<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>Correct but they are the ones collecting the data so unless they are convinced of the need and legal ability they simply will not collect it. Processing only comes after collection.</div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> gnso-rds-pdp-wg <<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>> on behalf of Dotzero <<a href="mailto:dotzero@gmail.com">dotzero@gmail.com</a>><br><span style="font-weight:bold">Date: </span> Tuesday, February 13, 2018 at 5:23 PM<br><span style="font-weight:bold">To: </span> Volker Greimann <<a href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>><br><span style="font-weight:bold">Cc: </span> RDS PDP WG <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [gnso-rds-pdp-wg] Legal basis vs. lawful<br></div><div><br></div><blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div dir="ltr"><div><div>Volcker,<br><br></div>Registrars are not the only constituency with a stake in this. <br><br></div>Michael Hammer<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 13, 2018 at 11:13 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Mike,</p>
<p>no, sensible because a great number of registrars will be forced
to deal with this anyway, because this will affect a great many of
registrations and therefore it makes sense to take this as a
basis. Of course we will then need to see if there need to be
tweaks to accomodate for other jurisdictions, but as more as more
countries are adopting similar regimes....</p>
<p>Sure it will be more restrictive than open access and some people
may have a harder time than today getting at certain information,
but with tiered access access would still be possible for those
with overriding legitimate interests. That is the model the EU
commission hinted at. Not the only model, but a working one.<span class="HOEnZb"><font color="#888888"><br>
</font></span></p><span class="HOEnZb"><font color="#888888">
<p>Volker<br>
</p></font></span><div><div class="h5">
<br>
<div class="m_-5981583062905781775moz-cite-prefix">Am 13.02.2018 um 17:04 schrieb Dotzero:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Volker, you assert that "it would be sensible to take GDPR
as a basis and start from there". Perhaps sensible from your
perspective and easier from your perspective but ICANN is an
international organization - primarily dealing with
technical/administrative issues - and it MUST take an approach
that, as best it can, accommodates the laws and practices of
various jurisdictions around the world. Your proposed
approach, quite simply does not do that.<br>
<br>
</div>
Michael Hammer<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 13, 2018 at 10:54 AM,
Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>I think that it would be sensible to take the GDPR as a
basis and start from there. Obviously, where it
conflicts with other applicable laws, we should make
sure to accomodate those as well, but as the EU
Commission and others have pointed out is that
compliance with GDPR does not preclude providing certain
access levels to certain parties. What those levels
would be and who those parties could be should be the
main focus of our work. <br>
</p>
<div>
<div class="m_-5981583062905781775h5"> <br>
<div class="m_-5981583062905781775m_692055522894869952moz-cite-prefix">Am
13.02.2018 um 15:41 schrieb Chuck:<br>
</div>
<blockquote type="cite">
<div class="m_-5981583062905781775m_692055522894869952WordSection1">
<p class="MsoNormal"><span style="color:windowtext">Volker,</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">Are you saying that
you think that RDS policies should be designed
to comply with European regulations and then
applied to all other jurisdictions in the
world?</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">Chuck</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span style="color:windowtext"> Volker Greimann
[<a class="m_-5981583062905781775m_692055522894869952moz-txt-link-freetext" href="mailto:vgreimann@key-systems.net" target="_blank">mailto:vgreimann@key-systems.<wbr>net</a>]
<br>
<b>Sent:</b> Tuesday, February 13, 2018
5:58 AM<br>
<b>To:</b> Chuck <a class="m_-5981583062905781775m_692055522894869952moz-txt-link-rfc2396E" href="mailto:consult@cgomes.com" target="_blank"><consult@cgomes.com></a>;
'Michael Palage' <a class="m_-5981583062905781775m_692055522894869952moz-txt-link-rfc2396E" href="mailto:michael@palage.com" target="_blank"><michael@palage.com></a><br>
<b>Cc:</b> <a class="m_-5981583062905781775m_692055522894869952moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg]
Legal basis vs. lawful</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p>I am afraid that if we create different
policies for different regions, we will break
the model, encourage forum shopping and
encourage firewalling of entire geographic
sections of the net. I hope that is not what we
are doing here. </p>
<p>GDPR will cause some breakage of this and I see
it as our mission to fix this breakage of the
standard by proposing a unified model once
again. </p>
<p>Ultimately, if this solution does what the EU
has been asking for, e.g. protect legitimate use
cases of registration data as well as the rights
of the data subjects, there is no reason why it
should not be universally applicable. </p>
<p>Best,</p>
<p>Volker</p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">Am 13.02.2018 um 00:04
schrieb Chuck:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Volker,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The WG could recommend
policies that are ‘universally applicable to
all registrations’ but I seriously doubt that
will happen in today’s world. That would be
much simpler than policies that vary by region
and users, but is it realistic?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Chuck</p>
<p class="MsoNormal"> </p>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b>
gnso-rds-pdp-wg [<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>]
<b>On Behalf Of </b>Volker Greimann<br>
<b>Sent:</b> Monday, February 12, 2018
2:30 PM<br>
<b>To:</b> Michael Palage <a href="mailto:michael@palage.com" target="_blank"><michael@palage.com></a><br>
<b>Cc:</b> <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b> Re: [gnso-rds-pdp-wg]
Legal basis vs. lawful</p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Michael is right. ICANN iOS
based on the thought of “One World; one
Internet”. This also means that the policies
it creates should be universally applicable to
all registrations, if possible. IF we start
creating policy that diverges, that would only
lead to further fragmentation and undermine
the founding ideal of ICANN itself. Our aim
should be to create one policy that can be
applied to all or most registrations and that
can be implemented by all registrars alike. </p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">While we will likely have
a certain amount of fragmentation following
May 25 as each contracted party applies its
own solution, it should be our goal to
overcome this and present a new unified
policy that works for all contracted
parties. </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Volker</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On 12. Feb 2018,
at 20:27, Michael Palage <<a href="mailto:michael@palage.com" target="_blank">michael@palage.com</a>>
wrote:</p>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal">Greg/John,</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">I will
respectfully push back on your
legal over simplification of the
GDPR.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">The
exterritorial aspect of the GDPR
set forth in Article 3 is NOT just
limited to EU residents/citizens.
As Michele has noted in the past,
the GDPR requires BlackKnight as
an Irish legal entity to protect
all of its customers data
(EU/Non-EU) in compliance with
GDPR, as well as US entities that
target and conduct business within
the EU.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Now your points
about the distinction between
natural and legal persons is a
fair one and one that has been
noted in EU and Art 29
communications. Could you please
share the basis of your
proposition that 97% of all domain
name registrations are registered
by legal entities.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">As I have note
previously the long term viability
of the ICANN multi-stakeholder
model is at risk as national
governments continue to pass
national laws that impact the
operation of the Internet.
However, the European Union is NOT
alone in advancing Privacy
Legislation, in fact data
localization is perhaps the next
biggest lurking threat to the
domain name system. <span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Best regards,</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Michael</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><b>From:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</a>]<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On Behalf
Of<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>John
Horton via gnso-rds-pdp-wg<br>
<b>Sent:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Monday,
February 12, 2018 1:22 PM<br>
<b>To:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Greg
Aaron <<a href="mailto:gca@icginc.com" target="_blank">gca@icginc.com</a>><br>
<b>Cc:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<b>Subject:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg] Legal basis vs.
lawful</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#444444">I
think Greg is right on.
There's simply no
justification to force a law
that is only intended to
apply to a) EU
residents/citizens that are
b) natural persons not using
the domain name for
commercial purposes, to the
remaining...what? 97% - 99%
of the world's registrant
population? That would be a
balanced way to implement
all of this. </span></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><br clear="all">
</p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#073763">John
Horton<br>
President and
CEO,
LegitScript</span></p>
</div>
<div>
<div>
<p class="MsoNormal"><img style="width:1.0in;height:.375in" id="m_-5981583062905781775m_692055522894869952_x0000_i1025" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" width="96" height="36" border="0"></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#444444">Follow</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0b5394"> </span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Legit</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0b5394">Script</span></b><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">: <a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span style="color:#cc0000">LinkedIn</span></a> | <a href="https://www.facebook.com/LegitScript" target="_blank"><span style="color:#6aa84f">Facebook</span></a>
| <a href="https://twitter.com/legitscript" target="_blank"><span style="color:#674ea7">Twitter</span></a>
| </span><u><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#ff9900"><a href="http://blog.legitscript.com/" target="_blank"><span style="color:#1155cc">Blog</span></a></span></u><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> |</span><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#ff9900"> <a href="http://go.legitscript.com/Subscription-Management.html" target="_blank"><span style="color:#ff9900">Newsletter</span></a></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#ff9900"><img style="width:.4791in;height:1.0in" id="m_-5981583062905781775m_692055522894869952_x0000_i1026" src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" width="46" height="96" border="0"><img style="width:.4895in;height:1.0104in" id="m_-5981583062905781775m_692055522894869952_x0000_i1027" src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" width="47" height="97" border="0"></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal">On Mon, Feb
12, 2018 at 9:57 AM, Greg
Aaron <<a href="mailto:gca@icginc.com" target="_blank"><span style="color:purple">gca@icginc.com</span></a>>
wrote:</p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I
don’t know if we arrive
at the same place. <span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">GDPR
is based on one
principle. It states
what is legal. It's
explicit about what you
_are allowed to do_;
granted there’s some
flexibility and room for
interpretation. It’s
like saying what’s
inside a box.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">U.S.
law is one based on
different principles.
AFAIK U.S. consumer
protection law does not
enumerate specifically
what is lawful. Instead
it tends to state what
is illegal, what you are
_not allowed to do_.
It’s like saying what’s
outside the box. The
U.S. doesn’t have
something like GDPR that
spells out legal bases
for collecting data,
i.e. the enumerated
allowable reasons.
Instead the trade and
consumer protection laws
basically say: entities
have the right to form
contracts between
themselves, they should
live up to the contract,
don’t surprise people,
don’t do certain
dishonest things. <span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Here's
the problem: if one
makes the GDPR principle
the ICANN standard and
you apply it to all
registrations, then
practices that are
allowable in one place
under the law (like the
U.S.) would no longer be
allowed there by ICANN
policy. ICANN would be
choosing one legal
approach or regime for
everyone in the world. <span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">The
alternative is to apply
the GDRP only to those
that it is designed to
protect: registrants in
the EU.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">For
example, there’s nothing
in U.S. law that
prohibits a U.S.
registrar from having a
contract that says
publication of full
contact data in WHOIS
is a condition of
registering a domain
name if you are a
registrant in the U.S.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">See<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="https://iapp.org/news/a/explaining-the-gdpr-to-an-american/" target="_blank"><span style="color:purple">https://iapp.org/news/a/ex<wbr>plaining-the-gdpr-to-an-americ<wbr>an/</span></a>
for more.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal"><b>From:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="color:purple">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</span></a>]<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On Behalf
Of<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>Silver,
Bradley via
gnso-rds-pdp-wg<br>
<b>Sent:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Friday,
February 9, 2018
2:54 PM<br>
<b>To:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Volker
Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank"><span style="color:purple">vgreimann@key-systems.net</span></a>>;<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">g<wbr>nso-rds-pdp-wg@icann.org</span></a></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><br>
<b>Subject:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg]
Legal basis vs.
lawful</p>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d">It is true that the GDPR is prescriptive, although
also rather
open-ended (hence
our current
pickle). But
regardless of the
term we use, don’t
we arrive at the
same place: which
is that if
something that
requires a legal
basis is done
without one, it
will be unlawful?
Using Kathy’s
example, if data
is processed
without complying
with minimization
or purpose
principles, will
such processing
not run afoul of
the law, and hence
be unlawful? <span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d">There are important distinctions between the
meaning of “legal
basis” which
implies that a law
requires something
to be
affirmatively
present, versus
“lawful”, which
means that
something is not
prohibited by
law. Ultimately
though, isn’t
“lawfulness”, the
same end point,
regardless? <span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#1f497d"> </span></p>
</div>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> </span></span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">gnso-rds-pdp-wg
[</span><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:purple">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">]<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On Behalf
Of<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>Volker
Greimann<br>
<b>Sent:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Friday,
February 09,
2018 11:27 AM<br>
<b>To:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:purple">gnso-rds-pdp-wg@icann.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><br>
<b>Subject:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg]
Legal basis
vs. lawful</span></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">I
do not see how.
Kathy's analysis
seems sound. The
flexibility within
the GDPR still
only allows
processing in very
specific
cicumstances, all
of which are
listed in the
GDPR.</span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<p class="MsoNormal">Am
09.02.2018 um
16:45 schrieb
Victoria Sheckler:</p>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Kathy’s
analysis breaks
down on a
practical level
when one looks at
the GDPR and what
it says about when
data can be
processed. The
GDPR allows for
flexibility for
what can be
processed and
when, and kathy’s
analysis overlooks
that point.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal"><b>From:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>gnso-rds-pdp-wg
[<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank"><span style="color:purple">mailto:gnso-rds-pdp-wg-bounce<wbr>s@icann.org</span></a>]<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b>On Behalf
Of<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></b>Kathy
Kleiman<br>
<b>Sent:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Thursday,
February 8,
2018 7:07 PM<br>
<b>To:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a><br>
<b>Subject:</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>Re:
[gnso-rds-pdp-wg]
Legal basis
vs. lawful</p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Tx
for the invitation
to join, Chuck,
and following up
on the discussion
of Sam and Tapani,
let me add that
criteria for
processing must be
clearer than
something broadly
within ICANN's
mission statement
and something
permissible
somewhere. The
requirements under
law are express
and concrete.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Specifically,
GDPR Article
5(1)(b and c)
states:</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b>Personal
data shall be:<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
2. "collected
for<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><u>specified,
explicit and
legitimate
purposes<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></u>and
not further
processed in a
manner that is
incompatible with
those purposes"</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>(the "purpose
limitation") AND<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><b><br>
3. "adequate,
relevant and
limited to what is
necessary in
relation to the
purposes for which
they are
processed"</b><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>(the "data
minimisation"
requirement).
[underline added]<b><br>
</b><br>
Thus, our first
criteria of
"consistent with
ICANN's mission," is
only the first step
and we need to go
further than even
the 3 criteria we
are discussing..<br>
<br>
Second, lawful and
legal enter us into
a debate over words
and I have to agree
with Sam and
Tapani's analysis
and let me add some
of my own.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
"Legal" is the term
we use for actions
expressly allowed
under law. How we
process personal
data under the GDRP
falls into this
category -- of
processing expressly
allowed under law.
Whereas the term
lawful is used for a
much broader
category of actions
which are generally
permissible and
allowable.<br>
<br>
The term "legal" is
much more consistent
with our criteria
statement because
the processing of
personal data by
ICANN must clearly
have a<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><i>valid
legal basis</i><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>as expressly
defined by data
protection laws.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
Best regards,<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
Kathy<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
On 2/7/2018 10:53
AM, Sam Lanfranco
wrote:</p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Thanks
Tapani,</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">I will extract from your longer message.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
I deliberately
kept my brief and
less technical.<br>
I think we are in
agreement here and
I support your
position.</p>
<div>
<div>
<p class="MsoNormal"><span style="color:#660000">On 2/7/2018 1:07 AM, Tapani Tarvainen wrote:<br>
<br>
The key
distinction,
as I
understand it,
is that
"lawful" would
be<br>
defined by
the negative,
everything
that some law
does not
prohibit,<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="color:#660000">where as "legal
basis" is
defined by the
positive, only
things whose<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
justification
can be
explicitly
derived from
law.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
<......><br>
<br>
So I would
prefer "legal
basis"
specifically in
this sense: that
any processing<br>
would have to
be explicitly
based on one of
the criteria, or
bases, as listed<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
in GDPR Article
6, or similar
explicit
justification in
other data
protection
legislation.<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><br>
<br>
</span><br>
<br>
<br>
<br>
</p>
<pre>______________________________<wbr>_________________</pre>
<pre>gnso-rds-pdp-wg mailing list</pre>
<pre><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=DwMDaQ&c=tq9bLrSQ8zIr87VusnUS92RmR2KtbW6AiQIx78dtRmA&r=TAA3GKe6tpWdv3RbCks6TRrjaTx9d0J3KzemA65KYpA&m=fOG1O9n2_DhDKrVj0wrojDKlYIsDeLHzwtDlEi-f9Ng&s=GditP_BvWvjE7xFIYot7e5akySiL4RPKaCgA_X_fyTE&e=" target="_blank"><span style="color:purple">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</span></a></pre>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span> </span></p>
<pre>______________________________<wbr>_________________</pre>
<pre>gnso-rds-pdp-wg mailing list</pre>
<pre><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=DwMDaQ&c=tq9bLrSQ8zIr87VusnUS92RmR2KtbW6AiQIx78dtRmA&r=TAA3GKe6tpWdv3RbCks6TRrjaTx9d0J3KzemA65KYpA&m=fOG1O9n2_DhDKrVj0wrojDKlYIsDeLHzwtDlEi-f9Ng&s=GditP_BvWvjE7xFIYot7e5akySiL4RPKaCgA_X_fyTE&e=" target="_blank"><span style="color:purple">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</span></a></pre>
</blockquote>
<div>
<p class="MsoNormal"><span> </span></p>
</div>
<div class="MsoNormal" style="text-align:center" align="center"><span>
<hr align="center" width="100%" size="2"></span></div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt"><br>
<b><i><br>
Reminder: Any
email that
requests your
login
credentials or
that asks you to
click on a link
could be a
phishing
attack. If you
have any
questions
regarding the
authenticity of
this email or
its sender,
please contact
the IT Service
Desk at<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span><a href="tel:%28212%29%20484-6000" target="_blank"><span style="color:purple">212.484.6000</span></a><span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span>or
via email at<span class="m_-5981583062905781775m_692055522894869952apple-converted-space"> </span></i></b></span><a href="mailto:ITServices@timewarner.com" target="_blank"><b><i><span style="font-size:12.0pt">ITServices@timewarner.com</span></i></b></a></p>
<div class="MsoNormal" style="text-align:center" align="center">
<hr align="center" width="100%" size="2"></div>
<div>
<p class="MsoNormal">This
message is the
property of Time
Warner Inc. and is
intended only for
the use of the
addressee(s) and may
be legally
privileged and/or
confidential. If the
reader of this
message is not the
intended recipient,
or the employee or
agent responsible to
deliver it to the
intended recipient,
he or she is hereby
notified that any
dissemination,
distribution,
printing,
forwarding, or any
method of copying of
this information,
and/or the taking of
any action in
reliance on the
information herein
is strictly
prohibited except by
the intended
recipient or those
to whom he or she
intentionally
distributes this
message. If you have
received this
communication in
error, please
immediately notify
the sender, and
delete the original
message and any
copies from your
computer or storage
system. Thank you.</p>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="color:purple">gnso-rds-pdp-wg@icann.org</span></a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank"><span style="color:purple">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</span></a></p>
</div>
</blockquote>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"> </p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica",sans-serif">-- <br>
Bei weiteren Fragen stehen wir Ihnen
gerne zur Verfügung.<br>
<br>
Mit freundlichen Grüßen,<br>
<br>
Volker A. Greimann<br>
- Rechtsabteilung -<br>
<br>
Key-Systems GmbH<br>
<a href="https://maps.google.com/?q=Im+Oberen+Werk+1+%0D+66386+St.+Ingbert&entry=gmail&source=g">Im Oberen Werk 1</a><br>
66386 St. Ingbert<br>
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0)
6894 - 9396 901</a><br>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0)
6894 - 9396 851</a><br>
<a href="mailto:vgreimann@key-systems.net" target="_blank">Email: vgreimann@key-systems.n<wbr>et</a><br>
<br>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www<wbr>.RRPproxy.net</a><br>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www<wbr>.BrandShelter.com</a><br>
<br>
Folgen Sie uns bei Twitter oder
werden Sie unser Fan bei Facebook:<br>
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><br>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><br>
<br>
Geschäftsführer: Alexander Siffrin<br>
Handelsregister Nr.: HR B 18835 -
Saarbruecken<br>
Umsatzsteuer ID.: DE211006534<br>
<br>
Member of the KEYDRIVE GROUP<br>
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a><br>
<br>
Der Inhalt dieser Nachricht ist
vertraulich und nur für den
angegebenen Empfänger bestimmt. Jede
Form der Kenntnisgabe,
Veröffentlichung oder Weitergabe an
Dritte durch den Empfänger ist
unzulässig. Sollte diese Nachricht
nicht für Sie bestimmt sein, so
bitten wir Sie, sich mit uns per
E-Mail oder telefonisch in
Verbindung zu setzen.<br>
<br>
------------------------------<wbr>--------------<br>
<br>
Should you have any further
questions, please do not hesitate to
contact us.<br>
<br>
Best regards,<br>
<br>
Volker A. Greimann<br>
- legal department -<br>
<br>
Key-Systems GmbH<br>
<a href="https://maps.google.com/?q=Im+Oberen+Werk+1+%0D+66386+St.+Ingbert&entry=gmail&source=g">Im Oberen Werk 1</a><br>
66386 St. Ingbert<br>
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0)
6894 - 9396 901</a><br>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0)
6894 - 9396 851</a><br>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.n<wbr>et</a><br>
<br>
Web: <a href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" target="_blank">www<wbr>.RRPproxy.net</a><br>
<a href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" target="_blank">www<wbr>.BrandShelter.com</a><br>
<br>
Follow us on Twitter or join our fan
community on Facebook and stay
updated:<br>
<a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><br>
<a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><br>
<br>
CEO: Alexander Siffrin<br>
Registration No.: HR B 18835 -
Saarbruecken<br>
V.A.T. ID.: DE211006534<br>
<br>
Member of the KEYDRIVE GROUP<br>
<a href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a><br>
<br>
This e-mail and its attachments is
intended only for the person to whom
it is addressed. Furthermore it is
not permitted to publish any content
of this email. You must not use,
disclose, copy, print or rely on
this e-mail. If an addressing
or transmission error has
misdirected this e-mail, kindly
notify the author by replying
to this e-mail or contacting us by
telephone.</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div></blockquote></div><br></div>
_______________________________________________
gnso-rds-pdp-wg mailing list
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote></span></body></html>