[Accred-Model] Codes of conduct

BECKHAM, Brian brian.beckham at wipo.int
Fri Jul 27 10:00:54 UTC 2018 

Hi Rubens,

As far as standardized processes go, are you aware of any public examples that folks could look at?

I am aware e.g., of the Nominet Data Release Request<https://s3-eu-west-1.amazonaws.com/nominet-prod/wp-content/uploads/2018/05/22101442/Data-request-form.pdf> which asks requestors to “explain who you are and the reason that you are requesting the non-public data”.

Similarly, the EURid Personal Data Disclosure Form<https://eurid.eu/d/1236566/request_form_disclosure_personal_data_en.docx> requires requestors to describe “your legitimate interest regarding the disclosure of personal data; [and] how you intend to use the requested data”.

These examples, as well as v1.7 of the model being discussed on this list, go beyond the “Trust me I'm a lawyer” mischaracterization.

Arguably going significantly beyond what these European ccTLDs require, version 1.7 of the A&A Model (at page 4) states inter alia that requestors should have “a specific and delineated purpose for their access to and use of non-public data” and moreover that they should certify “that access to and use of non-public data is for a legitimate and lawful purpose and limited to the purpose for which it is sought.”

If there are other standardized models you (or others) are aware of, it would be helpful if you could share those to see if a set of best practices/request elements could be pulled together.

Thanks, and best regards,

Brian

From: Accred-Model [mailto:accred-model-bounces at icann.org] On Behalf Of Rubens Kuhl
Sent: Wednesday, July 25, 2018 11:03 PM
To: accred-model at icann.org; gdpr at icann.org
Subject: Re: [Accred-Model] Codes of conduct




On 25 Jul 2018, at 17:50, Cyntia King <cking at modernip.com<mailto:cking at modernip.com>> wrote:

Agreed that the GDPR should empower Data Subjects to have more control over their PII.
However, this isn’t the only consideration:


  1.  The GDPR also states:  “The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.”  (Recital 4)
I think Rod’s suggestions are a good faith effort to achieve that proportionality.


  1.  In meetings w/ the European Commission (28-May-18), the commission said they shared the concerns of trademark rights advocates that there be standardized & predictable access to necessary WHOIS information.

I believe the Commission is aware that an ad hoc system of response is not only chaotic, but potentially unsafe.

A consistent & reliable system that balances the privacy rights of certain individuals against the threat of harm to (potentially countless) others, will be a difficult - but not impossible - balancing act.


A system that grants more access than a situation allows under GDPR is also problematic. So when going from ad hoc to standardised, the standard can't have less information than would be required in ad hoc mode, specially information specific to that request, like a power-of-attorney from an specific brand holder. Simply saying "Trust me I'm a lawyer" doesn't cut it.


Rubens



Rubens

        [The image of the 2018 GII cover shows crashing waves captured within the outline of a battery cell, representing the raw power of innovation.] <http://www.wipo.int/gii/?utm_source=wipomail&utm_medium=signature&utm_campaign=gii2018>                GLOBAL
INNOVATION
INDEX 2018
        Energizing the World with Innovation
        Launch July 10  www.wipo.int/gii<http://www.wipo.int/gii/?utm_source=wipomail&utm_medium=signature&utm_campaign=gii2018>
#GII2018



World Intellectual Property Organization Disclaimer: This electronic message may contain privileged, confidential and copyright protected information. If you have received this e-mail by mistake, please immediately notify the sender and delete this e-mail and all its attachments. Please ensure all e-mail attachments are scanned for viruses prior to opening or using.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180727/f85995d4/attachment-0001.html>

More information about the Accred-Model mailing list