<div>We are talking in circles as a registrar according to the RAA is not prohibited from complying with applicable privacy laws. I respectfully would like to see proof (seeiously, I'd like to see a transcript) that any group of lawyers specializing in privacy in any jurisdiction opined that having these provisions in the RAA is a "breach" of any applicable law. These provisions have to be read together with the rest of the RAA, which expressly states that registrars must comply with applicable law. To call the provisions requiring a minimum threshold of privacy obligations a "breach" of data protection laws in any judisdiction is simply an untenable position.</div><div><br></div><div>Jonathan Matkowsky</div><div><br><div class="gmail_quote"><div>On Fri, 2 Jun 2017 at 21:33 Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">This clause has not
been acceptable in the past, even before GDPR. I think it is
worth pointing out that what is in the ICANN agreements has
been repeatedly pointed out, notably by the Art 29 WG, but
certainly by others such as the IWGDPT, as violating DP law.
These documents I believe are all in our repository. So
please let us not assume that what has been happening is ok,
even if we sign contract after contract with the same
offending clauses in them. Consent in most jurisdictions has
to be some variant of "free, enlightened, and informed".
Noone can be compelled to consent to a practice that is disproportionate
or fails the necessity test...An ability to withdraw consent
has to be available. I won't go on and on but this clause
obviously does not pass this test.<br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">In my opinion, the
longer ICANN tries to stymie the DPAs and ignore necessary changes
in privacy policy, the greater the risk they run that a viral
campaign will be launched among ordinary users, to appeal to
the Courts. DPAs try to effect change through dialogue. WHen
dialogue fails, individuals have to take cases to Court. We
don't want that.</font></font></p></div><div bgcolor="#FFFFFF" text="#000000">
<p><font size="+1"><font face="Lucida Grande">Stephanie</font></font><br>
</p></div><div bgcolor="#FFFFFF" text="#000000">
<br>
<div class="m_-4176606684045479381moz-cite-prefix">On 2017-06-02 08:19, Volker Greimann
wrote:<br>
</div>
<blockquote type="cite">I was just reviewing the changes to the registry
agreement again and I noticed a section that has relevance here as
well and that had not been discussed here.
<br>
<br>
Apparently the definition of the purpose for personal data
collection as far as ICANN is concerned is the job of the registry
operators:
<br>
<br>
2.18 Personal Data. Registry Operator shall (i) notify each
ICANN-accredited registrar that is a party to the
Registry-Registrar Agreement for the TLD of the purposes for which
data about any identified or identifiable natural person
(“Personal Data”) submitted to Registry Operator by such registrar
is collected and used under this Agreement or otherwise and the
intended recipients (or categories of recipients) of such Personal
Data, and (ii) require such registrar to obtain the consent of
each registrant in the TLD for such collection and use of Personal
Data. Registry Operator shall take reasonable steps to protect
Personal Data collected from such registrar from loss, misuse,
unauthorized disclosure, alteration or destruction. Registry
Operator shall not use or authorize the use of Personal Data in a
way that is incompatible with the notice provided to registrars.
<br>
<br>
This does have some relevance to our current discussion, so I
thought I'd recklessly post it here!
<br>
<br>
<br>
</blockquote>
<br>
</div>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote></div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature">jonathan matkowsky, vp - ip & head of global brand threat mitigation</div>