<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>The legal review previously discussed seemed pretty clear. What data protection law requires changes greatly if data elements are optional and/or can be masked. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">Facebook doesn't have to consider every piece of information it collects and each field because all of them are optional. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">We very clearly DO need to consider whether fields are optional and/or they can be masked if we are going to consider data protection laws as a requirement. </div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature">For instance, we can't say DP laws say we don't need phone number and can't collect it if we aren't considering consent and whether its an option or requirement. <br><br>Sent from my iPhone</div><div><br>On Mar 22, 2017, at 04:02, David Cake <<a href="mailto:dave@davecake.net">dave@davecake.net</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html charset=us-ascii">I agree with Stephanie strongly here.<div class="">Free privacy services and similar might make a lot of the practical design issues go away, or might not, But I think that is an issue for Phase 2, in which we construct what a new RDS looks like (presuming we conclude that one is needed). </div><div class=""><br class=""></div><div class="">Phase 1 concentrates on fundamental requirements, and knowing which data elements we collect and why is necessary, even if that data is not generally made available to the public. Ant this will impact data protection law even if the data that is collected and retained is not widely accessible. Even if we decided that certain data was only accessible with a warrant, we would still need to justify collecting it. </div><div class=""><br class=""></div><div class="">Regards</div><div class=""><br class=""></div><div class=""><span class="Apple-tab-span" style="white-space:pre">        </span>David</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 22 Mar 2017, at 3:49 am, Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca" class="">stephanie.perrin@mail.utoronto.ca</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class=""><p class=""><font size="+1" class=""><font face="Lucida Grande" class="">Indeed, the WHOIS
disclosure instrument may be the thing that sticks in
everybody's mind, but it is not the first place to start in
addressing a comprehensive approach to RDS privacy. First you
have to address why you are collecting each data element. Is
the core purpose justifiable and proportionate? etc, we spent
an hour on it with Mr. Canatacci and we are not done yet....</font></font></p><p class=""><font size="+1" class=""><font face="Lucida Grande" class="">Yes, privacy proxy
services have been the stop gap over the years. The data is
still being collected without a clear statement of purpose,
disclosed in a variety of ways that may not pass muster, retained
in violation of at least EU law and likely others, data subject
access and disclosure rights inadequately addressed......</font></font></p><p class=""><font size="+1" class=""><font face="Lucida Grande" class="">Lets wait till we get
our answers to the questions before we start discussing
possible solutions. I think we are jumping ahead quite a bit.</font></font></p><p class=""><font size="+1" class=""><font face="Lucida Grande" class="">Stephanie Perrin</font></font><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">On 2017-03-21 15:18, allison nixon
wrote:<br class="">
</div>
<blockquote cite="mid:CACLR7w+RmDFk+60MbuTwqrLGTV11OxO6sX5tTYDB=xOYjRyFkg@mail.gmail.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252" class="">
<div dir="ltr" class="">I find myself in agreement with the free whois
privacy idea. It renders a lot of these privacy concerns moot,
and it isn't a big leap to make because many registrars already
offer it for free. It also won't break the many security systems
used by companies and law enforcement every day. It will also
resolve the spam issue. And it does seem that giving users a
true, zero-cost, choice as to how they want their data
disseminated will resolve a lot of the legal issues as well.</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On Tue, Mar 21, 2017 at 3:06 PM, John
Bambenek via gnso-rds-pdp-wg <span dir="ltr" class=""><<a moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" class="">gnso-rds-pdp-wg@icann.org</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">And part
of the "if so" includes whether the individual chooses to
protect it in some free privacy regime. It's the same
question.<br class="">
<br class="">
Its why Twitter can exist. If you post publicly knowing you
are doing so and having a true choice, then privacy issues
become greatly reduced.<br class="">
<br class="">
Here we have (1) you MUST provide "all this stuff" and (2)
you MUST pay extra or we broadcast it to the world.<br class="">
<br class="">
It isn't an ancillary question. Its the fundamental one.<br class="">
<br class="">
Sent from my iPhone<br class="">
<div class="HOEnZb">
<div class="h5"><br class="">
> On Mar 21, 2017, at 13:55, "<a moz-do-not-send="true" href="mailto:ajs@anvilwalrusden.com" class="">ajs@anvilwalrusden.com</a>"
<<a moz-do-not-send="true" href="mailto:ajs@anvilwalrusden.com" class="">ajs@anvilwalrusden.com</a>>
wrote:<br class="">
><br class="">
>> On Tue, Mar 21, 2017 at 01:22:18PM -0500, John
Bambenek wrote:<br class="">
>> I think we should also discuss at a higher
level that if privacy services were free from the
registrars if that would largely resolve all of this.<br class="">
><br class="">
> I don't see how. The experts last week were quite
clear that the<br class="">
> first question is about collection, and our PDP is
chartered to talk<br class="">
> about that too, so we have to discuss whether some
of this data should<br class="">
> be collected at all, and if so by whom.<br class="">
><br class="">
> A<br class="">
><br class="">
> --<br class="">
> Andrew Sullivan<br class="">
> <a moz-do-not-send="true" href="mailto:ajs@anvilwalrusden.com" class="">ajs@anvilwalrusden.com</a><br class="">
> ______________________________<wbr class="">_________________<br class="">
> gnso-rds-pdp-wg mailing list<br class="">
> <a moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class="">
> <a moz-do-not-send="true" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><br class="">
<br class="">
______________________________<wbr class="">_________________<br class="">
gnso-rds-pdp-wg mailing list<br class="">
<a moz-do-not-send="true" href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class="">
<a moz-do-not-send="true" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
<br clear="all" class="">
<div class=""><br class="">
</div>
-- <br class="">
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br class="">
Note to self: Pillage BEFORE burning.</div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br class="">
</div>
_______________________________________________<br class="">gnso-rds-pdp-wg mailing list<br class=""><a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class=""><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></div></blockquote></div><br class=""></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>gnso-rds-pdp-wg mailing list</span><br><span><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a></span><br><span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span></div></blockquote></body></html>