[Accred-Model] Version 1.6 of the Accreditation and Access Model

Rubens Kuhl rubensk at nic.br
Tue Jun 19 18:02:54 UTC 2018 

Cyntia,

Just to be clear, the initial suggestion by Michael Palage incorporated in itself a mechanism, instead of relying on Privacy Shield. Perhaps Privacy Shield certification could be use to achieve some of its requirements in order to save for organizations already subscribed for it, instead of being the only option.



Rubens


> Em 19 de jun de 2018, à(s) 14:58:000, Cyntia King <cking at modernip.com> escreveu:
> 
> Easy for whom?
> I'm a small business owner & this is daunting, to say the least.
> And there are multiple fees involved.
> 
> Are we suggesting that this should be ICANN’s enforcement mechanism for accessing Whois data?  This would be on top of the accreditation & fees we’re already discussing, right?
> 
> What about ‘foreign’ companies - are we asking non-US companies to self-certify w/ the Us govt?
> 
> I don’t see how this solves much of anything, but it would certainly make accreditation more difficult & expensive.
> 
> 
> Cyntia King
> O:  +1 816.633.7647
> C:  +1 818.209.6088
> <image001.jpg>
> 
> -----Original Message-----
> From: Accred-Model <accred-model-bounces at icann.org> On Behalf Of Rubens Kuhl
> Sent: Tuesday, June 19, 2018 12:48 PM
> To: John R. Levine <johnl at iecc.com>
> Cc: accred-model at icann.org
> Subject: Re: [Accred-Model] Version 1.6 of the Accreditation and Access Model
> 
> 
> 
> > Em 19 de jun de 2018, à(s) 14:32:000, John R. Levine <johnl at iecc.com <mailto:johnl at iecc.com>> escreveu:
> >
> >> It's great when there is actually an easy solution.  At least for the many US companies, law firms, cybersecurity firms, and others (and this a huge part of the group seeking access), they should "self-certify" to the EU-US Privacy Shield, via procedures set up by the US Department of Commerce and Federal Trade Commission.
> >
> > Well, at least until the EU courts kill privacy shield like they did Safe Harbor.
> >
> > Banks and non-profits such as CAUCE are not eligible for Privacy Shield (they're not regulated by the FTC or DOT.)  For small organizations the PS rules are extremely conplex and there's a mandatory annual payment to cover potential arbitration costs.
> >
> > Can we back up and explain what problem this overcomplex "solution" is supposed to be solving here?
> 
> 
> Having redress mechanisms for data subjects that have their data privacy rights violated. With great power, there must also come great responsibility.
> 
> 
> 
> Rubens

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180619/9b4a5994/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 528 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180619/9b4a5994/signature.asc>

More information about the Accred-Model mailing list