[council] Update from EPDP leadership regarding the EDPB letter

[Rafik Dammak]

Dear GNSO Councilors:



We are writing to report some specific recent actions by the EPDP team.



As you know, the EPDP Charter states that, "the Initial Report should be
submitted to the European Data Protection Board [EDPB] or other relevant
DPAs to request feedback on the applicability of the law in relation to the
proposed recommendations, particularly those that may carry over from
Temporary Specification to Consensus Policy recommendations to the ICANN
Board.”



After a detailed and constructive discussion, the EPDP team has decided
(for the time being) to not directly contact the EDPB in order to request
feedback on the Initial Report. We are writing to explain the thought
process that went into that decision and seek any feedback the Council has
to offer.



As the EPDP team debated and discussed charter questions and issues leading
to the publication of the initial report, it identified a set of legal
questions (i.e., interpreting the GDPR) that required resolution before
certain policy recommendations could be made.



During an EPDP meeting, the team debated whether:

1.     To send the set of legal questions to the EDPB for input, and

2.     To send the Initial Report to the EDPB along with certain messages:

o   the Initial Report is available for their review and comment,

o   the Initial Report is a prelude to the Final Report, likely to become
ICANN Policy, and

o   that we are wading through certain legal questions and are getting
independent input on those



So far, we have decided to do neither, primarily for two reasons.



First, the EDPBs own writings and the personal experiences of some EPDP
members indicate that the EDPB is NOT a consulting resource. The EDPB
provides advisories and guidance to governments and DPAs. The EPDP team
determined that we should seek answers to our legal questions through
independent legal advice and, perhaps through DPAs.



Second, perhaps recognizing that the Initial Report had not yet resolved
all issues, the EPDP Team thought that is would not yet be a good use of
the EDPB’s time and good will to ask them to opine on something that is
incomplete.



So, other than a notice that ICANN is working on GDPR issues and is making
progress, the team believes that a letter to the EDPB would have little to
offer.



It was suggested that such a letter would be useful as it would serve to
manage EDPB expectations: so that the final report would not provide the
“first look” at our work. While some in the EPDP that agreed with this,
there were also strong opinions in the EPDP that the letter as currently
drafted and timed might actually harm relations with the EDPB.



Given that one cannot “unsend” a letter, it was decided to hold off for the
time being.  As we progress our discussions and watch the interactions
between the EDPB and ICANN or between the EDPB and other organizations, we
can continue to re-assess our decision and possible send a notice (or a
more meaningful notice) at a later date.



We would be pleased to provide additional detail or discuss this with the
Council in greater detail at your convenience.



Sincerely,



Kurt & Rafik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20181221/e6d7084b/attachment.html>