<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">Dear All,<o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">Please find the attendance of the call attached to this email, and the Adobe Connect chat, MP3 & Adobe Connect recording below for the Next-Gen RDS PDP Working group
call held on Tuesday, </span>3 October<span style="color:black"> 2017 at 16:00 UTC.<o:p></o:p></span></p>
<p style="line-height:15.6pt"><b><span style="color:black">MP3: </span></b><span style="color:black"> <a href="https://audio.icann.org/gnso/next-gen-rds-pdp-wg-03oct17-en.mp3">https://audio.icann.org/gnso/next-gen-rds-pdp-wg-03oct17-en.mp3</a><o:p></o:p></span></p>
<p style="line-height:15.6pt"><b><span style="color:black">AC recording:</span></b><span style="color:black">
</span><a href="https://participate.icann.org/p3pa4jai1i5/?OWASP_CSRFTOKEN=d048b2f398d46cdea54ea6b4051a716b3de18365239aaf918caedc1b891c5339"><b><span style="color:black;background:white">https://participate.icann.org/p3pa4jai1i5/</span></b></a><span style="color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">The recordings and transcriptions of the calls are posted on the GNSO Master Calendar page:</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_group-2Dactivities_calendar-23nov&d=DwMF-g&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=PDd_FX3f4MVgkEIi9GHvVoUhbecsvLhgsyXrxgtbL10DTBs0i1jYiBM_uTSDzgqG&m=GJMkY4Fbi9sry9Z53DaSWJm-mHxMfFxg7MEVDf2JU90&s=FI3QJYH6DWWCDQir6NDMSjPkzdqfTTUmf9Ua-AYpc14&e="><span style="color:purple">http://gnso.icann.org/en/group-activities/calendar</span></a><span style="color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">** Please let me know if your name has been left off the list **<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">Mailing list archives:</span><a href="http://mm.icann.org/pipermail/gnso-rds-pdp-wg/"><span style="color:purple">http://mm.icann.org/pipermail/gnso-rds-pdp-wg/</span></a><span style="color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><b><span style="color:black">Wiki agenda page: </span></b><span style="color:black">
</span><a href="https://community.icann.org/x/bWfwAw">https://community.icann.org/x/bWfwAw</a><span style="color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">Thank you.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">Kind regards,<o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt">Julie<span style="color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black">———————————————<o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><b><u><span style="color:black">AC Chat Next-Gen RDS PDP WG Tuesday, </span></u></b><b><u>3 October<span style="color:black"> 2017<o:p></o:p></span></u></b></p>
<p class="MsoPlainText"> Julie Bisland:Welcome to the GNSO Next-Gen RDS PDP Working Group teleconference on Tuesday, 03 October 2017 at 16:00 UTC<o:p></o:p></p>
<p class="MsoPlainText"> Julie Bisland:Agenda wiki page: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_bWfwAw&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=yGuhVKm-I9WXOo-zhqiCeseRDHZc1ao16xVWoSIl9F0&s=1519OMlTf_qrfVlCmocb02VU9ZXzR357tbnJWvHRjiQ&e">
https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_bWfwAw&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=yGuhVKm-I9WXOo-zhqiCeseRDHZc1ao16xVWoSIl9F0&s=1519OMlTf_qrfVlCmocb02VU9ZXzR357tbnJWvHRjiQ&e</a>=
<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:hi julie<o:p></o:p></p>
<p class="MsoPlainText"> Julie Bisland:Hello Kirs! Hope you are well :)<o:p></o:p></p>
<p class="MsoPlainText"> Julie Bisland:oh gosh, clearly I'm not well! KRIS <o:p>
</o:p></p>
<p class="MsoPlainText"> Julie Bisland::)<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:what's wrong?<o:p></o:p></p>
<p class="MsoPlainText"> Julie Bisland:I can't spell haha<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:health issue?<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:oh gosh....<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:hi steve<o:p></o:p></p>
<p class="MsoPlainText"> steve metalitz:hello<o:p></o:p></p>
<p class="MsoPlainText"> Chuck Gomes:Hi all<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:Hi chuck<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):Hello All<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):Hello ll<o:p></o:p></p>
<p class="MsoPlainText"> Tim O'Brien:Aello All, sorry for the absense - been on travel for the last two weeks
<o:p></o:p></p>
<p class="MsoPlainText"> Nouradine Abdelkerim Youssouf:hello All<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):Memorandum does not cover Escrow (offtopic)<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):and Escrow related to storage <o:p>
</o:p></p>
<p class="MsoPlainText"> Lisa Phifer:Link to memo displayed: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_en_drafts_wsgr-2Dicann-2Dmemorandum-2D25sep17-2Den.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=yGuhVKm-I9WXOo-zhqiCeseRDHZc1ao16xVWoSIl9F0&s=r8IaalEcQY758Fyu-SXx_NAQD6Ba--qrFhkIuTWYcgc&e">
https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_en_drafts_wsgr-2Dicann-2Dmemorandum-2D25sep17-2Den.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=yGuhVKm-I9WXOo-zhqiCeseRDHZc1ao16xVWoSIl9F0&s=r8IaalEcQY758Fyu-SXx_NAQD6Ba--qrFhkIuTWYcgc&e</a>=
<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:If you don't tell your legal counsel what you want to accomplish, they won't help you accomplish it.<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):agree<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:+1 greg<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:I agree with Greg S, which is I think the approach I suggested on the list last week<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:I might type<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):how was the law firm selected?<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:just out of curiosity, could you please remind us, how was this law firm chosen? thank you!<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:audio is bad on my end<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:how was the law firm chosen<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:yes<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:not only staff recommended, the legal advisory group also suggested several law firms<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:thanks for that Chuck, sounds like a sound process was followed in selecting them<o:p></o:p></p>
<p class="MsoPlainText"> steve metalitz:The selectoin was made by the leadership team, not by the advisory group
<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:Sorry, unfortunately that was not the case as the contracting took longer than anticipated :-(<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:+1 Greg<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:+1 greg<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:useful for the skeptics and offensive to the DPAs...<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):as I understand DPAs give paid advice only (fines and description of what went wrong)<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:but good to have sound legal advice now<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Hi Maxim - the DPAs gave us free advice in and post-Copenhagen - and in writing<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):it was broad and informal, it is not possible to use it in the court<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:am sure they charge per hour and per whoever is advising....<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:agree with greg re: need to seek advice at some point re: how to accomplish our objectives, not just the "what if" questiosn that were asked of the DPAs<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:No, I don't believe so<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:but I can double check<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):for example we did not even ask about escrow - and the current implementation does not allow to properly process withdrawal of the consent of the person<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Maxim - that is true, but that is the nature of their advice. i do not think European DPAs ordinarily give different advice than what we received which is, yes, informal. but i stand to be corrected<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:Wait, do I understand Chuck to be saying that the lawyers wanted responses to be confidential from the WG? If so, that's bizarre<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:Ok, I get it. <o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):I am not sure it is relevant to the current discussion<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):we are not discussing the draft of the document, only the final version<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:it does not seem productive to me focusing so much on the thought process that went into the construction of this memo. we have the memo now. it is written. surely we are not going to spend weeks dissecting how it was
produced? we should have some confidence in the leadership team and the firm that was chosen<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:+1 Ayden<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:+1 ayden <o:p></o:p></p>
<p class="MsoPlainText"> steve metalitz:The leadership team decided what questions to ask about the WSGR first draft though the advisory team was asked for any input.
<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:We have found a rabbit hole in the weeds.<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:@Steve - How much did the advisory team feedback impact the ultimate questions?<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):talking about THIN data - the advice of “it depends” might not be very helpful (p8 of the memo)<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:+1 maxim<o:p></o:p></p>
<p class="MsoPlainText"> steve metalitz:Chuck is referring to the questions posed to the data protection experts. Leaderhsip team decided that the same questoins would be posed to WSGR. I was referring in previous entry to the follow-up questoins posed
after the WSGR draft was reviewed. <o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:@Chuck - Thanks for clarifying.<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:can i suggest we table these opinions and views and move on and at the time we need to move back to these we do......need to....let's us respect a bit and have some faith<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:+1 chuck<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:Agree with Maxim. I found this document helpful. I don't think it necessarily tells us anything we didn't expect, but good exercise nonetheless. But there are clearly areas where we are dealing with new issues and we need
to take a pragmatic, balanced and detailed look at these issues. Maybe this document enables us to focus our efforts more easily<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:Handout: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_66086765_Handout-2DRDS-2DWG-2DCall-2D3Oct2017.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=yGuhVKm-I9WXOo-zhqiCeseRDHZc1ao16xVWoSIl9F0&s=cUJZ1PU5NKl_5JkKjTQILRKNzq9ZZqjiNqH3Sq6vCf8&e">
https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_66086765_Handout-2DRDS-2DWG-2DCall-2D3Oct2017.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=yGuhVKm-I9WXOo-zhqiCeseRDHZc1ao16xVWoSIl9F0&s=cUJZ1PU5NKl_5JkKjTQILRKNzq9ZZqjiNqH3Sq6vCf8&e</a>=
<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:I think the starting point could be to put meat on the bones of 'secondary purposes'<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):handout link does not work on the Wiki page. Thanks Lisa for the link here.<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):Actually, that does not work either. Or is it just me.<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:link works for me<o:p></o:p></p>
<p class="MsoPlainText"> Susan Kawaguchi:link works for me<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:WFM too<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):got it! not sure what happened but no worries.<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:@Jimk link on wiki now fixed, thanks for flagging<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:The link in the meeting materials worked - it was the link in the agenda body 5a that was broken<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):12.a effectively means that non-EU companies will not be able to pass EU citizens info to their local LEA , even if requested properly under the national law ... and it means not to be compliant with the local
law ... deadlock <o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):and the outcome of 12.a is to not to have any of EU citizens data ... orEU residents (which is worse)<o:p></o:p></p>
<p class="MsoPlainText">Herb Waye Ombuds:Must drop out for a medical appointment... Regards all, Herb<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Court of Justice<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:Maxim - i'm not followign you<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@Vicky, if you have a non-EU company - you have to comply with the local law , and your local Law enforcement exemtions will not apply under GDPR ... so either you follow local law in part of disclosure info to
the local Law Enforcement , and be fined for that by EU, or you follow GDPR and have issues with the local laws regulating disclosure of info to national law enforcement<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:I think you end up in court in one or both countries....<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:Green check if you agree: existing gTLD registration directory services policies sufficiently address compliance with applicable data protection, privacy, and free speech laws within each jurisdiction<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):and the only way out is not to have info of EU citizens or residents in your system (the latter can not be identified ... imagine one who spends 180 days in EU and will be a resident after that period)<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Maxim - you are making a good case for why the RDS should not contain any personally identifiable information<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:about domain name registrants <o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):THIN whois might be the fast solution :)<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:Ayden - how does that help the public at all?<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:Thin whois doesn't solve the other problems we have identified<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):it solves part of the problems on the Registry level, but I agree that it is not enough<o:p></o:p></p>
<p class="MsoPlainText"> steve metalitz:Questoin: aren';t we polling "principle 3.e," not question 5.1?
<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:agree with metalitz - GDPR does not apply to all personal data<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Vicky - What do you mean that GDPR does not apply to all personal data? GDPR does not apply to all data (i.e. non-personal data), but I thought it did apply to personal data?<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):do we know the position of ICANN at the moment , who is the controller? (I think ICANN is... but what is the current position of ICANN?)<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:+1 Greg I was thinking the same<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):@maxim - I would say that the way contracts and relationships are currently setup then ICANN has to be the data controller. So, the question to ask is if that is the way we want things structured going forward.
I think we could make a case either way on that.<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@James, I think it is an important question (it changes the logic of the answer, if , for some reason ICANN is not a data controller)<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):I ment the reading of the memo depends on who the controller is<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:GDPR is already in force as a legal act; it is only compliance that comes into effect next year.<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:+1 Ayden this is why my answer is: No<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@Ayden, amount of the fee is the major differentiator (20M) ...
<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:enforcement of gdpr 28th may 2018<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):@maxim - agree. the "solution" will be different based on who/where the data controller is.<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):and in Netherlands GDPR is enforced , and .amsterdam and .frl already have issues
<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:exactly<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):i'm sorry folks but I need to drop off here at the top of the hour<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):+1 to andrew though<o:p></o:p></p>
<p class="MsoPlainText"> James Galvin (Afilias):seems to me we have thoroughly covered this issue - time to move on<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Chuck, My logic is (a) the "Whois conflicts with local law" policy is a gTLD registration policy, (b) it can be used to address compliance with these laws, therefore (c) existing policies sufficiently address compliance
with these laws.<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Greg, can you please point to me of an example where the WHOIS Conflicts with Local Law procedure has been utilised, in practice, in any jurisdiction? Thank you<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@Greg, the issue is that current policies does not allow to resolve the issue before your company violate the law, and in case of GDPR the fine is huge and effectively can kill almost all registries and registrars<o:p></o:p></p>
<p class="MsoPlainText"> steve metalitz:+1 Fabricio re implementation v. policy <o:p>
</o:p></p>
<p class="MsoPlainText"> Greg Shatan:We were asked about policy, not practice. In theory, there is no difference between theory and practice. In practice, there is.<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:agree w/ Fabrizio, and i think this answers Aden's question too<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:practice = implementation....<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:I see. a question of semantics<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:The policy as it is written is tightly bound to the extreme limitations of whois-the-protocol, which is part of the problem<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:If people are confused about that, then I would like to propose to rewrite the existing policies using RDAP as the model protocol, and then we can do a clear list of all the features of RDAP that the new policy can't
use<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Semantics, noun: the branch of linguistics and logic concerned with meaning.<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):whois does not allow instant removal of data and the same for escrow ... so the current tech system is incompatible with GDPR (instant removal is needed to process consent withdrawal)<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:indeed, that problem was exposed by the original proposed RDAP test implementation ICANN org staff proposed. I wouldn't even be involved in this PDP if that weren't the case<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:3.7.7.4 Registrar shall provide notice to each new or renewed Registered Name Holder stating:3.7.7.4.1 The purposes for which any Personal Data collected from the applicant are intended;3.7.7.4.2 The intended recipients
or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);3.7.7.4.3 Which data are obligatory and which data, if any, are voluntary; and3.7.7.4.4 How the Registered Name Holder or
data subject can access and, if necessary, rectify the data held about them.3.7.7.5 The Registered Name Holder shall consent to the data processing referred to in Subsection 3.7.7.4.<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:3.7.8 Registrar shall comply with the obligations specified in the Whois Accuracy Program Specification …. [and] [i]n the event Registrar learns of inaccurate contact information associated with a Registered Name it
sponsors, it shall take reasonable steps to correct that inaccuracy.<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:I don't see how escrow has anything to do with this. It follows from the SRS, not the RDS<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:Just for examples of how the policy complies ... but I don't think the implimentation of these polices have followed well<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@andrew, escrow data is compared to WHOIS and not to SRS<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Did they go beyond the current implementations in order to critique the policies?<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:The "existing system" is an implementation.<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):and both groups of registries and registrars escrow data
<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:@Maxim: yes, and that's yet another failure of spec writing because people have been used to the whois being open<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:but since the point of escrow has been to recreate registration data (i.e. what has to go into the SRS), the tests are the wrong ones<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:The RDS is apparently a downstream system from the SRS, or at least that's what people concluded when I poked at these definitions before<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@andrew, two different SRS will have two diffrent structures (when not based on the same backend), and inheriting old data structure (it should be processed fast) does not give much, while having WHOIS compatible
set of data helps<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:The SRS protocol for gTLDs is EPP. They therefore have the same representation, and the escrow format was designed to be compatible with that<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@andrew, ask registrars about 'standard EPP' among reistries :) also there are EPP extenstions, and reistries/registrars do not have to implement other's extensions<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:I am aware of the problems with consistency across EPP implementations<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:Please let me hear Fabricio<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Fab's point is that the policy is flexible enough to allow for, e.g., a request for purposes.<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:I think.<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):if we do not find the way to make RDS compatible with GDPR , registrars and registries will have not to follow RDS<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Maybe the question should be "Do the existing implementations of gTLD policy sufficient address compliance....?<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):current policies violate GDPR for EU citizens - example CL&D<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Is that non-compliance due to the policy not allowing compliance, or the implementation being non-compliant?<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):both might have issues<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:@Maxim, what is the policy issue?<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:As opposed to the issue with current implementations?<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):CL&D policy for example demands publishing of the personal info
<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):and when such info is of EU citizen or EU resident - it creates issue with GDPR<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:Chuck's proposal: Do existing gTLD registration directory services policies and/or implementations sufficiently address compliance with applicable data protection, privacy, and free speech laws within each jurisdiction?<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:i just wanted to comment on something mentioned a few minutes ago -- GDPR has a harmonisation process, with the intent that its implementation across the EU be consistent across the member states<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:I think the point is "sufficiently address compliance" is mystifying -- why not "do they comply"?<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@Ayden, as I understand it is not limited to EU<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:The question could be inverted: Do existing gTLD registration directory services policies and/or implementations PREVENT compliance with applicable data protection, privacy, and free speech laws within each jurisdiction?<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:Will retry my mic one sec<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Maxim - I am only commenting on a comment made a few minutes ago that GDPR could be differently interpreted throughout the member states. that should not be the case. it should be applied consistently by the DPAs.
<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:@Lisa: that's helpful<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:I think the point of the questions is to help the WG identify deficiencies that need to be addressed through changes to policy<o:p></o:p></p>
<p class="MsoPlainText"> Krishna Seeburn - Kris:its an EU accepted way forward and all EU member states cannot do differently<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Not developed for the purpose of obtaining legal advice on how to accomplish the objectives of WHOIS while complying with GDPR.<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:Note that WSGR did not respond to the questions that are in this document - these are questions that the WG identified as sub-questions to help address the overarching charter questions. The principles that you see were
derived from the memo as aiming to assist in responding to these questions.<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:the questions asked were for the DPAs, and rightly or wrongly, were politicized. they didn't ask what is the best way to address the objectives of the RDS<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):@Ayden, if you are outside of EU - you can pick one you like (if you provid services to citizens of all EU states)<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:Is there anyone who would answer this yes: Do existing gTLD registration directory services policies and/or implementations PREVENT compliance with applicable data protection, privacy, and free speech laws within each jurisdiction?<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:Maxim - i am not and have not been commenting on those outside of the EU. i was responding to a comment that the EU member states may interpret GDPR differently in terms of enforcement for non-compliance.<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Need to answer separately for policy and for implementations for this to be useful.<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:Mic's playing up - my thoughts are: The question we asked isn't great, but the discussion has helped us identify several different elements we need to look at in more depth in light of the feedback we've received<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:@Nick, yes, the questions and answers are good conversation-starters....<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):about procedures for WHOIS conflict with law - the current procedure does not allow to prevent registry / registrar to breach the law (you need to be in the litigation process and in GDPR it means fine)<o:p></o:p></p>
<p class="MsoPlainText"> Lisa Phifer:@Maxim, I think you are right - if the question is inverted, then the part that falls within the PDP's remit is policy: Do existing gTLD registration directory services POLICIES PREVENT compliance with applicable data protection,
privacy, and free speech laws within each jurisdiction?<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:+1 Andrew. I like that suggestion. Will flesh out where policy or implimentation needs to change<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:+1 Andrew sounds like a plan, and in addition, consider any changes depending on who the data controller is<o:p></o:p></p>
<p class="MsoPlainText"> Alex Deacon:working code even....<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):pity we will not be able to finish it all before the end of the may 2018 :)<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:@Maxim Oh ye of little faith!<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):good discussion though<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:I think we identified some fundamental gaps in how we<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:have framed the problem.<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:+1 Greg<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:+1 Greg<o:p></o:p></p>
<p class="MsoPlainText"> Julie Bisland:will do, chuck. <o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):+1 Greg<o:p></o:p></p>
<p class="MsoPlainText"> Julie Bisland:Next WG meeting: Tuesday, 10 October 2017 at 16:00 UTC for 90 minutes<o:p></o:p></p>
<p class="MsoPlainText"> Maxim Alzoba (FAITID):bye all<o:p></o:p></p>
<p class="MsoPlainText"> Fabricio Vayra:Thanks, Chuck, et al!<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:We're halfway into the woods, Chuck.<o:p></o:p></p>
<p class="MsoPlainText"> Nathalie Coupet:Adobe froze<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:1. Does the policy work with legislation? If no, why?<o:p></o:p></p>
<p class="MsoPlainText"> Nathalie Coupet:Bye all<o:p></o:p></p>
<p class="MsoPlainText"> Marika Konings:Nope, not from my side<o:p></o:p></p>
<p class="MsoPlainText"> Vicky Sheckler:thx<o:p></o:p></p>
<p class="MsoPlainText"> Ayden Férdeline:thanks all<o:p></o:p></p>
<p class="MsoPlainText"> andrew sullivan:Thanks & bye<o:p></o:p></p>
<p class="MsoPlainText"> Greg Shatan:Bye all!<o:p></o:p></p>
<p class="MsoPlainText"> Nick Shorey:Cheerio<o:p></o:p></p>
<p class="MsoNoSpacing" style="margin:0in;margin-bottom:.0001pt"><o:p> </o:p></p>
</div>
</div>
</div>
</body>
</html>