<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">Exactly.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">SP</font></font><br>
</p>
<br>
<div class="moz-cite-prefix">On 2017-06-01 10:47, Dotzero wrote:<br>
</div>
<blockquote
cite="mid:CAJ4XoYd3xTgs5EPjzVUowKWF4vh3X9MPbSJ30WiVhb9Upk=bAA@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div>The issue you raise is addressed simply enough by requiring
a privacy disclosure be displayed at the time of domain
registration. This requirement can be incorporated into the
ICANN registry agreements. Note that this does not resolve the
issue for CC domains.<br>
<br>
</div>
Michael Hammer<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jun 1, 2017 at 10:43 AM,
Stephanie Perrin <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:stephanie.perrin@mail.utoronto.ca"
target="_blank">stephanie.perrin@mail.utoronto.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">I certainly
agree that if people enter personal information as
part of their DNS registration or their motor
vehicle licence registration, it is done with
implied consent... as long as there is sufficient
information to permit them to understand just how
the data is being used and where it is going.
However, as I tried to say with respect to
registering a domain name, I really don't think the
average non-expert citizen who might want to
register a domain name would get enough information
to truly understand how far his/her information
goes, and how difficult it is to get it removed once
it has appeared in the public record. We should
build this system so that everyone understands it,
not just the experts.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers
Stephanie</font></font><br>
</p>
<div>
<div class="h5"> <br>
<div class="m_2166171403518111352moz-cite-prefix">On
2017-06-01 05:18, jonathan matkowsky wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Stephanie,<br>
<div><font face="tahoma, sans-serif"><br>
</font></div>
<div><font face="tahoma, sans-serif">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline">I
agree with you that we should not conflate
collection limitation principles with
openness principles.</div>
</font></div>
<div><font face="tahoma, sans-serif">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline"><br>
</div>
</font></div>
<div><font face="tahoma, sans-serif">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline">I
respectfully disagree with most of what you
wrote in the first paragraph of your post
script. </div>
</font><font face="tahoma, sans-serif">
<div class="gmail_default"
style="display:inline">Here we are talking
about users potentially entering personal or
pseudonymous information when they are not
being asked for it (nor is it required) to
begin with, and it is not required for
purposes of which it's being collected.
That is the</div>
</font>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">scope</div>
of what needs to be assessed
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">if
at all and how the scope needs to be</div>
defined from the beginning
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline">
if you were to conduct a PIA</div>
.
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">
</div>
</div>
<div><span style="font-family:tahoma,sans-serif">
<div class="gmail_default"
style="display:inline"><br>
</div>
</span></div>
<div><span style="font-family:tahoma,sans-serif">
<div class="gmail_default"
style="display:inline"></div>
</span><span
style="font-family:tahoma,sans-serif">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline"> </div>
</span><span
style="font-family:tahoma,sans-serif">
<div class="gmail_default"
style="display:inline">Personal information
is not being used or intended to be used
just because a person decides to enter
personal information into a field. </div>
</span>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline"></div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">The
example of how you can combine databases to
re-identify a person based on the SOA record
is the equivalent of protecting domain names
as personal information because a person </div>
<span style="font-family:tahoma,sans-serif">can
register their driver's license
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline">
or name and date of birth</div>
as a domain name.</span>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline"> </div>
<span style="font-family:tahoma,sans-serif">I
would argue no PIA should be required </span>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">as
a result </div>
<span style="font-family:tahoma,sans-serif">even
in accordance even with best practices.</span>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline"> </div>
A PIA needs to be conducted in a manner that is
commensurate with the level of privacy risk
identified
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">. </div>
</div>
<div><span style="font-family:tahoma,sans-serif"> </span></div>
<div>
<div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline">I
respectfully disagree with you that thin
data is personal. We are talking about
identifiers (codes or strings that represent
an individual or device). Many labels can
be used to point to individuals. Some are
precise and most, imprecise or vague.
There's no question that an IP address is a
device identifier. Device IDs, MAC
addresses can be a source for user
tracking. But </div>
<span style="font-family:tahoma,sans-serif">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline">i</div>
</span>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline">dentifiers
can be strong or weak depending on how
precise they are as well as the context. It
cannot be measured without taking
linkability into consideration. For that
reason, name servers are not the same as IP
addresses or MAC addresses any more so than
the existence of a domain name is an
identifier. If a person chooses to use
identifiable information when it is not
being asked for or required for purposes of
which the data is being collected, that does
that mean we need to classify all the data
according to that unlikely scenario. Those
setting up their own DNS would be relatively
speaking, sophisticated Internet users that
presumably know the basics of how DNS
operates in any case, so by entering the
information in that way, they are choosing
to customize their DNS in a personal way
similar to a person that chooses to show
personal information on their license plate
number. </div>
</div>
<div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;display:inline"><br>
</div>
</div>
<div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small">I
know that the motor vehicle registry is
restricted now in most places so that you
would need a subpoena to get that kind of
personal information. This is also true of
an IP address though and IP providers. The
fact is a person can put their name and date
of birth on a license plate if they want to
customize it. And then they get on the road.
That does not mean the license plate numbers
are all personal information. It's
pseudonymous data. It is true that it is a
stronger identifier than an IP address
insofar as if you subpoena the motor vehicle
registry operator, you will get the personal
information behind that license plate
number. If you subpoena the ISP, you MIGHT
get the personal information depending on
the nature of the IP address. It's still
true that to drive a car, you need to show
your license plate number on the vehicle. </div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small">I
would argue that thin Whois data is
pseudonymous or personal data to the same
extent that a person can choose to <u>customize</u>
a license plate if they want to, and put
personal or psuedonymous data into fields
<div class="gmail_default"
style="display:inline">for which the data
being collected does not ask for or
require them to do so. </div>
<div class="gmail_default"
style="display:inline"></div>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small">
<div class="gmail_default"
style="display:inline"><br>
</div>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small">
<div class="gmail_default"
style="display:inline">A</div>
person can register their driver's license
as a domain name.
<div class="gmail_default"
style="display:inline">They can use a
personal email in their SOA record, or
personal NS. </div>
Just because it's theoretically possible for
someone to enter pseudonymous (or even
personal) data into multiple databases when
they are not being asked for it, and those
combination of choices make it possible to
identify them, does not mean one of the sets
(Thin Whois) should be classified as
personal information subject to a PIA. </div>
</div>
<div><br>
</div>
<div class="gmail_extra">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;font-size:small;display:inline"></div>
<br clear="all">
<div>
<div
class="m_2166171403518111352gmail_signature">
<div dir="ltr">
<div>Jonathan Matkowsky,<br>
VP – IP & Brand Security<br>
USA:: <a moz-do-not-send="true"
href="tel:%28347%29%20467-1193"
value="+13474671193" target="_blank">1.347.467.1193</a>
| Office:: <a moz-do-not-send="true"
href="tel:+972%208-926-2766"
value="+97289262766" target="_blank">+972-(0)8-926-2766</a><br>
Emergency mobile:: <a
moz-do-not-send="true"
href="tel:+972%2054-924-0831"
value="+972549240831"
target="_blank">+972-(0)54-924-0831</a><br>
Company Reg. No. 514805332 <br>
11/1 Nachal Chever, Modiin Israel<br>
<a moz-do-not-send="true"
href="http://www.riskiq.co.il"
target="_blank">Website</a><br>
RiskIQ Technologies Ltd. (wholly-owned
by RiskIQ, Inc.)</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, Jun 1, 2017
at 12:02 AM, Stephanie Perrin <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:stephanie.perrin@mail.utoronto.ca"
target="_blank">stephanie.perrin@mail.<wbr>utoronto.ca</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida
Grande">Your summary today was
great Andrew.</font></font></p>
<p><font size="+1"><font face="Lucida
Grande">I am not arguing about the
disclosure of thin data. We
already voted on unauthenticated
mandatory disclosure, weeks ago
(or at least it feels like weeks
ago). Lets please move on. We
are debating this yet again,
because people keep asking, is
thin data personal? </font></font><font
size="+1"><font face="Lucida Grande"><font
size="+1"><font face="Lucida
Grande"> [lots of people
missed the last call]</font></font>
The answer is yes (IMHO). Does
that mean it cannot be disclosed?
The answer is no. Does the
proportionality principle apply?
Yes. Have we already gone through
this? Yes. Can we come back to
it? Yes, but hopefully only if we
have to.....we will have to when
we get to data elements.</font></font><br>
</p>
cheers Stephanie<br>
<font size="+1">PS a fundamental problem
here is that people try to categorize
information that in their view should
be disclosed, as not personal
information. This fight has gone on
for years over IP address, for
instance. The important question is
not actually whether it is personal
data or not, it is "do you need to
disclose it to make things
work?"....and if the answer is yes
then you try to mitigate the
disclosure and try to keep it
minimized to what is absolutely
required. Hence the PIA, which should
employ both data minimization and the
test in the proportionality principle
as techniques to evaluate data
elements.<br>
A good and really simple example is a
phone number. IS it personal info?
(the telcos fought for years, trying
to claim they owned it and it was not
personal). Obviously it pertains to
you, people feel strongly that it is
personal (culturally relative of
course but...) and yet if noone ever
learns your number your phone won't
ever receive a call. That does not
mean you have to disclose it
everywhere.....only where necessary.
And it should mean that it does not
have to follow you everywhere, but
that is becoming increasingly hard to
manage....<br>
<br>
By the way, informed consent is not
the same as transparency
requirements. Transparency
requirements are exactly that....you
have to be transparent about what you
are doing with data. Let us not
conflate that with consent.<br>
<br>
I will quit now and stop trying to
answer questions. I would like to
humbly suggest, however, that we have
a real shortage of basic understanding
of how data protection law works and
is interpreted. If there is a data
protection law expert that folks might
listen to, we should hire that person
to advise us. It might save a lot of
time.<br>
<br>
<br>
</font>
<div
class="m_2166171403518111352gmail-m_7395020479003268935moz-cite-prefix">On
2017-05-31 16:00, Andrew Sullivan
wrote:<br>
</div>
<blockquote type="cite">
<pre>Hi,
On Wed, May 31, 2017 at 03:20:59PM -0400, Stephanie Perrin wrote:
</pre>
<blockquote type="cite">
<pre>That does not mean we need to protect it, it means we have to examine it in
terms of DP law. May I repeat the suggestion that Canatacci made in
Copenhagen in response to a question.....(I forget the precise question he
was asked, sorry). If you want to figure out whether you have to protect
something or not, do a privacy impact assessment.
</pre>
</blockquote>
<pre>As I think I've said more than once in this thread, I think we _have_
done that assessment and I think the answers are obvious and I think
therefore that there is nothing more to say about this principle in
respect of thin data:
- the data is either necessary for the operation of the system
itself or else necessary for distributed operation and
troubleshooting on the Internet.
- the data does not expose identifying information about anyone,
except in rather strained examples where the identifying
information is already completely available via other means.
What more is one supposed to do?
Best regards,
A
</pre>
</blockquote>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org"
target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>