[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 30 January

[Lisa Phifer]

Dear all,

Below please find notes from today's RDS PDP WG meeting.

To recap Action Items from today's call: https://community.icann.org/x/8ge8B

Action: Chair to confirm change of VC on mailing list.

Proposed WG agreement (subject to revision and confirmation via poll): The
WG will use the following non-exhaustive list of criterion to determine if
any proposed purpose for processing registration data may be legitimate: (a)
The purpose must not be inconsistent with ICANN's mission, (d) The purpose
must be inherent to the functionality of the DNS, AND (x) The purpose must
satisfy at least one legal basis for processing as defined by data
protection laws.

Action: Leadership team to refine above proposed agreement to develop poll
about this point, along with repeat of Q3 from last week's poll, with
additional granularity, based on agreed criteria. WG members encouraged to
participate in poll no later than Saturday COB.

Best regards,
Lisa

 

Action Items and Notes from RDS PDP WG Call - 30 January 2018

These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki.

1. Roll Call/SOI Updates

*	Please mute when not speaking and give your name when speaking for
the transcript
*	SOI Updates:

*	Andrew Sullivan will be a member of the IETF Administrative
Oversight Committee starting at the IETF meeting in March
*	Chuck Gomes updated his SoI to reflect his support from Verisign
although he is no longer representing Verisign's interests or the RySG
*	Mason Cole has left Donuts and joined Perkins Coie

*	Confirm Alex Deacon as a member of the WG Leadership Team to replace
Susan.

Action: Chair to confirm change of VC on mailing list.

2. Discuss list of criteria that make purposes legitimate for processing

a. See GDPR definition of processing and Q2 poll results
<https://community.icann.org/download/attachments/79431666/CommentSummary-24
JanuaryPoll-v3.pdf?version=1&modificationDate=1517268227000&api=v2> 

*	Handout:
https://community.icann.org/download/attachments/79431666/Handout-30January-
RDSWGCall.pdf
*	Question 2 from last week's poll:
Do you support the proposed WG Agreement from last week: Criteria to be used
to determine whether any proposed purpose is legitimate for processing
registration data are: a) In support of ICANN's mission; b) A legitimate
interest pursued by the data controller; c) Necessary for the fulfillment of
a contract; d) Inherent to functionality of the DNS; e) In the public
interest; or f) Necessary for compliance with a legal obligation.
*	See GDPR definition on handout slide 3
<https://community.icann.org/download/attachments/79431666/Handout-30January
-RDSWGCall.pdf> 
*	Comment Summary:
https://community.icann.org/download/attachments/79431666/CommentSummary-24J
anuaryPoll-v3.pdf
*	Overall, 54% supported ALL listed criteria
*	Comment Summary shows level of support for each listed criteria,
ranging from 74 - 57%
*	Summary also shows level of explicit opposition to each listed
criteria
*	General Comments Discussion:

*	All are encouraged to review the AC recording or transcript of the
previous call to catch up before participating poll whenever possible - this
will improve efficiency of discussions
*	Does anyone disagree with the statement that this list of criteria
must be non-exhaustive?
*	Comments: Criteria should be fixed because ICANN's mission is fixed,
GDPR should apply to personal data collected in applicable jurisdictions, as
Internet evolves we may find that other data is needed so cannot be static,
"Valuable and useful to law enforcement" is not enough to mandate collection
- or another view: it is if that information is deemed important for
protecting the DNS. and confidence in it

Option a) In support of ICANN's mission

*	74% support, 1 person explicitly opposed this criteria
*	Comments about Option a:

*	Are a) AND d) the only valid criteria? No, they are required but
other reasons are valid as well
*	Do we need to examine all of the criteria before polling (as we did
on the last call)?
*	Show of hands show more disagreement than agreement at this stage of
discussion
*	Proposal: (a) would better be phrased as  "not inconsistent with
ICANN's mission"

*	Conclusion: Reasonably strong support for a) as one criteria for
determining whether a purpose is legimate for processing registration data
in some way.

 Option b) A legitimate interest pursued by data controller(s)

*	60% supported, 7 comments explicitly opposed this
*	Comments about Option b:

*	Not clear at this point precisely who the data controllers ARE
*	This shouldn't exclude legitimate interests of third parties or data
processors as enumerated by GDPR
*	This is a legal basis for processing not a criteria or a purpose
*	Why do we have criteria other than a) and d) or e)?
*	Are  "third parties" = "operators on the Internet not involved in
the registration of the domain name"
*	Is this a proxy discussion for how WG members view availability of
registration data?

*	Conclusion: Possible approach to simplify list without enumerating
all of the legal bases from GDPR:

*	The list of criteria could be [ a) plus d) ] plus a new criteria
that the purpose must satisfy at least one legal basis for processing as
defined by GDPR and other data protection laws (where a/d may be reworded)
*	Is a) a superset of d) - if so are both needed? They are not
exclusive.
*	What is the implication of AND or OR in the proposed WG agreement?
Would a purpose have to satisfy all 3 (AND) or just one (OR)?

 b. Determine next steps to reach agreement on criteria

Proposed WG agreement (subject to revision and confirmation via poll): The
WG will use the following non-exhaustive list of criterion to determine if
any proposed purpose for processing registration data may be legitimate: (a)
The purpose must not be inconsistent with ICANN's mission, (d) The purpose
must be inherent to the functionality of the DNS, AND (x) The purpose must
satisfy at least one legal basis for processing as defined by data
protection laws.

Action: Leadership team to refine above proposed agreement to develop poll
about this point, along with repeat of Q3 from last week's poll, with
additional granularity, based on agreed criteria. WG members encouraged to
participate in poll no later than Saturday COB.

3. Discuss list of purposes to determine which are legitimate for processing
based on criteria - DEFERRED TO NEXT WEEK

4. Confirm agreements for polling & next steps

Action: Chair to confirm change of VC on mailing list.

Proposed WG agreement (subject to revision and confirmation via poll): The
WG will use the following non-exhaustive list of criterion to determine if
any proposed purpose for processing registration data may be legitimate: (a)
The purpose must not be inconsistent with ICANN's mission, (d) The purpose
must be inherent to the functionality of the DNS, AND (x) The purpose must
satisfy at least one legal basis for processing as defined by data
protection laws.

Action: Leadership team to refine above proposed agreement to develop poll
about this point, along with repeat of Q3 from last week's poll, with
additional granularity, based on agreed criteria. WG members encouraged to
participate in poll no later than Saturday COB.

5. Confirm next meeting: Tuesday 6 February at 17:00 UTC

*	February call schedule Tuesdays @ 17:00 except for Wednesday Feb 21
@ 06.00

Meeting Materials: https://community.icann.org/x/8ge8B

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180130/30094137/attachment-0001.html>