[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 24 January
Lisa Phifer
lisa at corecom.com
Wed Jan 24 07:50:15 UTC 2018
Dear all,
Below please find notes from today's RDS PDP WG meeting.
To recap Action Items from today's call: https://community.icann.org/x/RgByB
Proposed WG Agreement (to be confirmed by poll): Criteria to be used to
determine whether any proposed purpose is legitimate for processing
registration data are: a) In support of ICANN's mission; b) A legitimate
interest pursued by the data controller; c) Necessary for the fulfillment of
a contract; d) Inherent to functionality of the DNS; e) In the public
interest; or f) Necessary for compliance with a legal obligation.
Proposed WG Agreement (to be confirmed by poll): The following purposes for
processing registration data satisfy at least one of these criteria:
Technical Issue Resolution; Academic or Public Interest Research; Domain
Name Management; Individual Internet Use; Domain Name Certification; Domain
Name Purchase/Sale; ICANN Contractual Enforcement; Regulatory Enforcement;
Legal Actions; Criminal Activity/DNS Abuse Investigation; Criminal
Activity/DNS Abuse Notification; or Criminal Activity/DNS Abuse Reputation
(where "these criteria" refers to those listed in the other proposed WG
agreement, and "processing" assumes the GDPR definition).
Action Item: Confirm agreement on criteria with poll; all WG members are
encouraged to respond to the poll no later than COB Saturday 27 January.
Best regards,
Lisa
Action Items and Notes from RDS PDP WG Call - 24 January 2018
These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki.
1. Roll Call/SOI Updates
. Roll call taken from Adobe Connect
. Please mute your microphones when not speaking
. State your name before speaking for transcription purposes
2. Deliberate on list of criteria that make purposes legitimate for
processing
. Meeting Page: <https://community.icann.org/x/RgByB>
https://community.icann.org/x/RgByB
. Call Handout:
<https://community.icann.org/download/attachments/74580038/Handout-24January
-RDSWGCall-v2.pdf>
https://community.icann.org/download/attachments/74580038/Handout-24January-
RDSWGCall-v2.pdf
. GDPR definition of processing:
'processing' means any operation or set of operations which is performed on
personal data or on sets of personal data, whether or not by automated
means, such as collection, recording, organisation, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction;
. Noted that not every aspect of processing will apply to RDS - for
example, disclosure by transmission may not apply if transmissions are
encrypted, and transmission may involve trans-border transmission
. Question for discussion: How will we decide whether any proposed
purpose is legitimate for processing registration data?
. List of criteria in handout:
a) In support of ICANN's mission
b) A legitimate interest pursued by the data controller(s)
c) Necessary for the fulfillment of a contract
d) Inherent to functionality of the DNS
e) In the public interest
f) Necessary for compliance with a legal obligation
. It will be necessary to interpret how each of these criteria apply
to any possible purpose - for example, which contract and is the contract
lawful, what is the public interest, etc.
. No objections to proposed agreement voiced on the call - support to
be confirmed by poll
Proposed WG Agreement (to be confirmed by poll): Criteria to be used to
determine whether any proposed purpose is legitimate for processing
registration data are: a) In support of ICANN's mission; b) A legitimate
interest pursued by the data controller; c) Necessary for the fulfillment of
a contract; d) Inherent to functionality of the DNS; e) In the public
interest; or f) Necessary for compliance with a legal obligation.
Action Item: Confirm agreement on criteria with poll; all WG members are
encouraged to respond to the poll no later than COB Saturday 27 January.
3. Deliberate on list of purposes to determine which are legitimate for
processing based on criteria
. Question: Which purposes (if any) do NOT satisfy any (i.e., at
least one) of these criteria?
1) Technical Issue Resolution
2) Academic or Public Interest Research
3) Domain Name Management
4) Individual Internet Use
5) Domain Name Certification
6) Domain Name Purchase/Sale
7) ICANN Contractual Enforcement
8) Regulatory Enforcement
9) Legal Actions
10) Criminal Activity/DNS Abuse Investigation
11) Criminal Activity/DNS Abuse Notification
12) Criminal Activity/DNS Abuse Reputation
Proposed WG Agreement (to be confirmed by poll): The following purposes for
processing registration data satisfy at least one of these criteria:
Technical Issue Resolution; Academic or Public Interest Research; Domain
Name Management; Individual Internet Use; Domain Name Certification; Domain
Name Purchase/Sale; ICANN Contractual Enforcement; Regulatory Enforcement;
Legal Actions; Criminal Activity/DNS Abuse Investigation; Criminal
Activity/DNS Abuse Notification; or Criminal Activity/DNS Abuse Reputation
(where "these criteria" refers to those listed in the other proposed WG
agreement, and "processing" assumes the GDPR definition).
. Note the proposed WG Agreement refers to "processing" not just
collection
. Collection of data has only been agreed to date for the purposes of
Technical Issue Resolution and Domain Name Management
. We will need to examine each purpose and make recommendations about
registration necessary and collection of and/or access to that data for that
purpose
. For example, the GDPR says that public and academic research is a
reasonable purpose for disclosure..... [but not for collection]
. Concern: If the purpose of collection were to be broadened to
include all kinds of secondary processing, (e.g., law enforcement
investigations, academic research, consumer protection with respect to
business practices not related to the DNS), then the purpose (while
contestable in court, of course) could be used to justify further collection
of data and release of the same.
. How do PDP WG agreements relate to the three models put forward by
ICANN as emergency contractual measures to enable GDPR compliance?
. Any model chosen for GDPR compliance is a short-term emergency
measure; what the PDP WG produces will be consensus policy for a longer-term
RDS
. Need to include definition of "processing" assumed by these
proposed WG agreements, and to underline "processing" to make it clear the
agreement is not limited to collection
. Some (but not all) of these criteria may be justification for
collection - to be discussed in a future call
4. Confirm agreements for polling & next steps
Proposed WG Agreement (to be confirmed by poll): Criteria to be used to
determine whether any proposed purpose is legitimate for processing
registration data are: a) In support of ICANN's mission; b) A legitimate
interest pursued by the data controller; c) Necessary for the fulfillment of
a contract; d) Inherent to functionality of the DNS; e) In the public
interest; or f) Necessary for compliance with a legal obligation.
Proposed WG Agreement (to be confirmed by poll): The following purposes for
processing registration data satisfy at least one of these criteria:
Technical Issue Resolution; Academic or Public Interest Research; Domain
Name Management; Individual Internet Use; Domain Name Certification; Domain
Name Purchase/Sale; ICANN Contractual Enforcement; Regulatory Enforcement;
Legal Actions; Criminal Activity/DNS Abuse Investigation; Criminal
Activity/DNS Abuse Notification; or Criminal Activity/DNS Abuse Reputation
(where "these criteria" refers to those listed in the other proposed WG
agreement, and "processing" assumes the GDPR definition).
Action Item: Confirm agreement on criteria with poll; all WG members are
encouraged to respond to the poll no later than COB Saturday 27 January.
5. Confirm next meeting: Tuesday 30 January at 17:00 UTC
Meeting Materials: https://community.icann.org/x/RgByB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180124/02b0942c/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list