[Accred-Model] WP29 statement on WHOIS

Rubens Kuhl rubensk at nic.br
Fri Apr 27 16:26:15 UTC 2018 


> Em 27 de abr de 2018, à(s) 12:52:000, Aikman-Scalese, Anne <AAikman at lrrc.com> escreveu:
> 
> What concerns me most here is the apparent failure of the much-lauded Multistakeholder Bottom-up policymaking process.    It is clear that there ARE in fact circumstances where ICANN Board and staff must act in a top-down manner in the Global Public Interest.    WHOIS was removed as a public interest obligation in the IANA transition.  It was said that it would not matter.  Many knew that it would matter – if only because ICANN would have been forced to deal with the conflict between that obligation and the GDPR at a much earlier stage – we would have had an anonymized e-mail address system by now.

E-mail was not the only point of discussion throughout these years. Identity was a PII that people kept insisting it should be published.

> 
> The victim is the Global Public Interest.  The root cause is the Bottom-up policymaking process and the desire on the part of some stakeholders to “look the other way” on the issue of proportionality.  Goram is a smart guy. Everyone on the Board is smart.  Everyone on the Board also has a fiduciary duty to avoid risk to the corporation.  I am certain that these individuals were advised that avoiding that risk involved avoiding being classified as a “joint data controller”.  Hence, the delay while the perfect storm was developing between ICANN controlling risk and various stakeholders preferring the present outcome.

Considering how chaotic this has been, I don't think any stakeholder can say that they played it in a such way to get this outcome.

> 
> It really bugs me when Internet policy just ends up creating more work for IP lawyers. ;-(.



> 
> All that said, I do favor the Expedited PDP.

If a solution was found to be lawful, that solution will likely be enacted reasonably quick by willing contracted parties. I only see usefulness in the EPDP when we already know what we should be doing, so that can become a requirement.

> I also favor ICANN enacting an Emergency Policy under Specification 2 of the RA that requires registrants to provide an e-mail that does not contain personal information.


No matter what are the requirements, I don't believe the situation affords an emergency policy. I reckon that it's very likely ICANN will make one, but that could be a risk for them since some contracted parties that even might agree with the substance might disagree with the vehicle, and thus challenge the policy. An advisory would be a clearer way to this particular situation, IMHO. I unfortunately see an arbitration coming if ICANN enacts an emergency policy.


> The mailing list vehicle for this could be the same e-mail registrars send out to ask for verification of information.
> 
> No one ever said that conditioning services on the provision of an e-mail address that does NOT contain personal information is a GDPR violation.  (Apparently some ccTLDs have been requiring this for quite a while.)

That sounds to me like a consent that this is not freely given. From a practical standpoint, anonymizing them by process is a sure way to not only assure the system is lawful, but the user perceives it as such. A system that causes flocks of users to file claims in their DPAs, even if later they are found to not have basis, is a failure.


Rubens



> Anne
> 
> 
> Anne E. Aikman-Scalese
> Of Counsel
> 520.629.4428 office
> 520.879.4725 fax
> AAikman at lrrc.com <mailto:AAikman at lrrc.com>
> _____________________________
> <image003.png>
> Lewis Roca Rothgerber Christie LLP
> One South Church Avenue, Suite 2000
> Tucson, Arizona 85701-1611
> lrrc.com <http://lrrc.com/>
> 
> 
> From: Accred-Model [mailto:accred-model-bounces at icann.org] On Behalf Of Michael Palage
> Sent: Friday, April 27, 2018 8:14 AM
> To: 'Rubens Kuhl'; accred-model at icann.org
> Subject: Re: [Accred-Model] WP29 statement on WHOIS
> 
> Rubin,
> 
> I read that article with interest as well.  While there has not been a lot of community consensus surrounding GDPR, hopefully the ICANN community could unite around the question posed in the article, “who” came up with this non-viable solution - was is it ICANN legal or an external law firm?
> 
> I think we the community deserve an answer to this fundamental question. Hopefully there is one or more ICANN Board members on this list that could answer this fundamental question.
> 
> The next big question, will that person or law firm be held accountable for the “fantasy land” advice  (per the article) that was sold to the community, and wasted the little precious time we had to prepare for the GDPR deadline.  Sadly I do not think Dan Halloran, ICANN’s Chief Data Protection Officer can be held accountable because it appears that John Jeffery has made sure he has had zero visibility in any of the meetings with the Article 29 WP to date.
> 
> While I have been known to file my fair share of DIDP requests with ICANN , anyone interested in filing a joint one to get to the bottom of this latest ICANN GDPR debacle please contact me offlist.
> 
> Best regards,
> 
> Michael
> 
> 
> From: Accred-Model <accred-model-bounces at icann.org <mailto:accred-model-bounces at icann.org>> On Behalf Of Rubens Kuhl
> Sent: Friday, April 27, 2018 10:45 AM
> To: accred-model at icann.org <mailto:accred-model at icann.org>
> Subject: [Accred-Model] WP29 statement on WHOIS
> 
> 
> WP29 provided a member of the press a statement putting an end to the moratorium idea:
> https://www.theregister.co.uk/2018/04/27/europe_icann_whois_gdpr/?page=1 <https://www.theregister.co.uk/2018/04/27/europe_icann_whois_gdpr/?page=1>
> 
> But, it doesn't come with a link to a published statement, so my skepticism prevents me from taking it at face value. But the likelihood of it being true is pretty high.
> 
> 
> That said, let's gear up to get a layered lawful model off the ground. The sooner, the better.
> 
> 
> Rubens
> 
> 
> 
> 
> 
> 
> 
> This message and any attachments are intended only for the use of the individual or entity to which they are addressed. If the reader of this message or an attachment is not the intended recipient or the employee or agent responsible for delivering the message or attachment to the intended recipient you are hereby notified that any dissemination, distribution or copying of this message or any attachment is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender. The information transmitted in this message and any attachments may be privileged, is intended only for the personal and confidential use of the intended recipients, and is covered by the Electronic Communications Privacy Act, 18 U.S.C. §2510-2521.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180427/c421a780/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180427/c421a780/signature.asc>

More information about the Accred-Model mailing list