<div dir="ltr">and neither will a lot of bad actors, online criminals and miscreants. </div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 13, 2018 at 8:28 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>But the only ones facing the fines or imprisonment of officers.
Will you face government fines or prison if you can no longer look
at whois? No? Thought so!<br>
</p>
<br>
<div class="m_-4572336867085428836moz-cite-prefix">Am 13.02.2018 um 17:23 schrieb Dotzero:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Volcker,<br>
<br>
</div>
Registrars are not the only constituency with a stake in this.
<br>
<br>
</div>
Michael Hammer<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 13, 2018 at 11:13 AM,
Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Mike,</p>
<p>no, sensible because a great number of registrars will
be forced to deal with this anyway, because this will
affect a great many of registrations and therefore it
makes sense to take this as a basis. Of course we will
then need to see if there need to be tweaks to
accomodate for other jurisdictions, but as more as more
countries are adopting similar regimes....</p>
<p>Sure it will be more restrictive than open access and
some people may have a harder time than today getting at
certain information, but with tiered access access would
still be possible for those with overriding legitimate
interests. That is the model the EU commission hinted
at. Not the only model, but a working one.<span class="m_-4572336867085428836HOEnZb"><font color="#888888"><br>
</font></span></p>
<span class="m_-4572336867085428836HOEnZb"><font color="#888888">
<p>Volker<br>
</p>
</font></span>
<div>
<div class="m_-4572336867085428836h5"> <br>
<div class="m_-4572336867085428836m_-5981583062905781775moz-cite-prefix">Am
13.02.2018 um 17:04 schrieb Dotzero:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Volker, you assert that "it would be sensible
to take GDPR as a basis and start from there".
Perhaps sensible from your perspective and
easier from your perspective but ICANN is an
international organization - primarily dealing
with technical/administrative issues - and it
MUST take an approach that, as best it can,
accommodates the laws and practices of various
jurisdictions around the world. Your proposed
approach, quite simply does not do that.<br>
<br>
</div>
Michael Hammer<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 13, 2018 at
10:54 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>I think that it would be sensible to take
the GDPR as a basis and start from there.
Obviously, where it conflicts with other
applicable laws, we should make sure to
accomodate those as well, but as the EU
Commission and others have pointed out is
that compliance with GDPR does not
preclude providing certain access levels
to certain parties. What those levels
would be and who those parties could be
should be the main focus of our work. <br>
</p>
<div>
<div class="m_-4572336867085428836m_-5981583062905781775h5"> <br>
<div class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952moz-cite-prefix">Am
13.02.2018 um 15:41 schrieb Chuck:<br>
</div>
<blockquote type="cite">
<div class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952WordSection1">
<p class="MsoNormal"><span style="color:windowtext">Volker,</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">Are you
saying that you think that RDS
policies should be designed to
comply with European regulations
and then applied to all other
jurisdictions in the world?</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">Chuck</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext">
Volker Greimann [<a class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952moz-txt-link-freetext" href="mailto:vgreimann@key-systems.net" target="_blank">mailto:vgreimann@key-systems.<wbr>net</a>]
<br>
<b>Sent:</b> Tuesday,
February 13, 2018 5:58 AM<br>
<b>To:</b> Chuck <a class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952moz-txt-link-rfc2396E" href="mailto:consult@cgomes.com" target="_blank"><consult@cgomes.com></a>;
'Michael Palage' <a class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952moz-txt-link-rfc2396E" href="mailto:michael@palage.com" target="_blank"><michael@palage.com></a><br>
<b>Cc:</b> <a class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> Re:
[gnso-rds-pdp-wg] Legal
basis vs. lawful</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p>I am afraid that if we create
different policies for different
regions, we will break the model,
encourage forum shopping and
encourage firewalling of entire
geographic sections of the net. I
hope that is not what we are doing
here. </p>
<p>GDPR will cause some breakage of
this and I see it as our mission
to fix this breakage of the
standard by proposing a unified
model once again. </p>
<p>Ultimately, if this solution does
what the EU has been asking for,
e.g. protect legitimate use cases
of registration data as well as
the rights of the data subjects,
there is no reason why it should
not be universally applicable. </p>
<p>Best,</p>
<p>Volker</p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Am 13.02.2018
um 00:04 schrieb Chuck:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Volker,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The WG could
recommend policies that are
‘universally applicable to all
registrations’ but I seriously
doubt that will happen in
today’s world. That would be
much simpler than policies that
vary by region and users, but is
it realistic?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Chuck</p>
<p class="MsoNormal"> </p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b>
gnso-rds-pdp-wg [<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>]
<b>On Behalf Of </b>Volker
Greimann<br>
<b>Sent:</b> Monday,
February 12, 2018 2:30 PM<br>
<b>To:</b> Michael Palage <a href="mailto:michael@palage.com" target="_blank"><michael@palage.com></a><br>
<b>Cc:</b> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> Re:
[gnso-rds-pdp-wg] Legal
basis vs. lawful</p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Michael is
right. ICANN iOS based on the
thought of “One World; one
Internet”. This also means that
the policies it creates should
be universally applicable to all
registrations, if possible. IF
we start creating policy that
diverges, that would only lead
to further fragmentation and
undermine the founding ideal of
ICANN itself. Our aim should be
to create one policy that can be
applied to all or most
registrations and that can be
implemented by all registrars
alike. </p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">While we
will likely have a certain
amount of fragmentation
following May 25 as each
contracted party applies its
own solution, it should be our
goal to overcome this and
present a new unified policy
that works for all contracted
parties. </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Volker</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On
12. Feb 2018, at
20:27, Michael Palage
<<a href="mailto:michael@palage.com" target="_blank">michael@palage.com</a>>
wrote:</p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">Greg/John,</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I
will respectfully
push back on your
legal over
simplification of
the GDPR.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">The
exterritorial aspect
of the GDPR set
forth in Article 3
is NOT just limited
to EU
residents/citizens.
As Michele has noted
in the past, the
GDPR requires
BlackKnight as an
Irish legal entity
to protect all of
its customers data
(EU/Non-EU) in
compliance with
GDPR, as well as US
entities that target
and conduct business
within the EU.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Now
your points about
the distinction
between natural and
legal persons is a
fair one and one
that has been noted
in EU and Art 29
communications.
Could you please
share the basis of
your proposition
that 97% of all
domain name
registrations are
registered by legal
entities.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">As
I have note
previously the long
term viability of
the ICANN
multi-stakeholder
model is at risk as
national governments
continue to pass
national laws that
impact the operation
of the Internet.
However, the
European Union is
NOT alone in
advancing Privacy
Legislation, in fact
data localization is
perhaps the next
biggest lurking
threat to the domain
name system. <span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Best
regards,</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Michael</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><b>From:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>]<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On
Behalf Of<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>John
Horton via
gnso-rds-pdp-wg<br>
<b>Sent:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Monday,
February 12, 2018
1:22 PM<br>
<b>To:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Greg
Aaron <<a href="mailto:gca@icginc.com" target="_blank">gca@icginc.com</a>><br>
<b>Cc:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg]
Legal basis vs.
lawful</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">I think
Greg is right
on. There's
simply no
justification
to force a law
that is only
intended to
apply to a) EU
residents/citizens that are b) natural persons not using the domain name
for commercial
purposes, to
the
remaining...what?
97% - 99% of
the world's
registrant
population?
That would be
a balanced way
to implement
all of this. </span></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><br clear="all">
</p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#073763">John
Horton<br>
President and
CEO,
LegitScript</span></p>
</div>
<div>
<div>
<p class="MsoNormal"><img style="width:1.0in;height:.375in" id="m_-4572336867085428836m_-5981583062905781775m_692055522894869952_x0000_i1025" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" height="36" width="96" border="0"></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#444444">Follow</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0b5394"> </span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Legit</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0b5394">Script</span></b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">: <a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span style="color:#cc0000">LinkedIn</span></a> | <a href="https://www.facebook.com/LegitScript" target="_blank"><span style="color:#6aa84f">Facebook</span></a>
| <a href="https://twitter.com/legitscript" target="_blank"><span style="color:#674ea7">Twitter</span></a>
| </span><u><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#ff9900"><a href="http://blog.legitscript.com/" target="_blank"><span style="color:#1155cc">Blog</span></a></span></u><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> |</span><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#ff9900"> <a href="http://go.legitscript.com/Subscription-Management.html" target="_blank"><span style="color:#ff9900">Newsletter</span></a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#ff9900"><img style="width:.4791in;height:1.0in" id="m_-4572336867085428836m_-5981583062905781775m_692055522894869952_x0000_i1026" src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" height="96" width="46" border="0"><img style="width:.4895in;height:1.0104in" id="m_-4572336867085428836m_-5981583062905781775m_692055522894869952_x0000_i1027" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" height="97" width="47" border="0"></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal">On
Mon, Feb 12,
2018 at 9:57 AM,
Greg Aaron <<a href="mailto:gca@icginc.com" target="_blank"><span style="color:purple">gca@icginc.com</span></a>> wrote:</p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I
don’t know if
we arrive at
the same
place. <span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">GDPR
is based on
one
principle. It
states what is
legal. It's
explicit about
what you _are
allowed to
do_; granted
there’s some
flexibility
and room for
interpretation.
It’s like
saying what’s
inside a box.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">U.S.
law is one
based on
different
principles.
AFAIK U.S.
consumer
protection law
does not
enumerate
specifically
what is
lawful.
Instead it
tends to state
what is
illegal, what
you are _not
allowed to
do_. It’s
like saying
what’s outside
the box. The
U.S. doesn’t
have something
like GDPR that
spells out
legal bases
for collecting
data, i.e. the
enumerated
allowable
reasons.
Instead the
trade and
consumer
protection
laws basically
say: entities
have the right
to form
contracts
between
themselves,
they should
live up to the
contract,
don’t surprise
people, don’t
do certain
dishonest
things. <span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Here's
the problem:
if one makes
the GDPR
principle the
ICANN standard
and you apply
it to all
registrations,
then practices
that are
allowable in
one place
under the law
(like the
U.S.) would no
longer be
allowed there
by ICANN
policy.
ICANN would
be choosing
one legal
approach or
regime for
everyone in
the world. <span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">The
alternative is
to apply the
GDRP only to
those that it
is designed to
protect:
registrants
in the EU.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">For
example,
there’s
nothing in
U.S. law that
prohibits a
U.S. registrar
from having a
contract that
says
publication of
full contact
data in WHOIS
is a
condition of
registering a
domain name if
you are a
registrant in
the U.S.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">See<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="https://iapp.org/news/a/explaining-the-gdpr-to-an-american/" target="_blank"><span style="color:purple">https://iapp.org/news/a/ex<wbr>plaining-the-gdpr-to-an-americ<wbr>an/</span></a>
for more.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal"><b>From:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="color:purple">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</span></a>]<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On
Behalf Of<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>Silver,
Bradley via
gnso-rds-pdp-wg<br>
<b>Sent:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Friday,
February 9,
2018 2:54 PM<br>
<b>To:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Volker
Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank"><span style="color:purple">vgreimann@key-systems.net</span></a>>;<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">g<wbr>nso-rds-pdp-wg@icann.org</span></a></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><br>
<b>Subject:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg] Legal basis vs. lawful</p>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d">It is true that the GDPR is prescriptive, although
also rather
open-ended
(hence our
current
pickle). But
regardless of
the term we
use, don’t we
arrive at the
same place:
which is that
if something
that requires
a legal basis
is done
without one,
it will be
unlawful?
Using Kathy’s
example, if
data is
processed
without
complying with
minimization
or purpose
principles,
will such
processing not
run afoul of
the law, and
hence be
unlawful? <span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d">There are important distinctions between the
meaning of
“legal basis”
which implies
that a law
requires
something to
be
affirmatively
present,
versus
“lawful”,
which means
that something
is not
prohibited by
law.
Ultimately
though, isn’t
“lawfulness”,
the same end
point,
regardless? <span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d"> </span></p>
</div>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">gnso-rds-pdp-wg
[</span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:purple">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">]<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On
Behalf Of<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>Volker
Greimann<br>
<b>Sent:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Friday,
February 09,
2018 11:27 AM<br>
<b>To:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:purple">gnso-rds-pdp-wg@icann.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><br>
<b>Subject:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg] Legal basis vs. lawful</span></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">I
do not see
how. Kathy's
analysis seems
sound. The
flexibility
within the
GDPR still
only allows
processing in
very specific
cicumstances,
all of which
are listed in
the GDPR.</span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal">Am
09.02.2018 um
16:45 schrieb
Victoria
Sheckler:</p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Kathy’s
analysis
breaks down on
a practical
level when one
looks at the
GDPR and what
it says about
when data can
be processed.
The GDPR
allows for
flexibility
for what can
be processed
and when, and
kathy’s
analysis
overlooks that
point.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal"><b>From:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="color:purple">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</span></a>]<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On
Behalf Of<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>Kathy
Kleiman<br>
<b>Sent:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Thursday,
February 8,
2018 7:07 PM<br>
<b>To:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a><br>
<b>Subject:</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg] Legal basis vs. lawful</p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Tx
for the
invitation to
join, Chuck,
and following
up on the
discussion of
Sam and
Tapani, let me
add that
criteria for
processing
must be
clearer than
something
broadly within
ICANN's
mission
statement and
something
permissible
somewhere. The
requirements
under law are
express and
concrete.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Specifically,
GDPR Article
5(1)(b and c)
states:</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b>Personal data shall be:<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
2.
"collected for<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><u>specified,
explicit and
legitimate
purposes<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></u>and
not further
processed in a
manner that is
incompatible
with those
purposes"</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>(the
"purpose
limitation")
AND<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b><br>
3.
"adequate,
relevant and
limited to
what is
necessary in
relation to
the purposes
for which they
are processed"</b><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>(the
"data
minimisation"
requirement).
[underline
added]<b><br>
</b><br>
Thus, our
first criteria
of "consistent
with ICANN's
mission," is
only the first
step and we
need to go
further than
even the 3
criteria we
are
discussing..<br>
<br>
Second, lawful
and legal
enter us into
a debate over
words and I
have to agree
with Sam and
Tapani's
analysis and
let me add
some of my
own.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
"Legal" is the
term we use
for actions
expressly
allowed under
law. How we
process
personal data
under the GDRP
falls into
this category
-- of
processing
expressly
allowed under
law. Whereas
the term
lawful is used
for a much
broader
category of
actions which
are generally
permissible
and allowable.<br>
<br>
The term
"legal" is
much more
consistent
with our
criteria
statement
because the
processing of
personal data
by ICANN must
clearly have a<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><i>valid
legal basis</i><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>as
expressly
defined by
data
protection
laws.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
Best regards,<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
Kathy<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
On 2/7/2018
10:53 AM, Sam
Lanfranco
wrote:</p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Thanks
Tapani,</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I will extract from your longer message.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
I deliberately
kept my brief
and less
technical.<br>
I think we are
in agreement
here and I
support your
position.</p>
<div>
<div>
<p class="MsoNormal"><span style="color:#660000">On 2/7/2018 1:07 AM, Tapani Tarvainen wrote:<br>
<br>
The key
distinction,
as I
understand it,
is that
"lawful" would
be<br>
defined by
the negative,
everything
that some law
does not
prohibit,<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="color:#660000">where as "legal
basis" is
defined by the
positive, only
things whose<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
justification
can be
explicitly
derived from
law.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
<......><br>
<br>
So I would
prefer "legal
basis"
specifically
in this sense:
that any
processing<br>
would have to
be explicitly
based on one
of the
criteria, or
bases, as
listed<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
in GDPR
Article 6, or
similar
explicit
justification
in other data
protection
legislation.<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
</span><br>
<br>
<br>
<br>
</p>
<pre>______________________________<wbr>_________________</pre>
<pre>gnso-rds-pdp-wg mailing list</pre>
<pre><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=DwMDaQ&c=tq9bLrSQ8zIr87VusnUS92RmR2KtbW6AiQIx78dtRmA&r=TAA3GKe6tpWdv3RbCks6TRrjaTx9d0J3KzemA65KYpA&m=fOG1O9n2_DhDKrVj0wrojDKlYIsDeLHzwtDlEi-f9Ng&s=GditP_BvWvjE7xFIYot7e5akySiL4RPKaCgA_X_fyTE&e=" target="_blank"><span style="color:purple">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</span></a></pre>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span> </span></p>
<pre>______________________________<wbr>_________________</pre>
<pre>gnso-rds-pdp-wg mailing list</pre>
<pre><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=DwMDaQ&c=tq9bLrSQ8zIr87VusnUS92RmR2KtbW6AiQIx78dtRmA&r=TAA3GKe6tpWdv3RbCks6TRrjaTx9d0J3KzemA65KYpA&m=fOG1O9n2_DhDKrVj0wrojDKlYIsDeLHzwtDlEi-f9Ng&s=GditP_BvWvjE7xFIYot7e5akySiL4RPKaCgA_X_fyTE&e=" target="_blank"><span style="color:purple">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</span></a></pre>
</blockquote>
<div>
<p class="MsoNormal"><span> </span></p>
</div>
<div class="MsoNormal" style="text-align:center" align="center"><span>
<hr size="2" align="center" width="100%"></span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt"><br>
<b><i><br>
Reminder: Any
email that
requests your
login
credentials or
that asks you
to click on a
link could be
a phishing
attack. If
you have any
questions
regarding the
authenticity
of this email
or its sender,
please contact
the IT Service
Desk at<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="tel:%28212%29%20484-6000" target="_blank"><span style="color:purple">212.484.6000</span></a><span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>or
via email at<span class="m_-4572336867085428836m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></i></b></span><a href="mailto:ITServices@timewarner.com" target="_blank"><b><i><span style="font-size:12.0pt">ITServices@timewarner.com</span></i></b></a></p>
<div class="MsoNormal" style="text-align:center" align="center">
<hr size="2" align="center" width="100%"></div>
<div>
<p class="MsoNormal">This
message is the
property of
Time Warner
Inc. and is
intended only
for the use of
the
addressee(s)
and may be
legally
privileged
and/or
confidential.
If the reader
of this
message is not
the intended
recipient, or
the employee
or agent
responsible to
deliver it to
the intended
recipient, he
or she is
hereby
notified that
any
dissemination,
distribution,
printing,
forwarding, or
any method of
copying of
this
information,
and/or the
taking of any
action in
reliance on
the
information
herein is
strictly
prohibited
except by the
intended
recipient or
those to whom
he or she
intentionally
distributes
this message.
If you have
received this
communication
in error,
please
immediately
notify the
sender, and
delete the
original
message and
any copies
from your
computer or
storage
system. Thank
you.</p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="color:purple">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</span></a></p>
</div>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">______________________________<wbr>_________________<br>
gnso-rds-pdp-wg
mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">-- <br>
Bei weiteren Fragen
stehen wir Ihnen gerne
zur Verfügung.<br>
<br>
Mit freundlichen
Grüßen,<br>
<br>
Volker A. Greimann<br>
- Rechtsabteilung -<br>
<br>
Key-Systems GmbH<br>
<a href="https://maps.google.com/?q=Im+Oberen+Werk+1+%0D+66386+St.+Ingbert&entry=gmail&source=g" target="_blank">Im Oberen Werk 1</a><br>
66386 St. Ingbert<br>
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0)
6894 - 9396 901</a><br>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0)
6894 - 9396 851</a><br>
<a href="mailto:vgreimann@key-systems.net" target="_blank">Email: vgreimann@key-systems.n<wbr>et</a><br>
<br>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www<wbr>.RRPproxy.net</a><br>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www<wbr>.BrandShelter.com</a><br>
<br>
Folgen Sie uns bei
Twitter oder werden
Sie unser Fan bei
Facebook:<br>
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><br>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><br>
<br>
Geschäftsführer:
Alexander Siffrin<br>
Handelsregister Nr.:
HR B 18835 -
Saarbruecken<br>
Umsatzsteuer ID.:
DE211006534<br>
<br>
Member of the KEYDRIVE
GROUP<br>
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a><br>
<br>
Der Inhalt dieser
Nachricht ist
vertraulich und nur
für den angegebenen
Empfänger bestimmt.
Jede Form der
Kenntnisgabe,
Veröffentlichung oder
Weitergabe an
Dritte durch den
Empfänger ist
unzulässig. Sollte
diese Nachricht nicht
für Sie bestimmt sein,
so bitten wir Sie,
sich mit uns per
E-Mail oder
telefonisch in
Verbindung zu setzen.<br>
<br>
------------------------------<wbr>--------------<br>
<br>
Should you have any
further questions,
please do not hesitate
to contact us.<br>
<br>
Best regards,<br>
<br>
Volker A. Greimann<br>
- legal department -<br>
<br>
Key-Systems GmbH<br>
<a href="https://maps.google.com/?q=Im+Oberen+Werk+1+%0D+66386+St.+Ingbert&entry=gmail&source=g" target="_blank">Im Oberen Werk 1</a><br>
66386 St. Ingbert<br>
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0)
6894 - 9396 901</a><br>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0)
6894 - 9396 851</a><br>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.n<wbr>et</a><br>
<br>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www<wbr>.RRPproxy.net</a><br>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www<wbr>.BrandShelter.com</a><br>
<br>
Follow us on Twitter
or join our fan
community on Facebook
and stay updated:<br>
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><br>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><br>
<br>
CEO: Alexander Siffrin<br>
Registration No.: HR B
18835 - Saarbruecken<br>
V.A.T. ID.:
DE211006534<br>
<br>
Member of the KEYDRIVE
GROUP<br>
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a><br>
<br>
This e-mail and its
attachments is
intended only for the
person to whom it
is addressed.
Furthermore it is not
permitted to publish
any content of this
email. You must not
use, disclose, copy,
print or rely on this
e-mail. If an
addressing
or transmission error
has misdirected this
e-mail, kindly notify
the author by replying
to this e-mail or
contacting us by
telephone.</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>