countries having data protection legislation, being
Turkey the newest one) law all over the world the processing of personal
data out of the purpose of for purposes which are illegal or unlawful or
even unfair is strictly forbidden.
Best regards,
Peter
dr. Péter Kimpián
International Affairs and Public Relations Department
National Authority for Data Protection and Freedom of Information
Address: H-1125 Budapest,
Szilágyi Erzsébet fasor 22/C.
Postal address: H-1530 Budapest, Pf.: 5.
Tel: +36-1/391-1422
Fax: +36-1/3911410
Email: <mailto:kimpian.peter at naih.hu> kimpian.peter at naih.hu
Web address: <http://www.naih.hu/> www.naih.hu
From: gnso-rds-pdp-wg-bounces at icann.org
[mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Stephanie Perrin
Sent: Tuesday, May 10, 2016 4:16 AM
To: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] [renamed] Key early questions
Indeed, I agree whole heartedly. Registrars may collect what they need to
do business, and are governed by relevant data protection law. However,
what they collect, use, disclose, escrow, and retain as instructed by ICANN
is clearly within our remit, and unless I am mistaken there is a certain
crossover in the matter of data retention....if the registrars over collect
metadata, they are instructed to retain it in the RAA so this may be an
instance where we ought to be looking over their shoulders. The key
question, from a data protection perspective is do they have a legitimate
interest, as data controller, in collecting, using and disclosing it. The
same applies to ICANN as data controller: do they have a legitimate
interest in demanding through contract, as the data controller for the
purposes of mandating data collection, use and disclosure as a condition of
accreditation, the data listed in the RAA? And it is ICANN which concerns
us.
Stephanie
On 2016-05-09 20:49, Carlton Samuels wrote:
Exactly! And we have a listing of the elements right there in the RAA.
This distinction has been made again and again in every fora I have attended
on registration data. And all arguments/traige/decisions pertaining
purposefulness, access and privacy pertain ONLY to those elements.
-Carlton
==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Planning, Governance, Assessment & Turnaround
=============================
On Mon, May 9, 2016 at 12:41 AM, Alan Greenberg <alan.greenberg at mcgill.ca
<mailto:alan.greenberg at mcgill.ca> > wrote:
One small (but I think important) issue that has been bothering me since we
started this WG.
When we talk about what data is being collected by registrars or registries,
I think we need to be very careful in our wording. What we are interested in
is what data is being collected (or should be collected in the future)
MANDATED by ICANN agreements. What they collect on their own volition is not
on our agenda (whether it is credit card information, your birth date so
they can send you a gratuitous Happy Birthday wish, or your national
identity number).
Alan
At 09/05/2016 12:12 AM, Kathy Kleiman wrote:
Hi Chuck, Michele, Susan, David, and Lisa,
I think Holly has hit the nail on the head. At the outset, and before moving
forward to any additional questions, we should evaluate:
1) what data is collected?
2) why is this data collected?
3) is this data the subject of data protection laws?
This is exactly the foundation and background that the subgroups have
prepared for us - the Data Elements, Privacy law and Purpose subgroups. We
now have the materials to enter into this analysis as a full WG in a
constructive, informed and systematic way.
Marika recently shared these questions in the link she sent around
summarizing our previous comments/ suggestions. Members from a range of SOs
and ACs raised the need for the WG to reorder the questions to allow
consideration of data elements, privacy frameworks and "purpose" upfront and
early on. As you may remember, Scott Hollenbeck kicked off the discussion
and many others joined in.
https://community.icann.org/download/attachments/58730879/RDS-PDP-Phase1-Pro
posedWorkPlanChanges-16March2016.pdf. When we checked with members of
Charter Team in Marrakech, they blessed the idea that we as a WG should
choose our own order for the questions - as long as we cover them all, they
would be happy.
Accordingly, why would we launch into secondary purposes first? Rephrased,
why would we consider all of the "possible requirements" of a directory
service when we as a WG have not yet undertaken the basic analysis of what
data is collected, for what primary purpose, and under what privacy laws and
frameworks we should be analyzing the data? This seems totally like putting
the cart before the horse.
Best,
Kathy
On 5/7/2016 4:22 PM, Holly Raiche wrote:
Thanks Lisa
What the data group has been exploring is just what data is actually
collected by registries/registrars.
I realise that the original Charter questions were framed around gTLD
registration data - the 'Whois' data that must be made public under the 2013
RAA. But what the data group has identified is that there is more data in
question than just the 'Whois' data. Yet these questions are framed around
the gTLD data.
Somewhere, there should be a question - or something - that suggests that
the Charter questions should go further to at least consider what data is
collected and why, and whether it should be the subject of data protections.
Thanks
Holly
On 8 May 2016, at 2:57 am, Lisa Phifer <lisa at corecom.com
<mailto:lisa at corecom.com> > wrote:
Dear all,
A reminder that PDP WG feedback if any on the attached early outreach
message is due no later than tomorrow - Sunday 8 May 23.59 UTC.
Best, Lisa
At 12:07 PM 5/3/2016, Lisa Phifer wrote:
Dear all,
As agreed during today's WG call, attached please find a slightly revised
draft input template to solicit early input from ICANN SOs/ACs and GNSO
SG/Cs. This is the template discussed in today's WG call.
Remember, there will be many opportunities for community input throughout
this PDP. The attached input template is to be used to initiate the early
outreach required of every PDP to inform the WG at the start of its work.
The template is a tool used successfully by other PDP WG's to solicit
structured input, along with any additional input each group wishes to
provide.
WG member feedback on this draft input template is welcome: please send any
feedback to the entire WG list <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> > no later than Sunday 8 May 23.59 UTC.
Our goal is to send the final version of this template to initiate early
outreach next week.
Best, Lisa
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
<RDS PDP - SO AC SG C Input Template - 2 May 2016
rev.pdf>_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160510/fabf3411/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list