[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 6 February

Tue Feb 6 21:32:43 UTC 2018

Dear all,

Below please find notes from today's RDS PDP WG meeting.

To recap Action Items from today's call: https://community.icann.org/x/9wq8B

.        Action: Denny Watson, Kathy Kleiman, Bradley Silver, Greg Shatan,
Stephanie Perrin, Mason Cole, and Michael Palage all volunteer to post to
the full WG their position on phrasing "lawful" vs "legal" and rationale.
ALL WG members are encouraged to participate in this WG email discussion to
provide a foundation for reaching agreement.

.        Action: Use this week's poll to test support and rationale for
statement: "One criterion the WG will consider when determining whether a
purpose for processing is legitimate is whether the purpose is inherent to
the functionality of the DNS. This will not be the only criterion considered
and is not a requirement that all purposes must satisfy." 

.        Note: All WG members are encouraged to participate in this week's
poll before it closes COB Saturday 10 February.

Best regards,
Lisa

Action Items and Notes from RDS PDP WG Call - 6 February 2018

These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki.

1. Roll Call/SOI Updates

*	SOI Update from Klaus Stoll: Now also a Visiting Professor at Xi'an
Jiaotong-Liverpool University, Suzhou
*	Call Handout:
https://community.icann.org/download/attachments/79432439/Handout-6February-
RDSWGCall.pdf
*	Poll Results:
https://community.icann.org/download/attachments/79432439/AnnotatedResults-P
oll-from-30JanuaryCall.pdf

2. Discuss list of criteria that make purposes legitimate for processing

a. See GDPR definition of processing and Q2 poll results
<https://community.icann.org/download/attachments/79432439/AnnotatedResults-
Poll-from-30JanuaryCall.pdf?version=1&modificationDate=1517853136000&api=v2>

*	Q2 (criteria) was discussed last week, producing a revised possible
agreement polled on
*	Results for all variants of that possible agreement ranged from
56-41% support or could live with
*	After considering responses and comments, the leadership proposes
two possible agreements for WG consideration to address main concerns

Leadership-suggested Possible agreement #1

*	One main concern expressed in poll results: consistency with ICANN's
mission.
*	Long standing topic of discussion within community. Ultimately the
board interprets ICANN's mission and will do so  when considering any
recommended policies
*	Excerpts from ICANN's mission on slides 15-17 of Call Handout
<https://community.icann.org/download/attachments/79432439/Handout-6February
-RDSWGCall.pdf?version=1&modificationDate=1517891437000&api=v2> 
*	Given mixed poll responses that supported, opposed, and provided
alternatives to this criterion, the leadership proposed this as a possible
compromise:

*	Any purpose for processing registration data must be consistent with
ICANN's mission as it relates to RDS. Any recommended purpose must be
confirmed by the board with respect to consistency with ICANN's mission.

*	Comments and Questions:

*	Does "as it relates to the RDS" narrow scope of what falls within
ICANN's mission for the WG's deliberation?
*	How do WG members interpret this possible agreement - for example,
inclusion of access to registration data by law enforcement or fighting
cyber-issues?
*	Is the phrase "as it relates to RDS" redundant and subject to
misinterpretation?
*	Is the second sentence just trying to make people feel better or
does it open the WG's recommendations to reconsideration?
*	The Board cannot act outside of ICANN's mission so if there would be
a serious concern that this WG would be recommending anything that would be
outside of ICANN's mission, the Board would need to act accordingly.
*	Revised Possible agreement (based on comments thus far): Any purpose
for processing registration data must be consistent with ICANN's mission.
*	Is processing RDS data for purposes of DNS abuse investigation
(including by law enforcement) consistent with ICANN mission?  This is the
advantage of the "not inconsistent" language we discussed last week.
*	Why was the proposed agreement phrased in the way it was, and what
is lost by trimming the agreement?
*	The GAC certainly thinks that allowing DNS abuse investigation is
within scope of ICANN's mission.  (Which includes Germany the last time I
checked.)
https://www.icann.org/en/system/files/files/gdpr-comments-gac-icann-proposed
-compliance-models-29jan18-en.pdf
*	Several chat comments express a strong preference for "not
inconsistent with" instead of the proposed revised phrasing -- some do not
view the change from "not inconsistent" to "consistent" as a compromise, at
least without a clearer idea of how a criterion of "consistent with" would
be applied. 

Leadership-suggested Possible agreement #2

*	Another main concern express in poll results: whether criteria will
be applied using AND, OR, or AND/OR
*	Given mixed poll responses on this point, the leadership proposed
separating this out as a standalone criterion:

*	If applicable data protection laws require a legal basis for
processing, then any purpose must satisfy at least one legal basis for
processing.

*	Comments and Questions:

*	If applicable data protection laws require a legal basis for
processing, then any purpose must satisfy at least one legal basis for
processing.
*	Difference between "legal basis" and "lawful basis" - should
agreement be revised to "lawful basis" ?
*	Note: Art. 6 GDPR Lawfulness of processing: (1) Processing shall be
lawful only if and to the extent that at least one of the following applies
*	"legal basis" occurs several times in GDPR. E.g., Article 13: "Where
personal data relating to a data subject are collected from the data
subject, the controller shall, at the time when personal data are obtained,
provide the data subject with all of the following information: [...] the
legal basis for the processing"
*	The terms lawful and legal differ in that the former contemplates
the substance of law, whereas the latter alludes to the form of law. A
lawful act is authorized, sanctioned, or not forbidden by law. A legal act
is performed in accordance with the forms and usages of law, or in a
technical manner. Lawful legal definition of lawful - Legal Dictionary - The
Free Dictionary
*	Suggestion: evaluate "legal" and "lawful" as they apply to the
proposed change, to be reviewed by the group for next week -- because it
seems to be a substantive change with consequences
*	If (b) wording is not resolved then it is not possible to go through
each purpose to see if that purpose satisfies (b).
*	It depends on the lawfulness in the jurisdictions applicable to the
provider of the data (which includes applicability of the GDPR to foreign
providers when handling EU data subjects data)

Action: Denny Watson, Kathy Kleiman, Bradley Silver, Greg Shatan, Stephanie
Perrin, Mason Cole, and Michael Palage all volunteer to post to the full WG
their position on phrasing "lawful" vs "legal" and rationale. ALL WG members
are encouraged to participate in this WG email discussion to provide a
foundation for reaching agreement.

Criterion also addressed by last week's poll: "Inherent to the functionality
of the DNS"

*	Should this be tested as a separate criterion in this week's poll?
*	If so, how would the proposed agreement be phrased (as an AND or and
OR which applied to any purpose) -- that is, would EVERY purpose be required
to be inherent to the functionality of the DNS, or would SOME be legitimate
because they were inherent to the functionality of the DNS
*	What does "inherent to the functionality of the DNS" mean? Something
required for the DNS to function at all, or to function as intended (with
all the policies surrounding the DNS that have been created by ICANN)
*	Here are two examples from ICANN's mission from Bylaws Annexes G-1 &
G-2 that I do not believe are 'inherent to the functionality of the DNS':
prohibitions on warehousing of or speculation in domain names by registries
or registrars; reservation of registered names in a TLD that may not be
registered initially or that may not be renewed due to reasons reasonably
related to (i) avoidance of confusion among or misleading of users, (ii)
intellectual property, or (iii) the technical management of the DNS or the
Internet (e.g., establishment of reservations of names from registration).
*	We have issues that involve the workings of the Internet which you
could trace back (convoluted in some cases) to functionality of the DNS, but
other issues that involve just the actual characters themselves in their
relation to ability to use/not use that are completely unrelated to any
technical thing.  Those rights protections systems (UDRP and others)  rely
on RDS data for both rights holders AND registrants to protect their
respective interests.
*	One possible phrasing to test: One criterion the WG will consider
when determining whether a purpose for processing is legitimate is whether
the purpose is inherent to the functionality of the DNS. This will not be
the only criterion considered and is not a requirement that all purposes
must satisfy.
*	Note that the intent of "inherent to the functionality of the DNS"
was discussed at length during the 16 January call

Action: Use this week's poll to test support and rationale for statement:
"One criterion the WG will consider when determining whether a purpose for
processing is legitimate is whether the purpose is inherent to the
functionality of the DNS. This will not be the only criterion considered and
is not a requirement that all purposes must satisfy."

3. Discuss list of purposes for processing based on criteria - DEFERRED

4. Confirm agreements for polling & next steps

*	Action: Denny Watson, Kathy Kleiman, Bradley Silver, Greg Shatan,
Stephanie Perrin, Mason Cole, and Michael Palage all volunteer to post to
the full WG their position on phrasing "lawful" vs "legal" and rationale.
ALL WG members are encouraged to participate in this WG email discussion to
provide a foundation for reaching agreement.
*	Action: Use this week's poll to test support and rationale for
statement: "One criterion the WG will consider when determining whether a
purpose for processing is legitimate is whether the purpose is inherent to
the functionality of the DNS. This will not be the only criterion considered
and is not a requirement that all purposes must satisfy."

5. Confirm next meeting: Tuesday 13 February at 17:00 UTC

Meeting Materials: https://community.icann.org/x/9wq8B

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180206/a166c3a6/attachment-0001.html>