<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Grande";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Isn’t consent always been acceptable for use and disclosure purposes? And doesn’t all of this have to be balanced with the public’s legitimate interest in transparency?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org]
<b>On Behalf Of </b>Stephanie Perrin<br>
<b>Sent:</b> Wednesday, January 25, 2017 2:33 PM<br>
<b>To:</b> nathalie coupet <nathaliecoupet@yahoo.com><br>
<b>Cc:</b> gnso-rds-pdp-wg@icann.org<br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg] Now open: 18 January Poll on Purpose<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">WHOIS at the moment is a phone book, and it is a phone book that arguably violates data protection law. The purpose of this pdp is to determine what the policy behind the RDS ought to be....not
just limp along with the vestigial WHOIS we inherited from Jon Postel. </span><o:p></o:p></p>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">The analogy with health data was to demonstrate that if the management of the DNS was in the hands of government, they would have public policy responsibilities, enforced in their parliaments
or legislatures, to take ALL views with due consideration (read with a grain of salt) and act in compliance with law and with their respective Constitutions and Charters. That was the point I was trying to make...we are in a multistakeholder environment where
stakeholders can influence policy to a greater extent, with no recourse to a higher authority to question the inclusion of perspectives that may not be agreed by others (eg. a Parliament). and I am aware that the list of exceptions for third party access is
long. But they are for release or sharing of data....they are not purposes of collection. In the cases of many of the government exceptions you list, those are releases or sharing agreements authorized by law, and subject to legal protection. They are not,
in most cases where there is a constitution in place that protects fundamental rights and due process, reasons for broader collection for those purposes. There are rare exceptions to that general principle, but by and large they are rare.</span><o:p></o:p></p>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">Apologies if that example was not sufficiently clear.</span><o:p></o:p></p>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">cheers Stephanie</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 2017-01-25 07:53, nathalie coupet wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Regarding the analogy with health data, the list of exceptions is long, when it comes to the application of data protection laws. For example, they do not apply in cases where public health and safety require it;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">For government research and statistics needs;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">In case of a law enforcement investigation;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">When the security of the President or other high ranking officials is at stake;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">When the data can be collected from other sources (such as the phone book);<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">When needed for legislative purposes;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">In case of a court order or other legal mandate;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">If the person giving the data does so willingly;<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">And data protection doesn't apply to second or all subsequent sharings. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">The truth is data protection is very loosely applied and is not meant to prevent law enforcement, legal processes from going their course. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">By gating all data, or reducing RDS to just a technician's tool, this would also break the economy of the Internet. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">WHOIS/RDS is also a phone book and as such, it protects the end-user by affording her and additional and important level of security. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Nowhere is it said that RDS is purely technical.<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">This is reductive view. <o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal">Nathalie<o:p></o:p></p>
</div>
<div id="AppleMailSignature">
<p class="MsoNormal"><br>
Sent from my iPhone<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Jan 25, 2017, at 6:56 AM, Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">Sorry, this discussion is important. Your example proves my point. What you show below is a disclosure. It is a disclosure of a limited set of data. we are not supposed to be talking about
disclosure at this point in our proceedings. I leave it to the experts on whether this is "thin" in the sense of the thick transition discussion, I really don't know because we are focused on gTLD policy here. My point is this is a disclosure. We do not
"collect" thin data per se, we collect a whole mess of mandatory data elements, as per the RAA. Then we generate a whole mess as part of activating and making real the domain's existence. Then we share (release) a small subset.
</span><o:p></o:p></p>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">So talking about collecting thin data is misleading in my view. Purpose of disclosing it is what we are in fact talking about. Calling it a purpose for collection opens the barn door.</span><o:p></o:p></p>
<p><span style="font-size:13.5pt;font-family:"Lucida Grande",serif">Stephanie</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 2017-01-25 06:46, Sam Lanfranco wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Thank you Michele, ( ignoring the spell check driven typo of "think" for "thick" (-: ). We should be able to put this "thin" discussion behind us.<br>
The "thin" discussion should have taken about 2 email exchanges. Here is CIRA's (thin) search for .ca domain names [disclosure: it is my domain name]<br>
<o:p></o:p></p>
<div>
<div id="ctl00_MainContent_ctlWhoisInformation_standardWhoIs">
<p class="MsoNormal"><span style="font-size:10.0pt;color:#660000">Domain name: <a href="http://artisanalpot.ca">
artisanalpot.ca</a><br>
Domain status: registered<br>
Creation date: 2016/12/14<br>
Expiry date: 2017/12/14<br>
Updated date: 2016/12/19<br>
DNSSEC: Unsigned<br>
Registrar:<br>
Name: Web Hosting Canada (7081936 Canada Inc.)<br>
Number: 5000080<br>
Name servers:<br>
<a href="http://ns1.whc.ca">ns1.whc.ca</a> 173.209.49.178<br>
<a href="http://ns2.whc.ca">ns2.whc.ca</a> 198.245.53.176<br>
<a href="http://ns3.whc.ca">ns3.whc.ca</a> 198.245.61.86<br>
% WHOIS look-up made at 2017-01-25 11:32:24 (GMT)<br>
% Use of CIRA's WHOIS service is governed by the Terms of Use in its Legal<br>
% Notice, available at <a href="http://www.cira.ca/legal-notice/?lang=en">http://www.cira.ca/legal-notice/?lang=en</a>
<br>
% (c) 2017 Canadian Internet Registration Authority, (<a href="http://www.cira.ca/">http://www.cira.ca/</a>)</span><br>
<br>
Nothing private is disclosed and LEA would have to resort to legal means to get to what is in the "thick" data set.
<br>
There are no ICANN policy issues here.<br>
<br>
Sam L <<a href="http://artisanalpot.ca">artisanalpot.ca</a>> (-: <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><o:p></o:p></p>
</div>
</blockquote>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>