<div>Can you please sign off your emails with your name or initials? For some reason, many of the messages I receive from this list come from "RDS PDP WG" and do not affix the sender's name. Thank you.<br></div><div><br></div><div class="protonmail_signature_block "><div class="protonmail_signature_block-user "><div>Ayden Férdeline<br></div><div><a href="http://www.linkedin.com/in/ferdeline" title="http://www.linkedin.com/in/ferdeline">linkedin.com/in/ferdeline</a><br></div></div><div class="protonmail_signature_block-proton protonmail_signature_block-empty"><br></div></div><div><br></div><blockquote class="protonmail_quote" type="cite"><div>-------- Original Message --------<br></div><div>Subject: Re: [gnso-rds-pdp-wg] The principle for thin data (was Re: Principle on Proportionality for "Thin Data"access)<br></div><div>Local Time: June 1, 2017 5:52 PM<br></div><div>UTC Time: June 1, 2017 4:52 PM<br></div><div>From: gnso-rds-pdp-wg@icann.org<br></div><div>To: gnso-rds-pdp-wg@icann.org<br></div><div><br></div><div> <br></div><p>So you agree that you can educate your customers to make consent
possible? Good.<br></p><p>Now can we move on?<br></p><div><br></div><div class="moz-cite-prefix">On 6/1/2017 11:46 AM, Ayden Férdeline
wrote:<br></div><blockquote type="cite"><div>+1 Stephanie. The vast majority of people, if given the
appropriate information and time, are perfectly capable of
understanding a complex or technical issue. <br></div><div><br></div><div class="protonmail_signature_block "><div class="protonmail_signature_block-user "><div>Ayden Férdeline<br></div><div><a href="http://www.linkedin.com/in/ferdeline" title="http://www.linkedin.com/in/ferdeline" rel="noreferrer nofollow noopener">linkedin.com/in/ferdeline</a><br></div></div><div class="protonmail_signature_block-proton
protonmail_signature_block-empty"><br></div></div><div><br></div><blockquote class="protonmail_quote" type="cite"><div>-------- Original Message --------<br></div><div>Subject: Re: [gnso-rds-pdp-wg] The principle for thin data
(was Re: Principle on Proportionality for "Thin Data"access)<br></div><div>Local Time: June 1, 2017 3:40 PM<br></div><div>UTC Time: June 1, 2017 2:40 PM<br></div><div>From: <a href="mailto:stephanie.perrin@mail.utoronto.ca" class="moz-txt-link-abbreviated" rel="noreferrer nofollow noopener">stephanie.perrin@mail.utoronto.ca</a><br></div><div>To: jonathan matkowsky <a href="mailto:jonathan.matkowsky@riskiq.net" class="moz-txt-link-rfc2396E" rel="noreferrer nofollow noopener"><jonathan.matkowsky@riskiq.net></a><br></div><div>RDS PDP WG <a href="mailto:gnso-rds-pdp-wg@icann.org" class="moz-txt-link-rfc2396E" rel="noreferrer nofollow noopener"><gnso-rds-pdp-wg@icann.org></a><br></div><div><br></div><div><br></div><p><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:'Lucida Grande'">I
certainly agree that if people enter personal information
as part of their DNS registration or their motor vehicle
licence registration, it is done with implied consent...
as long as there is sufficient information to permit them
to understand just how the data is being used and where it
is going. However, as I tried to say with respect to
registering a domain name, I really don't think the
average non-expert citizen who might want to register a
domain name would get enough information to truly
understand how far his/her information goes, and how
difficult it is to get it removed once it has appeared in
the public record. We should build this system so that
everyone understands it, not just the experts.</span></span><br></p><p><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:'Lucida Grande'">cheers
Stephanie</span></span><br></p><div><br></div><div class="moz-cite-prefix">On 2017-06-01 05:18, jonathan
matkowsky wrote:<br></div><blockquote type="cite"><div dir="ltr"><div>Stephanie,<br></div><div><br></div><div><span class="font" style="font-family:tahoma, sans-serif"></span><br></div><div><span class="font" style="font-family:tahoma, sans-serif"><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default">I
agree with you that we should not conflate collection
limitation principles with openness principles.<br></div></span></div><div><span class="font" style="font-family:tahoma, sans-serif"><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default"><br></div></span></div><div><span class="font" style="font-family:tahoma, sans-serif"><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default">I
respectfully disagree with most of what you wrote in
the first paragraph of your post script. <br></div></span><span class="font" style="font-family:tahoma, sans-serif"><div style="display:inline" class="gmail_default">Here
we are talking about users potentially entering
personal or pseudonymous information when they are not
being asked for it (nor is it required) to begin with,
and it is not required for purposes of which it's
being collected. That is the<br></div></span><div> <br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default">scope<br></div><div> of what needs to be assessed <br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default">if
at all and how the scope needs to be<br></div><div> defined from the beginning<br></div><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default">if
you were to conduct a PIA<br></div><div>.<br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default"><br></div></div><div><span class="font" style="font-family:tahoma, sans-serif"><div style="display:inline" class="gmail_default"><br></div></span></div><div><span class="font" style="font-family:tahoma, sans-serif"><div style="display:inline" class="gmail_default"><br></div></span><span class="font" style="font-family:tahoma, sans-serif"><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default"> <br></div></span><span class="font" style="font-family:tahoma, sans-serif"><div style="display:inline" class="gmail_default">Personal
information is not being used or intended to be used
just because a person decides to enter personal
information into a field. <br></div></span><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default">The
example of how you can combine databases to re-identify
a person based on the SOA record is the equivalent of
protecting domain names as personal information because
a person <br></div><span class="font" style="font-family:tahoma, sans-serif"><div>can register their driver's license <br></div><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default">or
name and date of birth<br></div><div>as a domain name.<br></div></span><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default"> <br></div><div><span class="font" style="font-family:tahoma, sans-serif">I would argue no PIA should be required </span> <br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default">as
a result <br></div><div><span class="font" style="font-family:tahoma, sans-serif">even in accordance even with best
practices.</span> <br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default"> <br></div><div>A PIA needs to be conducted in a manner that is
commensurate with the level of privacy risk identified<br></div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default">. <br></div></div><div><span class="font" style="font-family:tahoma, sans-serif"> </span><br></div><div><div><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default">I
respectfully disagree with you that thin data is
personal. We are talking about identifiers (codes or
strings that represent an individual or device). Many
labels can be used to point to individuals. Some are
precise and most, imprecise or vague. There's no
question that an IP address is a device identifier.
Device IDs, MAC addresses can be a source for user
tracking. But <br></div><span class="font" style="font-family:tahoma, sans-serif"><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default">i<br></div></span><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default">dentifiers
can be strong or weak depending on how precise they
are as well as the context. It cannot be measured
without taking linkability into consideration. For
that reason, name servers are not the same as IP
addresses or MAC addresses any more so than the
existence of a domain name is an identifier. If a
person chooses to use identifiable information when it
is not being asked for or required for purposes of
which the data is being collected, that does that mean
we need to classify all the data according to that
unlikely scenario. Those setting up their own DNS
would be relatively speaking, sophisticated Internet
users that presumably know the basics of how DNS
operates in any case, so by entering the information
in that way, they are choosing to customize their DNS
in a personal way similar to a person that chooses to
show personal information on their license plate
number. <br></div></div><div><div style="font-family:tahoma,sans-serif;display:inline" class="gmail_default"><br></div></div><div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default">I
know that the motor vehicle registry is restricted now
in most places so that you would need a subpoena to
get that kind of personal information. This is also
true of an IP address though and IP providers. The
fact is a person can put their name and date of birth
on a license plate if they want to customize it. And
then they get on the road. That does not mean the
license plate numbers are all personal information.
It's pseudonymous data. It is true that it is a
stronger identifier than an IP address insofar as if
you subpoena the motor vehicle registry operator, you
will get the personal information behind that license
plate number. If you subpoena the ISP, you MIGHT get
the personal information depending on the nature of
the IP address. It's still true that to drive a car,
you need to show your license plate number on the
vehicle. <br></div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default"><br></div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default"><div>I would argue that thin Whois data is
pseudonymous or personal data to the same extent
that a person can choose to <u>customize</u> a
license plate if they want to, and put personal or
psuedonymous data into fields <br></div><div style="display:inline" class="gmail_default">for
which the data being collected does not ask for or
require them to do so. <br></div><div style="display:inline" class="gmail_default"><br></div></div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default"><div style="display:inline" class="gmail_default"><br></div></div><div style="font-family:tahoma,sans-serif;font-size:small" class="gmail_default"><div style="display:inline" class="gmail_default">A<br></div><div> person can register their driver's license as a
domain name.<br></div><div style="display:inline" class="gmail_default">They
can use a personal email in their SOA record, or
personal NS. <br></div><div>Just because it's theoretically possible for
someone to enter pseudonymous (or even personal)
data into multiple databases when they are not being
asked for it, and those combination of choices make
it possible to identify them, does not mean one of
the sets (Thin Whois) should be classified as
personal information subject to a PIA. <br></div></div></div><div><br></div><div class="gmail_extra"><div style="font-family:tahoma,sans-serif;font-size:small;display:inline" class="gmail_default"><br></div><div><br></div><div><div class="gmail_signature"><div dir="ltr"><div><div>Jonathan Matkowsky,<br></div><div>VP – IP & Brand Security<br></div><div>USA:: 1.347.467.1193 | Office::
+972-(0)8-926-2766<br></div><div>Emergency mobile:: +972-(0)54-924-0831<br></div><div>Company Reg. No. 514805332 <br></div><div>11/1 Nachal Chever, Modiin Israel<br></div><div><a href="http://www.riskiq.co.il" rel="noreferrer nofollow noopener">Website</a><br></div><div>RiskIQ Technologies Ltd. (wholly-owned by
RiskIQ, Inc.)<br></div></div></div></div></div><div><br></div><div class="gmail_quote"><div>On Thu, Jun 1, 2017 at 12:02 AM, Stephanie Perrin <span dir="ltr"><<a href="mailto:stephanie.perrin@mail.utoronto.ca" rel="noreferrer nofollow noopener">stephanie.perrin@mail.utoronto.ca</a>></span> wrote:<br></div><div><br></div><blockquote style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex" class="gmail_quote"><div bgcolor="#FFFFFF"><p><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:'Lucida Grande'">Your
summary today was great Andrew.</span></span><br></p><p><span class="size" style="font-size:undefinedpx"><span class="font" style="font-family:'Lucida Grande'">I am not
arguing about the disclosure of thin data.
We already voted on unauthenticated
mandatory disclosure, weeks ago (or at least
it feels like weeks ago). Lets please move
on. We are debating this yet again, because
people keep asking, is thin data personal? <span class="size" style="font-size:undefinedpx"><span style="font-family:'Lucida
Grande'" class="font"> [lots of people missed the
last call]</span></span> The answer is
yes (IMHO). Does that mean it cannot be
disclosed? The answer is no. Does the
proportionality principle apply? Yes. Have
we already gone through this? Yes. Can we
come back to it? Yes, but hopefully only if
we have to.....we will have to when we get
to data elements.</span></span><br></p><div>cheers Stephanie<br></div><div><span class="size" style="font-size:undefinedpx">PS a fundamental problem here is
that people try to categorize information that
in their view should be disclosed, as not
personal information. This fight has gone on
for years over IP address, for instance. The
important question is not actually whether it
is personal data or not, it is "do you need to
disclose it to make things work?"....and if
the answer is yes then you try to mitigate the
disclosure and try to keep it minimized to
what is absolutely required. Hence the PIA,
which should employ both data minimization and
the test in the proportionality principle as
techniques to evaluate data elements.<br> A good and really simple example is a phone
number. IS it personal info? (the telcos
fought for years, trying to claim they owned
it and it was not personal). Obviously it
pertains to you, people feel strongly that it
is personal (culturally relative of course
but...) and yet if noone ever learns your
number your phone won't ever receive a call.
That does not mean you have to disclose it
everywhere.....only where necessary. And it
should mean that it does not have to follow
you everywhere, but that is becoming
increasingly hard to manage....<br> <br> By the way, informed consent is not the same
as transparency requirements. Transparency
requirements are exactly that....you have to
be transparent about what you are doing with
data. Let us not conflate that with consent.<br> <br> I will quit now and stop trying to answer
questions. I would like to humbly suggest,
however, that we have a real shortage of basic
understanding of how data protection law works
and is interpreted. If there is a data
protection law expert that folks might listen
to, we should hire that person to advise us.
It might save a lot of time.<br> </span></div><div class="gmail-m_7395020479003268935moz-cite-prefix">On
2017-05-31 16:00, Andrew Sullivan wrote:<br></div><blockquote type="cite"><pre>Hi,
On Wed, May 31, 2017 at 03:20:59PM -0400, Stephanie Perrin wrote:
<br></pre><blockquote type="cite"><pre>That does not mean we need to protect it, it means we have to examine it in
terms of DP law. May I repeat the suggestion that Canatacci made in
Copenhagen in response to a question.....(I forget the precise question he
was asked, sorry). If you want to figure out whether you have to protect
something or not, do a privacy impact assessment.
<br></pre></blockquote><pre>As I think I've said more than once in this thread, I think we _have_
done that assessment and I think the answers are obvious and I think
therefore that there is nothing more to say about this principle in
respect of thin data:
- the data is either necessary for the operation of the system
itself or else necessary for distributed operation and
troubleshooting on the Internet.
- the data does not expose identifying information about anyone,
except in rather strained examples where the identifying
information is already completely available via other means.
What more is one supposed to do?
Best regards,
A
<br></pre></blockquote><div><br></div></div><div><br></div><div>______________________________<wbr>_________________<br></div><div>gnso-rds-pdp-wg mailing list<br></div><div><a href="mailto:gnso-rds-pdp-wg@icann.org" rel="noreferrer nofollow noopener">gnso-rds-pdp-wg@icann.org</a><br></div><div><a rel="noreferrer nofollow noopener" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></div></blockquote></div></div></div></div></blockquote></blockquote><div><br></div><div><br></div><div><br></div><pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org" class="moz-txt-link-abbreviated" rel="noreferrer nofollow noopener">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" class="moz-txt-link-freetext" rel="noreferrer nofollow noopener">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br></pre></blockquote></blockquote><div><br></div>