[council] Suggestion for membership criteria of proposed Expedited Policy Development Process

McGrady, Paul D. PMcGrady at winston.com
Tue Jun 12 16:07:41 UTC 2018

Thanks Ayden.  Your email doesn’t raise any new arguments or issues that you didn’t cover on the call, so I won’t respond to it substantively or reiterate my position on this which was also heard on the call.  I’m deeply concerned that the Council is going down a dangerous path here (imagine the outrage if the IPC had insisted on trademark training in advance of participation in the RPM PDP).  I will let my constituency know that there is discussion on the Council to exclude those who don’t meet certain qualifications proposed by certain members of Council and will take instructions from my constituency on this topic on our next call.


From: Ayden Férdeline [mailto:icann at ferdeline.com]
Sent: Tuesday, June 12, 2018 10:53 AM
To: McGrady, Paul D. <PMcGrady at winston.com>
Cc: Carlos Raul Gutierrez <crg at isoc-cr.org>; GNSO Council List <council at gnso.icann.org>
Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

Hi Paul,

It is not accurate to characterise this requirement as an a barrier "designed to exclude." Nothing could be further from the truth.

I do not believe it to be unreasonable to expect a member of a working group that will be tasked with developing a series of recommendations that must, ultimately, be compliant with the GDPR to be comprised of persons with a functional knowledge of the GDPR. I am not suggesting participation be gated at only those who have written a privacy law, or have a decade of experience as a privacy practitioner. 3 or 4 hours of education is simple professional development that anyone can complete in an afternoon. And there is no financial barrier proposed, as I have suggested that ICANN should pay for this certificate for those members of the EPDP who do not already hold one.

Requiring this certificate will not "result in exclusions from the team and undermine its outcomes from Day 1". What will undermine its outcomes from Day 1 is having an EPDP team where even one participant does not know the basic principles of data protection law. That would hold everyone back, and we have only 78 days to get an initial report ready.

We need to begin with a common understanding as to what is fact, what is fiction, and what is opinion when it comes to the GDPR. As I said on today's call, you wouldn't argue the first amendment without having read it first... I'm not trying to force anyone to read the GDPR (I know it is lengthy), but I would like to make sure that a few of its fundamental principles are extracted and put in front of everyone who is going to be a part of this EPDP.

That's my intention. Nothing else to it - just wanting the EPDP to be able to move along swiftly.

Best wishes,
Ayden Férdeline

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On 12 June 2018 4:51 PM, McGrady, Paul D. <PMcGrady at winston.com<mailto:PMcGrady at winston.com>> wrote:

Thanks Carlos.

Actually, you agree with me.  I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone.  But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG.  I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary.  I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1.


From: Carlos Raul Gutierrez [mailto:crg at isoc-cr.org]
Sent: Tuesday, June 12, 2018 9:32 AM
To: McGrady, Paul D. <PMcGrady at winston.com<mailto:PMcGrady at winston.com>>
Cc: Ayden Férdeline <icann at ferdeline.com<mailto:icann at ferdeline.com>>; GNSO Council List <council at gnso.icann.org<mailto:council at gnso.icann.org>>
Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

It was a very interesting Council call today, of which I could only follow the initial 2/3 or so.
After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you.
Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different:
My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money!
The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-).
So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH.
For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars.
With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision.

Carlos Raúl Gutiérrez
ISOC Costa Rica Chapter
skype carlos.raulg
+506 8837 7176
Apartado 1571-1000

On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady at winston.com<mailto:PMcGrady at winston.com>> wrote:
Thanks Ayden.

Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either.  Certainly in the case of this EPDP we would want people to have the basics of trademark law as well.  Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary.  I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side.


Paul D. McGrady


Winston & Strawn LLP
35 W. Wacker Drive
Chicago, IL 60601-9703

D: +1 312-558-5963

F: +1 312-558-5700

Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady at winston.com> | winston.com<http://www.winston.com>

[Winston & Strawn LLP]

From: council [mailto:council-bounces at gnso.icann.org<mailto:council-bounces at gnso.icann.org>] On Behalf Of Ayden Férdeline
Sent: Thursday, June 07, 2018 3:12 PM
To: GNSO Council List <council at gnso.icann.org<mailto:council at gnso.icann.org>>
Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

Dear all,

I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!).

I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection.

I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms.

There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years.

For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it.

I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you.

Best wishes,
Ayden Férdeline


The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations.

council mailing list
council at gnso.icann.org<mailto:council at gnso.icann.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20180612/b4a61ff2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2042 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/council/attachments/20180612/b4a61ff2/image001-0001.jpg>

More information about the council mailing list