<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-2"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Grande";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Comic Sans MS";
panose-1:3 15 7 2 3 3 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML-ként formázott Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.hoenzb
{mso-style-name:hoenzb;}
span.HTML-kntformzottChar
{mso-style-name:"HTML-ként formázott Char";
mso-style-priority:99;
mso-style-link:"HTML-ként formázott";
font-family:Consolas;
color:black;}
span.E-mailStlus21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.E-mailStlus22
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=HU link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Dear All,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Totally agree with Stephanie, I would also add that every data processing must be fair and lawful and for every each data processing activity the data controller must have a valid legal base. Therefore as already emphasized since Marrakesh the definition of the purpose of data processing (which also means data collection) is the most important task of the WG. The WG should present – I think – a proposal which clearly defines the purpose of data processing of ICANN and made on behalf of/or following the instruction of ICANN and to clearly state whether they are lawful and to which legal base to choose for the processing (for certain purpose data controller=registrar, registries will face problems if using one or another legal base in certain part of the world or even for data coming from certain part of the world) . <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>If there are multiple purposes – I think – the WG should be able to demonstrate the same for every each of them. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>In all high level multi- and bilateral international treaties (ex: art 12 of Universal Declaration of Human Rights) and in 109 (!) countries’ national (current number of countries having data protection legislation, being Turkey the newest one) law all over the world the processing of personal data out of the purpose of for purposes which are illegal or unlawful or even unfair is strictly forbidden.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'>Peter<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>dr. Péter Kimpián<o:p></o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'><o:p> </o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>International Affairs and Public Relations Department<o:p></o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>National Authority for Data Protection and Freedom of Information<o:p></o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Address: H-1125 Budapest,<o:p></o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Szilágyi Erzsébet fasor 22/C.</span></i><span lang=EN-GB style='color:navy'><o:p></o:p></span></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Postal address: H-1530 Budapest, Pf.: 5.</span></i><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:navy'><o:p></o:p></span></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Tel: +36-1/391-1422<o:p></o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Fax: +36-1/3911410<o:p></o:p></span></i></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Email: <a href="mailto:kimpian.peter@naih.hu"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#0563C1'>kimpian.peter@naih.hu</span></a> </span></i><span lang=EN-GB style='color:navy'><o:p></o:p></span></p><p class=MsoNormal><i><span lang=EN-GB style='font-size:10.0pt;font-family:"Arial",sans-serif;color:navy'>Web address: <a href="http://www.naih.hu/"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:purple'>www.naih.hu</span></a></span></i><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>From:</span></b><span lang=EN-GB style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] <b>On Behalf Of </b>Stephanie Perrin<br><b>Sent:</b> Tuesday, May 10, 2016 4:16 AM<br><b>To:</b> gnso-rds-pdp-wg@icann.org<br><b>Subject:</b> Re: [gnso-rds-pdp-wg] [renamed] Key early questions<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p><span lang=EN-GB style='font-size:13.5pt;font-family:"Lucida Grande",serif'>Indeed, I agree whole heartedly. Registrars may collect what they need to do business, and are governed by relevant data protection law. However, what they collect, use, disclose, escrow, and retain as instructed by ICANN is clearly within our remit, and unless I am mistaken there is a certain crossover in the matter of data retention....if the registrars over collect metadata, they are instructed to retain it in the RAA so this may be an instance where we ought to be looking over their shoulders. The key question, from a data protection perspective is do they have a legitimate interest, as data controller, in collecting, using and disclosing it. The same applies to ICANN as data controller: do they have a legitimate interest in demanding through contract, as the data controller for the purposes of mandating data collection, use and disclosure as a condition of accreditation, the data listed in the RAA? And it is ICANN which concerns us.</span><span lang=EN-GB><o:p></o:p></span></p><p><span lang=EN-GB style='font-size:13.5pt;font-family:"Lucida Grande",serif'>Stephanie</span><span lang=EN-GB><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-GB>On 2016-05-09 20:49, Carlton Samuels wrote:<o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal><span lang=EN-GB style='font-family:"Comic Sans MS"'>Exactly! And we have a listing of the elements right there in the RAA.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='font-family:"Comic Sans MS"'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='font-family:"Comic Sans MS"'>This distinction has been made again and again in every fora I have attended on registration data. And all arguments/traige/decisions pertaining purposefulness, access and privacy pertain ONLY to those elements. <o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='font-family:"Comic Sans MS"'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-GB style='font-family:"Comic Sans MS"'>-Carlton<o:p></o:p></span></p></div></div><div><p class=MsoNormal><span lang=EN-GB><br clear=all><o:p></o:p></span></p><div><div><p class=MsoNormal><span lang=EN-GB><br>==============================<br>Carlton A Samuels<br>Mobile: 876-818-1799<br></span><i><span lang=EN-GB style='color:#33CC00'>Strategy, Planning, Governance, Assessment & Turnaround</span></i><span lang=EN-GB><br>=============================<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-GB>On Mon, May 9, 2016 at 12:41 AM, Alan Greenberg <<a href="mailto:alan.greenberg@mcgill.ca" target="_blank">alan.greenberg@mcgill.ca</a>> wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal><span lang=EN-GB>One small (but I think important) issue that has been bothering me since we started this WG.<br><br>When we talk about what data is being collected by registrars or registries, I think we need to be very careful in our wording. What we are interested in is what data is being collected (or should be collected in the future) MANDATED by ICANN agreements. What they collect on their own volition is not on our agenda (whether it is credit card information, your birth date so they can send you a gratuitous Happy Birthday wish, or your national identity number).</span><span lang=EN-GB style='color:#888888'><br><br><span class=hoenzb>Alan</span></span><span lang=EN-GB> <o:p></o:p></span></p><div><div><p class=MsoNormal><span lang=EN-GB><br><br>At 09/05/2016 12:12 AM, Kathy Kleiman wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal><span lang=EN-GB>Hi Chuck, Michele, Susan, David, and Lisa,<br>I think Holly has hit the nail on the head. At the outset, and before moving forward to any additional questions, we should evaluate:<br>1) what data is collected?<br>2) why is this data collected?<br>3) is this data the subject of data protection laws?<br><br>This is exactly the foundation and background that the subgroups have prepared for us - the Data Elements, Privacy law and Purpose subgroups. We now have the materials to enter into this analysis as a full WG in a constructive, informed and systematic way.<br><br>Marika recently shared these questions in the link she sent around summarizing our previous comments/ suggestions. Members from a range of SOs and ACs raised the need for the WG to reorder the questions to allow consideration of data elements, privacy frameworks and "purpose" upfront and early on. As you may remember, Scott Hollenbeck kicked off the discussion and many others joined in. <a href="https://community.icann.org/download/attachments/58730879/RDS-PDP-Phase1-ProposedWorkPlanChanges-16March2016.pdf">https://community.icann.org/download/attachments/58730879/RDS-PDP-Phase1-ProposedWorkPlanChanges-16March2016.pdf</a>. When we checked with members of Charter Team in Marrakech, they blessed the idea that we as a WG should choose our own order for the questions - as long as we cover them all, they would be happy.<br><br>Accordingly, why would we launch into secondary purposes first? Rephrased, why would we consider all of the "possible requirements" of a directory service when we as a WG have not yet undertaken the basic analysis of what data is collected, for what primary purpose, and under what privacy laws and frameworks we should be analyzing the data? This seems totally like putting the cart before the horse.<br><br>Best,<br>Kathy<br><br><br>On 5/7/2016 4:22 PM, Holly Raiche wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB>Thanks Lisa<br><br>What the data group has been exploring is just what data is actually collected by registries/registrars.<br><br>I realise that the original Charter questions were framed around gTLD registration data - the 'Whois' data that must be made public under the 2013 RAA. But what the data group has identified is that there is more data in question than just the 'Whois' data. Yet these questions are framed around the gTLD data.<br><br>Somewhere, there should be a question - or something - that suggests that the Charter questions should go further to at least consider what data is collected and why, and whether it should be the subject of data protections.<br><br>Thanks<br><br>Holly<br><br><br>On 8 May 2016, at 2:57 am, Lisa Phifer <<a href="mailto:lisa@corecom.com">lisa@corecom.com</a>> wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal><span lang=EN-GB>Dear all,<br><br>A reminder that PDP WG feedback if any on the attached early outreach message is due no later than tomorrow - Sunday 8 May 23.59 UTC.<br><br>Best, Lisa<br><br>At 12:07 PM 5/3/2016, Lisa Phifer wrote:<o:p></o:p></span></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal><span lang=EN-GB>Dear all,<br><br>As agreed during today's WG call, attached please find a slightly revised draft input template to solicit early input from ICANN SOs/ACs and GNSO SG/Cs. This is the template discussed in today's WG call.<br><br>Remember, there will be many opportunities for community input throughout this PDP. The attached input template is to be used to initiate the early outreach required of every PDP to inform the WG at the start of its work. The template is a tool used successfully by other PDP WG's to solicit structured input, along with any additional input each group wishes to provide.<br><br>WG member feedback on this draft input template is welcome: please send any feedback to the entire WG list <<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>> no later than Sunday 8 May 23.59 UTC.<br><br>Our goal is to send the final version of this template to initiate early outreach next week.<br><br>Best, Lisa<br><br><br>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></p></blockquote><p class=MsoNormal><span lang=EN-GB><RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></p></blockquote><p class=MsoNormal><span lang=EN-GB>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></p></blockquote><p class=MsoNormal><span lang=EN-GB><br>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></p></blockquote><p class=MsoNormal><span lang=EN-GB><br>_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></p></div></div></blockquote></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-GB><br><br><br><o:p></o:p></span></p><pre><span lang=EN-GB>_______________________________________________<o:p></o:p></span></pre><pre><span lang=EN-GB>gnso-rds-pdp-wg mailing list<o:p></o:p></span></pre><pre><span lang=EN-GB><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><o:p></o:p></span></pre><pre><span lang=EN-GB><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></span></pre></blockquote><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p></div></body></html>