[gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
Kathy Kleiman
kathy at kathykleiman.com
Thu Jan 26 18:11:45 UTC 2017
Hi All,
I reached out to Peter Kimpian of the Council of Europe on the important
question Victoria asked yesterday about consent. I did so because it is
my understanding that the definitions of "consent" are different in the
US and Europe - particularly for the type of personal and sensitive data
we are discussing.
Peter writes that _consent _is "a paramount question and it is for all
those who have signed (and not signed off yet) to Universal Declaration
on Human Rights and the the International Covenant on Civil and
Political Rights and the International Covenant on Economic, Social and
Cultural Rights and *not *only in Europe! So the core principle for
privacy and data protection is that the data subject has to be in
control ALWAYS what is happening with his/her data. *Consent is one
possible legal base for processing data but it can not be considered as
one consent for everything. Consent should be informed and free.
therefore if the purpose of the data processing changes data controller
have to be sure it has still the consent for the new purpose.*"
Best, Kathy
On 1/25/2017 2:45 PM, Victoria Sheckler wrote:
>
> Isn’t consent always been acceptable for use and disclosure purposes?
> And doesn’t all of this have to be balanced with the public’s
> legitimate interest in transparency?
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Stephanie Perrin
> *Sent:* Wednesday, January 25, 2017 2:33 PM
> *To:* nathalie coupet <nathaliecoupet at yahoo.com>
> *Cc:* gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose
>
> WHOIS at the moment is a phone book, and it is a phone book that
> arguably violates data protection law. The purpose of this pdp is to
> determine what the policy behind the RDS ought to be....not just limp
> along with the vestigial WHOIS we inherited from Jon Postel.
>
> The analogy with health data was to demonstrate that if the management
> of the DNS was in the hands of government, they would have public
> policy responsibilities, enforced in their parliaments or
> legislatures, to take ALL views with due consideration (read with a
> grain of salt) and act in compliance with law and with their
> respective Constitutions and Charters. That was the point I was
> trying to make...we are in a multistakeholder environment where
> stakeholders can influence policy to a greater extent, with no
> recourse to a higher authority to question the inclusion of
> perspectives that may not be agreed by others (eg. a Parliament). and
> I am aware that the list of exceptions for third party access is
> long. But they are for release or sharing of data....they are not
> purposes of collection. In the cases of many of the government
> exceptions you list, those are releases or sharing agreements
> authorized by law, and subject to legal protection. They are not, in
> most cases where there is a constitution in place that protects
> fundamental rights and due process, reasons for broader collection for
> those purposes. There are rare exceptions to that general principle,
> but by and large they are rare.
>
> Apologies if that example was not sufficiently clear.
>
> cheers Stephanie
>
> On 2017-01-25 07:53, nathalie coupet wrote:
>
> Regarding the analogy with health data, the list of exceptions is
> long, when it comes to the application of data protection laws.
> For example, they do not apply in cases where public health and
> safety require it;
>
> For government research and statistics needs;
>
> In case of a law enforcement investigation;
>
> When the security of the President or other high ranking officials
> is at stake;
>
> When the data can be collected from other sources (such as the
> phone book);
>
> When needed for legislative purposes;
>
> In case of a court order or other legal mandate;
>
> If the person giving the data does so willingly;
>
> And data protection doesn't apply to second or all subsequent
> sharings.
>
> The truth is data protection is very loosely applied and is not
> meant to prevent law enforcement, legal processes from going their
> course.
>
> By gating all data, or reducing RDS to just a technician's tool,
> this would also break the economy of the Internet.
>
> WHOIS/RDS is also a phone book and as such, it protects the
> end-user by affording her and additional and important level of
> security.
>
> Nowhere is it said that RDS is purely technical.
>
> This is reductive view.
>
> Nathalie
>
>
> Sent from my iPhone
>
>
> On Jan 25, 2017, at 6:56 AM, Stephanie Perrin
> <stephanie.perrin at mail.utoronto.ca
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
> Sorry, this discussion is important. Your example proves my
> point. What you show below is a disclosure. It is a
> disclosure of a limited set of data. we are not supposed to
> be talking about disclosure at this point in our proceedings.
> I leave it to the experts on whether this is "thin" in the
> sense of the thick transition discussion, I really don't know
> because we are focused on gTLD policy here. My point is this
> is a disclosure. We do not "collect" thin data per se, we
> collect a whole mess of mandatory data elements, as per the
> RAA. Then we generate a whole mess as part of activating and
> making real the domain's existence. Then we share (release) a
> small subset.
>
> So talking about collecting thin data is misleading in my
> view. Purpose of disclosing it is what we are in fact talking
> about. Calling it a purpose for collection opens the barn door.
>
> Stephanie
>
> On 2017-01-25 06:46, Sam Lanfranco wrote:
>
> Thank you Michele, ( ignoring the spell check driven typo
> of "think" for "thick" (-: ). We should be able to put
> this "thin" discussion behind us.
> The "thin" discussion should have taken about 2 email
> exchanges. Here is CIRA's (thin) search for .ca domain
> names [disclosure: it is my domain name]
>
> Domain name: artisanalpot.ca <http://artisanalpot.ca>
> Domain status: registered
> Creation date: 2016/12/14
> Expiry date: 2017/12/14
> Updated date: 2016/12/19
> DNSSEC: Unsigned
> Registrar:
> Name: Web Hosting Canada (7081936 Canada Inc.)
> Number: 5000080
> Name servers:
> ns1.whc.ca <http://ns1.whc.ca> 173.209.49.178
> ns2.whc.ca <http://ns2.whc.ca> 198.245.53.176
> ns3.whc.ca <http://ns3.whc.ca> 198.245.61.86
> % WHOIS look-up made at 2017-01-25 11:32:24 (GMT)
> % Use of CIRA's WHOIS service is governed by the Terms of
> Use in its Legal
> % Notice, available at
> http://www.cira.ca/legal-notice/?lang=en
> % (c) 2017 Canadian Internet Registration Authority,
> (http://www.cira.ca/)
>
> Nothing private is disclosed and LEA would have to resort
> to legal means to get to what is in the "thick" data set.
> There are no ICANN policy issues here.
>
> Sam L <artisanalpot.ca <http://artisanalpot.ca>> (-:
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170126/f5dac6ab/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list