[gnso-rds-pdp-wg] ICANN Meetings/Conversations with Data Protection and Privacy Commissioners
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Tue Sep 26 14:13:47 UTC 2017
It happens oftener than you might think Alan! and I agree, the EU law
is not the most stringent, although it receives the most flack....:-)
SP
On 2017-09-26 10:08, Alan Greenberg wrote:
> So the non-expert and the expert agree!
>
>
> --
> Sent from my mobile. Please excuse brevity and typos.
>
> On September 26, 2017 8:34:53 AM EDT, Stephanie Perrin
> <stephanie.perrin at mail.utoronto.ca> wrote:
>
> With all due modesty, I am an expert in privacy legislation,
> having worked in this field since 1984 in most capacities (and
> most particularly, directing the drafting of the federal law here
> in Canada). TBDF provisions appear in most data protection law,
> they are also covered in many national constitutions and it is
> therefore impossible to actually separate out TBDF from any
> privacy impact assessment of ICANN policy and implementation. I
> don't think an explicit mention in our Charter is at all
> necessary, we cannot examine privacy without looking at TBDF.
>
> Stephanie Perrin
>
>
> On 2017-09-25 09:24, Alan Greenberg wrote:
>> I am far from an expert on privacy legislation. GDPR is probably
>> as good a base to look at as any, and perhaps better than some. I
>> do not think we are in a position to survey all country's privacy
>> legislation to ensure that we are in compliance, and even if we
>> did, laws change over time. So we will need to put in place a
>> framework that can adapt to local requirements.
>>
>> One issue that I do not think has been discussed (and is not even
>> mentioned in our charter) is transborder data flow. ALthough that
>> may be more associated with implementation, I suspect we will
>> have to think about it, if only to say that implementation needs
>> to address it. In that case, European legislation may not be the
>> most stringent.
>>
>> Alan
>>
>>
>> At 25/09/2017 08:57 AM, Ayden Férdeline wrote:
>>
>>> Hi Erica,
>>>
>>> That is a good question.
>>>
>>> My view is that GDPR is the best baseline that we have. I say
>>> for this for two reasons. Firstly, because the Council of the
>>> European Union has advised the European Commission that it
>>> cannot negotiate away privacy rights in trade agreements. And
>>> secondly, as I touched upon in an email a few days ago, over 100
>>> countries now have data protection laws, many of which were
>>> modelled after the European Union’s 1995 Data Protection
>>> Directive. It seems possible to me that a desire to emulate best
>>> practices could see these laws, based upon the earlier 1995
>>> standard, updated to reflect the standard now set by GDPR.
>>>
>>> I am happy, of course, to hear alternative perspectives on this
>>> issue.
>>>
>>> Best wishes,
>>>
>>> Ayden Férdeline
>>> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>>>
>>>
>>>> -------- Original Message --------
>>>> Subject: Re: [gnso-rds-pdp-wg] ICANN Meetings/Conversations
>>>> with Data Protection and Privacy Commissioners
>>>> Local Time: 25 September 2017 1:46 PM
>>>> UTC Time: 25 September 2017 12:46
>>>> From: gnso-rds-pdp-wg at icann.org
>>>> To: gnso-rds-pdp-wg at icann.org
>>>>
>>>> It is clear that the PDP will have to be aware of and plan
>>>> for GDPR-like protections (and not limited to Europe).
>>>>
>>>>
>>>> Jumping back to Kris' comment, and the reference to other
>>>> privacy regulations in various countries (i.e. South Africa),
>>>> do we know for certain that GDPR is our best baseline? For
>>>> example, perhaps there is a different regional set of
>>>> regulations that are an even lower common denominator that
>>>> would ensure compliance not only with GDPR, but other regions
>>>> as well - and, hopefully, future laws. Possibly this has been
>>>> spoken about before (I'm still rather new here), but I thought
>>>> it may be worth confirming since so much of our information
>>>> flow, generally speaking, tends to come from the US and the EU
>>>> over other regions.
>>>>
>>>> Within the contect of ICANN, there is no other way to do
>>>> this but through a GNSO PDP, and hopefully we can actually
>>>> complete this and move forward. How timely we do it will
>>>> depend on how willing we are to work together to reach
>>>> consensus.
>>>>
>>>>
>>>> Well said.
>>>>
>>>> Best,
>>>> Erica
>>>>
>>>> Erica Varlese | .blog Shepherd @ KKWT
>>>> Email: erica at my.blog
>>>> Skype: evarlese
>>>>
>>>>
>>>> On Mon, Sep 25, 2017 at 4:07 AM, Volker Greimann
>>>> <vgreimann at key-systems.net <mailto:vgreimann at key-systems.net>>
>>>> wrote:
>>>>
>>>> With the new proposals for whois privacy provider
>>>> accreditation currently in the works and the costs attached
>>>> to that program both in aded requirements that have to be
>>>> followed and the accreditation cost, this service will
>>>> never be "free".
>>>>
>>>> Volker
>>>>
>>>> Am 23.09.2017 um 15:47 schrieb John Bambenek via
>>>> gnso-rds-pdp-wg:
>>>>> Is one of there ways of exploring how to resolve the
>>>>> issue including making whois privacy for free for
>>>>> individual registrants?
>>>>>
>>>>> --
>>>>> John Bambenek
>>>>>
>>>>> On Sep 22, 2017, at 21:06, Chuck <consult at cgomes.com
>>>>> <mailto:consult at cgomes.com>> wrote:
>>>>>
>>>>>> Without in any way detracting from the concern
>>>>>> for ICANN transparency and the need for keeping
>>>>>> our PDP informed, I think it is important for us
>>>>>> to recognize a few things:
>>>>>> The GDPR is set to go into effect in May 2018.
>>>>>> While I am cautiously hopeful that the RDS PDP WG
>>>>>> will improve progress in our work, there is no
>>>>>> way we will be close to done by May 2018.
>>>>>> In the meantime, contracted parties will be faced
>>>>>> with some serious conflicts between the terms of
>>>>>> their agreements with ICANN and the GDPR that
>>>>>> could result in significant fines if they
>>>>>> continue to comply with their ICANN agreements.
>>>>>> Therefore, it does not seem unreasonable for
>>>>>> ICANN staff to be exploring ways to resolve this
>>>>>> dilemma until policy work can be completed.
>>>>>>
>>>>>>
>>>>>> Chuck
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: gnso-rds-pdp-wg-bounces at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
>>>>>> [mailto:gnso-rds-pdp-wg-bounces at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>] On
>>>>>> Behalf Of Vayra, Fabricio (Perkins Coie)
>>>>>> Sent: Friday, September 22, 2017 8:16 AM
>>>>>> To: Andrew Sullivan <ajs at anvilwalrusden.com
>>>>>> <mailto:ajs at anvilwalrusden.com> >;
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>> Subject: Re: [gnso-rds-pdp-wg] ICANN
>>>>>> Meetings/Conversations with Data Protection and
>>>>>> Privacy Commissioners
>>>>>>
>>>>>>
>>>>>>
>>>>>> Appreciate this feedback, Andrew. Simply put, my
>>>>>> concern is that these independent and misinformed
>>>>>> conversations will result in bad decision making
>>>>>> that will run counter to our efforts here in this
>>>>>> duly-constituted PDP WG that is following the
>>>>>> standard ICANN processes for developing policy --
>>>>>> if not render them useless altogether. Which in
>>>>>> turn highlights my earlier comment that this
>>>>>> side-show effort from ICANN runs counter to the
>>>>>> bottom up / standard ICANN processes for
>>>>>> developing policy.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Maybe it's just me making a mountain out of a
>>>>>> molehill, but Stephanie echoing these concerns on
>>>>>> the last call encouraged me to reach out to my
>>>>>> fellow WG members to see if others share the
>>>>>> concern and wanted to act on it.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Others?
>>>>>>
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: gnso-rds-pdp-wg-bounces at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>
>>>>>> [mailto:gnso-rds-pdp-wg-bounces at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org>] On
>>>>>> Behalf Of Andrew Sullivan
>>>>>> Sent: Friday, September 22, 2017 11:09 AM
>>>>>> To: gnso-rds-pdp-wg at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>> Subject: Re: [gnso-rds-pdp-wg] ICANN
>>>>>> Meetings/Conversations with Data Protection and
>>>>>> Privacy Commissioners
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Sep 22, 2017 at 02:51:44PM +0000, Vayra,
>>>>>> Fabricio (Perkins Coie) wrote:
>>>>>>
>>>>>> >
>>>>>>
>>>>>> > I couldn’t agree more with Stephanie and find
>>>>>> it incredible that ICANN, despite our ongoing
>>>>>> efforts and the plethora of published community
>>>>>> concerns, are continuing with the approach of
>>>>>> rushing to discussions with Data Protection and
>>>>>> Privacy Commissioners “half-cocked.†Putting
>>>>>> aside the apparent widely shared view that this
>>>>>> approach is misinformed and dangerous, it’s
>>>>>> simply redundant of and does not take advantage
>>>>>> of our work within this PDP process -- one could
>>>>>> even say that it runs counter to the bottom up
>>>>>> and community led initiative on RDS/WHOIS.
>>>>>>
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>> I don't understand what the problem is supposed
>>>>>> to be. We are a
>>>>>>
>>>>>> duly-constituted PDP WG that is following the
>>>>>> standard ICANN processes
>>>>>>
>>>>>> for developing policy. If other parts of ICANN
>>>>>> want to talk to data
>>>>>>
>>>>>> protection and privacy commissioners, or
>>>>>> activists in favour of
>>>>>>
>>>>>> publishing all personal data available in the
>>>>>> universe, or privacy
>>>>>>
>>>>>> activists who think the DNS should be closed in
>>>>>> favour of onion
>>>>>>
>>>>>> routing, or the committee of the Present King of
>>>>>> France and the Easter
>>>>>>
>>>>>> Bunny, why should we care? In the event (for
>>>>>> which I have diminshing
>>>>>>
>>>>>> hope) that we publish a report that is actionable
>>>>>> by the GNSO, the
>>>>>>
>>>>>> ordinary ICANN policy mechanisms will grind
>>>>>> forward no matter what
>>>>>>
>>>>>> meetings people have had.
>>>>>>
>>>>>>
>>>>>>
>>>>>> We can best contribute to that end, in my
>>>>>> opinion, by focussing on
>>>>>>
>>>>>> getting done the work that we are supposed to be
>>>>>> doing, rather than
>>>>>>
>>>>>> worrying about all the other things other people
>>>>>> might be doing. By
>>>>>>
>>>>>> concentrating on this and making some progress,
>>>>>> we might even reduce
>>>>>>
>>>>>> the temptation of others to second guess this
>>>>>> process. At the rate we
>>>>>>
>>>>>> are currently moving, we appear to be destined to
>>>>>> deliver something
>>>>>>
>>>>>> right after heat death of the universe, and I
>>>>>> suggest that that pace
>>>>>>
>>>>>> is partly because there is no issue on which
>>>>>> people are willing to
>>>>>>
>>>>>> focus, come to a clear conclusion, and then let
>>>>>> that conclusion stand.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I therefore urge that we focus on our task and
>>>>>> not make our job harder
>>>>>>
>>>>>> than it already is by attending to outside
>>>>>> distractions.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>>
>>>>>>
>>>>>> A
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Andrew Sullivan
>>>>>>
>>>>>> ajs at anvilwalrusden.com
>>>>>> <mailto:ajs at anvilwalrusden.com>
>>>>>>
>>>>>> _______________________________________________
>>>>>>
>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>
>>>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=DwIGaQ&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=6lUxzkhJPN5qts-Nve5TYqxoGjP81z1kCvXgsmw-MiQ&m=9eU57wIVscyGuvbIbm2BAi8LELlVrSQBl5k9N2YJxfQ&s=EWf3FrLMoZXzDzHkrW30uyrwfH-GkQk1TGt5Jc2ndKs&e
>>>>>> =
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>> NOTICE: This communication may contain privileged
>>>>>> or other confidential information. If you have
>>>>>> received it in error, please advise the sender by
>>>>>> reply email and immediately delete the message
>>>>>> and any attachments without copying or disclosing
>>>>>> the contents. Thank you.
>>>>>> _______________________________________________
>>>>>> gnso-rds-pdp-wg mailing list
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> gnso-rds-pdp-wg mailing list
>>>>> gnso-rds-pdp-wg at icann.org
>>>>> <mailto:gnso-rds-pdp-wg at icann.org>
>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>>
>>>> --
>>>>
>>>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>>> Mit freundlichen Grüßen,
>>>> Volker A. Greimann
>>>> - Rechtsabteilung -
>>>> Key-Systems GmbH
>>>> Im Oberen Werk 1
>>>> 66386 St. Ingbert
>>>> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
>>>> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
>>>> Email: vgreimann at key-systems.net
>>>> <mailto:vgreimann at key-systems.net>
>>>> Web: www.key-systems.net <http://www.key-systems.net> /
>>>> www.RRPproxy.net <http://www.rrpproxy.net/>
>>>> www.domaindiscount24.com
>>>> <http://www.domaindiscount24.com> /
>>>> www.BrandShelter.com <http://www.brandshelter.com/>
>>>> Folgen Sie uns bei Twitter oder werden Sie unser Fan
>>>> bei Facebook:
>>>> www.facebook.com/KeySystems
>>>> <http://www.facebook.com/KeySystems>
>>>> www.twitter.com/key_systems
>>>> <http://www.twitter.com/key_systems>
>>>> Geschäftsführer: Alexander Siffrin
>>>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>>>> Umsatzsteuer ID.: DE211006534
>>>> Member of the KEYDRIVE GROUP
>>>> www.keydrive.lu <http://www.keydrive.lu>
>>>> Der Inhalt dieser Nachricht ist vertraulich und nur
>>>> für den angegebenen Empfänger bestimmt. Jede Form der
>>>> Kenntnisgabe, Veröffentlichung oder Weitergabe an
>>>> Dritte durch den Empfänger ist unzulässig. Sollte
>>>> diese Nachricht nicht für Sie bestimmt sein, so bitten
>>>> wir Sie, sich mit uns per E-Mail oder telefonisch in
>>>> Verbindung zu setzen.
>>>> --------------------------------------------
>>>> Should you have any further questions, please do not
>>>> hesitate to contact us.
>>>> Best regards,
>>>> Volker A. Greimann
>>>> - legal department -
>>>> Key-Systems GmbH
>>>> Im Oberen Werk 1
>>>> 66386 St. Ingbert
>>>> Tel.: +49 (0) 6894 - 9396 901 <tel:+49%206894%209396901>
>>>> Fax.: +49 (0) 6894 - 9396 851 <tel:+49%206894%209396851>
>>>> Email: vgreimann at key-systems.net
>>>> <mailto:vgreimann at key-systems.net>
>>>> Web: www.key-systems.net <http://www.key-systems.net> /
>>>> www.RRPproxy.net <http://www.rrpproxy.net/>
>>>> www.domaindiscount24.com
>>>> <http://www.domaindiscount24.com> /
>>>> www.BrandShelter.com <http://www.brandshelter.com/>
>>>> Follow us on Twitter or join our fan community on
>>>> Facebook and stay updated:
>>>> www.facebook.com/KeySystems
>>>> <http://www.facebook.com/KeySystems>
>>>> www.twitter.com/key_systems
>>>> <http://www.twitter.com/key_systems>
>>>> CEO: Alexander Siffrin
>>>> Registration No.: HR B 18835 - Saarbruecken
>>>> V.A.T. ID.: DE211006534
>>>> Member of the KEYDRIVE GROUP
>>>> www.keydrive.lu <http://www.keydrive.lu>
>>>> This e-mail and its attachments is intended only for
>>>> the person to whom it is addressed. Furthermore it is
>>>> not permitted to publish any content of this email. You
>>>> must not use, disclose, copy, print or rely on this
>>>> e-mail. If an addressing or transmission error has
>>>> misdirected this e-mail, kindly notify the author by
>>>> replying to this e-mail or contacting us by telephone.
>>>>
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>
>>>
>>> Content-Type: text/plain; charset="us-ascii"
>>> Content-Transfer-Encoding: 7bit
>>> Content-Disposition: inline
>>> X-Microsoft-Exchange-Diagnostics:
>>> 1;DM5PR03MB2714;27:hvd+12IHFEDC5zG2SFGJUI8wzX09iFX8918xshWCQo/rid5WRmWbOSDBecFyjNyKMeBpbcVirQ6f821KkUUeGsZynHEE1O0FFdMERWm0q/Vqwzdu+L9IxmvRP11LCIVh
>>> X-Microsoft-Antispam-Mailbox-Delivery:
>>> ex:0;auth:0;dest:I;ENG:(400001000128)(400125000095)(20160514016)(750103)(520002050)(400001001223)(400125100095)(61617095)(400001002128)(400125200095);
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>
>>
>> This body part will be downloaded on demand.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170926/c0a201df/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list