<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br><br>Sent from my iPhone</div><div><br>On Mar 22, 2017, at 09:14, Ayden Férdeline <<a href="mailto:icann@ferdeline.com">icann@ferdeline.com</a>> wrote:<br><br></div><blockquote type="cite"><div><blockquote class="protonmail_quote" type="cite"><div>The legal review previously discussed seemed pretty clear. What data protection law requires changes greatly if data elements are optional and/or can be masked. <br></div><div><br></div><div>Facebook doesn't have to consider every piece of information it collects and each field because all of them are optional. <br></div></blockquote><div><br></div><div><div>Yes, it is different when data elements are truly optional and data subjects provide their explicit, informed consent for their personally-identifiable information to be collected and processed by known entities. <br></div><div><br></div><div>However, consent is not a magic bullet. We will still need to address the point raised last week - that we separate what data is collected from discussions around how data is processed or released - and we will need to discuss how consent can inappropriately legitimise processing restricted by law, and the cross-border transfers of data in the absence of adequate safeguards. Meaningful consent also entails the right to revoke that consent; the right to erasure.<br></div></div><div><br></div><blockquote class="protonmail_quote" type="cite"><div><div>For instance, we can't say DP laws say we don't need phone number and can't collect it if we aren't considering consent and whether its an option or requirement. <br></div></div></blockquote><div><div><br></div><div>As a general rule, I would think that if one is reasonably confident that a data subject would not grant their consent for their data to be collected or processed in a certain way, that should be a warning sign to reconsider whether that data should really be collected or processed in the first place…<br><br></div></div></div></blockquote><div>But some WOULD publish it and that's the point. I have no problem with my corp number on my domain records because people have called me to resolve issues. </div><div><br></div><div>Making most of the fields optional/maskable means we don't have to adopt a one-size fits all approach. </div><div><br></div><br><blockquote type="cite"><div><div><div>Best wishes,</div></div><div><br></div><div class="protonmail_signature_block "><div class="protonmail_signature_block-user "><div>Ayden Férdeline<br></div><div><a title="http://www.linkedin.com/in/ferdeline" href="http://www.linkedin.com/in/ferdeline">linkedin.com/in/ferdeline</a><br></div></div><div class="protonmail_signature_block-proton protonmail_signature_block-empty"><br></div></div><div><br></div><blockquote type="cite" class="protonmail_quote"><div>-------- Original Message --------<br></div><div>Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"<br></div><div>Local Time: 22 March 2017 1:46 PM<br></div><div>UTC Time: 22 March 2017 13:46<br></div><div>From: <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br></div><div>To: David Cake <<a href="mailto:dave@davecake.net">dave@davecake.net</a>><br></div><div><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br></div><div><br></div><div>The legal review previously discussed seemed pretty clear. What data protection law requires changes greatly if data elements are optional and/or can be masked. <br></div><div><br></div><div>Facebook doesn't have to consider every piece of information it collects and each field because all of them are optional. <br></div><div><br></div><div>We very clearly DO need to consider whether fields are optional and/or they can be masked if we are going to consider data protection laws as a requirement. <br></div><div><br></div><div><div>For instance, we can't say DP laws say we don't need phone number and can't collect it if we aren't considering consent and whether its an option or requirement. <br></div><div><br></div><div>Sent from my iPhone<br></div></div><div><div><br></div><div>On Mar 22, 2017, at 04:02, David Cake <<a rel="noreferrer nofollow noopener" href="mailto:dave@davecake.net">dave@davecake.net</a>> wrote:<br></div></div><blockquote type="cite"><div><div>I agree with Stephanie strongly here.<br></div><div class="">Free privacy services and similar might make a lot of the practical design issues go away, or might not, But I think that is an issue for Phase 2, in which we construct what a new RDS looks like (presuming we conclude that one is needed). <br></div><div class=""><br></div><div class="">Phase 1 concentrates on fundamental requirements, and knowing which data elements we collect and why is necessary, even if that data is not generally made available to the public. Ant this will impact data protection law even if the data that is collected and retained is not widely accessible. Even if we decided that certain data was only accessible with a warrant, we would still need to justify collecting it. <br></div><div class=""><br></div><div class="">Regards<br></div><div class=""><br></div><div class=""><span class="Apple-tab-span" style="white-space:pre"></span>David<br></div><div class=""><div><br></div><div><blockquote type="cite" class=""><div class="">On 22 Mar 2017, at 3:49 am, Stephanie Perrin <<a rel="noreferrer nofollow noopener" href="mailto:stephanie.perrin@mail.utoronto.ca" class="">stephanie.perrin@mail.utoronto.ca</a>> wrote:<br></div><div><br></div><div class=""><div bgcolor="#FFFFFF" class=""><p class=""><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:"Lucida Grande"">Indeed, the WHOIS
disclosure instrument may be the thing that sticks in
everybody's mind, but it is not the first place to start in
addressing a comprehensive approach to RDS privacy. First you
have to address why you are collecting each data element. Is
the core purpose justifiable and proportionate? etc, we spent
an hour on it with Mr. Canatacci and we are not done yet....</span></span><br></p><p class=""><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:"Lucida Grande"">Yes, privacy proxy
services have been the stop gap over the years. The data is
still being collected without a clear statement of purpose,
disclosed in a variety of ways that may not pass muster, retained
in violation of at least EU law and likely others, data subject
access and disclosure rights inadequately addressed......</span></span><br></p><p class=""><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:"Lucida Grande"">Lets wait till we get
our answers to the questions before we start discussing
possible solutions. I think we are jumping ahead quite a bit.</span></span><br></p><p class=""><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:"Lucida Grande"">Stephanie Perrin</span></span><br></p><div><br></div><div class="moz-cite-prefix">On 2017-03-21 15:18, allison nixon
wrote:<br></div><blockquote type="cite" class=""><div dir="ltr" class="">I find myself in agreement with the free whois
privacy idea. It renders a lot of these privacy concerns moot,
and it isn't a big leap to make because many registrars already
offer it for free. It also won't break the many security systems
used by companies and law enforcement every day. It will also
resolve the spam issue. And it does seem that giving users a
true, zero-cost, choice as to how they want their data
disseminated will resolve a lot of the legal issues as well.<br></div><div class="gmail_extra"><div><br></div><div class="gmail_quote"><div>On Tue, Mar 21, 2017 at 3:06 PM, John
Bambenek via gnso-rds-pdp-wg <span dir="ltr" class=""><<a rel="noreferrer nofollow noopener" href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a>></span> wrote:<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div>And part
of the "if so" includes whether the individual chooses to
protect it in some free privacy regime. It's the same
question.<br></div><div><br></div><div>Its why Twitter can exist. If you post publicly knowing you
are doing so and having a true choice, then privacy issues
become greatly reduced.<br></div><div><br></div><div>Here we have (1) you MUST provide "all this stuff" and (2)
you MUST pay extra or we broadcast it to the world.<br></div><div><br></div><div>It isn't an ancillary question. Its the fundamental one.<br></div><div><br></div><div>Sent from my iPhone<br></div><div><br></div><div class="HOEnZb"><div class="h5"><div><br></div><div>> On Mar 21, 2017, at 13:55, "<a rel="noreferrer nofollow noopener" href="mailto:ajs@anvilwalrusden.com" class="">ajs@anvilwalrusden.com</a>"
<<a rel="noreferrer nofollow noopener" href="mailto:ajs@anvilwalrusden.com" class="">ajs@anvilwalrusden.com</a>>
wrote:<br></div><div>><br></div><div>>> On Tue, Mar 21, 2017 at 01:22:18PM -0500, John
Bambenek wrote:<br></div><div>>> I think we should also discuss at a higher
level that if privacy services were free from the
registrars if that would largely resolve all of this.<br></div><div>><br></div><div>> I don't see how. The experts last week were quite
clear that the<br></div><div>> first question is about collection, and our PDP is
chartered to talk<br></div><div>> about that too, so we have to discuss whether some
of this data should<br></div><div>> be collected at all, and if so by whom.<br></div><div>><br></div><div>> A<br></div><div>><br></div><div>> --<br></div><div>> Andrew Sullivan<br></div><div>> <a rel="noreferrer nofollow noopener" href="mailto:ajs@anvilwalrusden.com" class="">ajs@anvilwalrusden.com</a><br></div><div>> ______________________________<wbr class="">_________________<br></div><div>> gnso-rds-pdp-wg mailing list<br></div><div>> <a rel="noreferrer nofollow noopener" href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br></div><div>> <a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer nofollow noopener" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><br></div><div><br></div><div>______________________________<wbr class="">_________________<br></div><div>gnso-rds-pdp-wg mailing list<br></div><div><a rel="noreferrer nofollow noopener" href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br></div><div><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer nofollow noopener" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><br></div></div></div></blockquote></div><div><br></div><div><br></div><div class=""><br></div><div>--<br></div><div><br></div><div class="gmail_signature" data-smartmail="gmail_signature"><div>_________________________________<br></div><div>Note to self: Pillage BEFORE burning.<br></div></div></div><div><br></div><div><br></div><pre wrap="" class="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a rel="noreferrer nofollow noopener" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a rel="noreferrer nofollow noopener" class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></pre></blockquote><div><br></div></div><div>_______________________________________________<br></div><div>gnso-rds-pdp-wg mailing list<br></div><div><a rel="noreferrer nofollow noopener" href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br></div><div><a rel="noreferrer nofollow noopener" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></div></div></blockquote></div></div></div></blockquote><blockquote type="cite"><div><div><span>_______________________________________________</span><br></div><div><span>gnso-rds-pdp-wg mailing list</span><br></div><div><span><a rel="noreferrer nofollow noopener" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a></span><br></div><div><span><a rel="noreferrer nofollow noopener" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span><br></div></div></blockquote></blockquote><div><br></div></div></blockquote></body></html>