<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">Folks<div><br></div><div>While I have a lot of sympathy for Peter’s questions, I’m not sure they are the right ones to ask.</div><div><br></div><div>ANY person/organisation that collects personal data is, under most data protection law, a collector of data and thus subject to rules about the collection, use and disclosure of that information. At its most basic, the issue that has faced ICANN for YEARS is whether the contracts that it has with registries and registrars are in conflict with data protection legislation that those registries/registrars are bound by.</div><div><br></div><div>So the issue is NOT whether ICANN is a law enforcement body or whatever. The issue is about its contracts - enforceable documents on the contracted parties - that potentially put registries/registrars in breach of their national law. The questions we are asking as a WG flow from that basic issue.</div><div><br></div><div>Holly<br><div><div>On 24 Jan 2017, at 12:53 am, Kimpian Peter <<a href="mailto:kimpian.peter@naih.hu">kimpian.peter@naih.hu</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000"><p>Dear All,</p><p><br>
</p><p>Adding to the purpose debate: usually it is common sense and
wiedly reckognised that we don't collect personal data just for
the sake of it or in bulk saying it will be good for one purpose
or another. Usually data controllers have the obligation to say
openly in advance this is why I am going to process (ie collect,
agregate, transfer, etc.) personal data. Being said that it can
not be excluded that those data will be used/accessed for "higher"
common good and for the benefit for all by another athorised data
controller. For example a telco company can if all conditions met
disclose (!) data it previously collected to law enforcement
agencies but this does not mean that the Telco compony can
collect, process etc data for law enforcement purpose...</p><p><br>
</p><p>My simple question to start with would be and always was: Is
ICANN a law enforcement body? Does ICANN have any power/competence
in fighting against crime? And it goes for other purposes as well:
Is ICANN an international trademark organisation? Etc...Is the
answer given to those questions is shared by all the community of
ICANN? In my sense we have to be sure that we answer first those
questions before deciding on possible purposes (which does not
mean that discloser of data on a case-by case base according to
international legal requirements will not be possible after this,
but those will be exceptions !!!)</p><p><br>
</p><p>Best regards,</p><p><br>
</p><p>Peter<br>
</p>
<div class="moz-cite-prefix">2017.01.22. 19:20 keltezéssel,
Stephanie Perrin írta:<br>
</div>
<blockquote cite="mid:83d4dea7-8fd4-8f9c-7cb6-b6ae0c8af6f8@mail.utoronto.ca" type="cite">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type"><p><font size="+1"><font face="Lucida Grande">I love your analogy
Shane, it is perfect. In data protection terms that would
be a use. For a legitimate purpose... sledding. There
might have to be repercussions if you cracked the
lid....that might be a data breach<span class="moz-smiley-s1"><span>:-)</span></span><br>
</font></font></p><p><font size="+1"><font face="Lucida Grande">I hate being a nit
picker and calling out this distinction between purpose of
collection as opposed to purpose for use and disclosure, but
it is extremely important in terms of data protection. Some
laws are more clear than others on the distinction, and you
are correct that if we are not careful DP laws will forbid
the collection and disclosure of the data. It is certainly
clear that for collection of thin data, there is ample
justification for collecting the info based on ICANN's
limited mandate. However adding law enforcement and other
similar website related investigative activities to the list
of legitimate purposes is in my view opening a barn door.
After a year of discussion we may understand the nuance,
that we are talking about thin data, etc etc but when the
fruits of our labours are published, it looks like we have
all agreed that law enforcement (eg) is a legitimate purpose
for collecting registration data. In my view, it is not.</font></font></p><p><font size="+1"><font face="Lucida Grande">cheers Stephanie</font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-01-22 04:03, Shane Kerr
wrote:<br>
</div>
<blockquote cite="mid:20170122170358.108dc2b8@pallas.home.time-travellers.org" type="cite">
<pre wrap="">Greg,
If we can say that not all legitimate purposes have to be catered for,
then I agree with you. :)
If we say that tracking down the registrar of a domain as part of
trademark research is a legitimate purpose, that does not mean that we
have to design the system for this purpose, right?
To try an analogy: We can recognize that using the plastic top of a
garbage can as a sled is legitimate, but we don't insist on designing
lids with sledding in mind.
Full disclosure: My own take on the "legitimate purpose" discussion
with regards to "thin data" is that we need *some* purpose for both
gathering and publishing the information, because otherwise privacy
laws may prohibit companies from gathering or publishing it. Luckily I
think that there are so many such purposes that the need for the
information is indisputable.
Jumping ahead... as I said in a prior call (sorry for missing ones since
then), I would prefer that the information is then allowed for any
purpose, without restriction, because otherwise you have to have not
only tiresome rules about what is allowed but also the Internet Police
to enforce those rules, which seems like a step towards Armageddon.
Given that we're still talking about "thin data", which is basically
just a pointer to a registrar who has *actual* data, my own
recommendation is not to stress too much. This stuff is only very, very
vaguely personally identifiable.
Cheers,
--
Shane
At 2017-01-21 14:51:29 -0500
Greg Shatan <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:gregshatanipc@gmail.com"><gregshatanipc@gmail.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I have to disagree. These are legitimate purposes for collection, as well
as for disclosure.
Greg
On Fri, Jan 20, 2017 at 7:02 PM, Stephanie Perrin <
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I filled it out, but I am afraid for most of the purposes I could not
agree. We do not *collect *data for many of those purposes. We disclose
it to people for those purposes, but the purpose of collecting those data
elements is not for tax collection, trademark enforcement actions, etc.
This is the conflation issue I have raised repeatedly.
Apologies if I did not make that point clear enough on the call.
Stephanie Perrin
On 2017-01-20 17:35, Gomes, Chuck wrote:
Please note that our current poll ends in about 24 hours. So far only 16
people have responded.
Chuck
*From:* <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a> [<a moz-do-not-send="true" class="moz-txt-link-freetext" href="mailto:gnso-rds-pdp-wg">mailto:gnso-rds-pdp-wg</a>-
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:bounces@icann.org">bounces@icann.org</a> <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg-bounces@icann.org"><gnso-rds-pdp-wg-bounces@icann.org></a>] *On Behalf Of *Lisa
Phifer
*Sent:* Wednesday, January 18, 2017 1:50 PM
*To:* RDS PDP WG <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a> <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:gnso-rds-pdp-wg@icann.org"><gnso-rds-pdp-wg@icann.org></a>
*Subject:* [EXTERNAL] [gnso-rds-pdp-wg] Now open: 18 January Poll on
Purpose
Dear all,
As directed in the 18 January WG call, this week's new Poll on Purpose is
now open for WG member participation:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.surveymonkey.com/r/SZX9QJZ">https://www.surveymonkey.com/r/SZX9QJZ</a>
A PDF of this poll's questions and notes/recordings of the meeting are
posted on the 18 January meeting page: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://community.icann.org/x/">https://community.icann.org/x/</a>
EbTDAw
This poll will close at *COB Saturday 21 January 2017*.
All WG members are encouraged to participate in this poll to help advance
deliberation and prepare for next week's meeting.
Best regards,
Lisa
_______________________________________________
gnso-rds-pdp-wg mailing <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:listgnso-rds-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">listgnso-rds-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
_______________________________________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
</blockquote>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div>
_______________________________________________<br>gnso-rds-pdp-wg mailing list<br><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</blockquote></div><br></div></body></html>