[council] Community member liability for participation in PDPs

Nathalie Peregrine nathalie.peregrine at icann.org
Mon May 28 07:20:42 UTC 2018


Dear Ayden,

As you know, access to Adobe Connect recordings has been restricted since ICANN61. Our tech teams have been working hard to restore access to the web-conference rooms as a matter of priority. We will of course let you know when the Adobe Connect recordings are once more accessible to all.

Kind regards,

Nathalie

From: council <council-bounces at gnso.icann.org> on behalf of Ayden Férdeline <icann at ferdeline.com>
Reply-To: Ayden Férdeline <icann at ferdeline.com>
Date: Sunday, May 27, 2018 at 1:31 AM
To: Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>
Cc: "council at gnso.icann.org" <council at gnso.icann.org>
Subject: Re: [council] Community member liability for participation in PDPs

Just following up on this email from three weeks ago.

I have attempted again to access the recording of the session from Abu Dhabi and now the error message is that, "Adobe Connect: Not Found - The selected resource does not exist." This was a different error message to four weeks ago when I initially noted the recording was unavailable; then it was only "temporarily unavailable."

Has the file subsequently been deleted, or has it moved to another location as a result of the recent Adobe Connect issues (that uniquely impacted ICANN)? If it has moved, where can this recording be accessed?

To the question of community member liability for participation in PDPs; will a response be provided as to what constitutes acting within ICANN's best interests, and if so, when, and if not, why not?

Thank you,

Ayden


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On 5 May 2018 4:51 PM, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca> wrote:


Ayden has summarized my worries rather well.  I have no doubt that a suit against myself for not protecting the individuals' rights would ultimately fail, but if (as has been whispered lately) various parties are going to try suing for what they term over-compliance, for "making WHOIS go dark", then those of us who are volunteers acting in good faith could be sued and not be seen to be acting in ICANN's best interest.  Then all bets are off.  What we need is an explicit recognition, that those who are working diligently in a multi-stakeholder fashion, will be protected in the event of liability.  Staff are protected, Board members are protected, but those of us who are volunteers are not explicitly protected, in my view.  I have, for instance, been saying that ICANN is a data controller for the past five years.  Some parties in ICANN might not believe that this position is in ICANN's best interest, but it is a sound interpretation of the law and recognizing that fact appears in my view and in the view of privacy scholars I could muster, (and risk managers, for that matter) a very responsible position to take.  Noting how tempers are fraying lately, I think this question regarding this particular language "provided that the indemnified person's acts were done in good faith and in a manner that the indemnified person reasonably believed to be in ICANN's best interests and not criminal" is a valid concern.  This is of course of particular concern for those of us in civil society who embrace unpopular views, and are not being paid or backed by a company whose interests we are advancing at ICANN.

Kind regards

Stephanie Perrin
On 2018-05-05 10:14, Ayden Férdeline wrote:
Thanks, Marika-

At first glance this extract from the Bylaws does appear relevant, although the language around what could constitute "ICANN's best interests" is very much open to interpretation.

I have also observed a new FAQ [ec.europa.eu]<https://urldefense.proofpoint.com/v2/url?u=https-3A__ec.europa.eu_info_law_law-2Dtopic_data-2Dprotection_reform_rights-2Dcitizens_redress_what-2Dshould-2Di-2Ddo-2Dif-2Di-2Dthink-2Dmy-2Dpersonal-2Ddata-2Dprotection-2Drights-2Dhavent-2Dbeen-2Drespected-5Fen&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=PDd_FX3f4MVgkEIi9GHvVoUhbecsvLhgsyXrxgtbL10DTBs0i1jYiBM_uTSDzgqG&m=hUH6qNa_Ix3_IdduJaTAjSGX4Vb9UmoMmxMdC_A9mxU&s=C8R7Sl3x7b5Sw4Izj-lw-rYonNUYhzjV_Wj-FR4MQcE&e=> on the website of the European Commission, which in response to the question, "What should I do if I think that my personal data protection rights haven’t been respected?" advises three options, one of which is: "Take legal action against the company or organisation. File an action directly in court against a company/organisation if you believe that it has violated your data protection rights. This doesn’t stop you lodging a complaint with the national DPA if you so wish."

From what I remember - and I am going off of my memory here, as the question that Stephanie asked in Abu Dhabi is absent from the meeting transcripts that I reviewed - Stephanie thought we in the community might not be protected under the GDPR from civil litigation by a contracted party negatively impacted by a policy we recommend or a data subject whose privacy rights are not respected. If we launch an EPDP and rapidly develop something which ultimately does not adhere to the letter of the GDPR (which is very plausible, given ICANN's policies for 18 years now have not adhered to European data protection law), could those in the community who participate in the EPDP be held liable in some way? I would like a firm commitment from ICANN as to what constitutes "ICANN's best interests" - I presume advocating for compliance with the law would be seen as acting in good faith, but a clarification would be appreciated...

Thank you.

Best wishes,

Ayden Férdeline


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On 30 April 2018 4:18 AM, Marika Konings <marika.konings at icann.org><mailto:marika.konings at icann.org> wrote:


Ayden, the following provision of the ICANN Bylaws will hopefully address your concern:

ARTICLE 20 INDEMNIFICATION OF DIRECTORS, OFFICERS, EMPLOYEES, AND OTHER AGENTS
Section 20.1. INDEMNIFICATION GENERALLY
ICANN shall, to the maximum extent permitted by the CCC, indemnify each of its agents against expenses, judgments, fines, settlements, and other amounts actually and reasonably incurred in connection with any proceeding arising by reason of the fact that any such person is or was an agent of ICANN, provided that the indemnified person's acts were done in good faith and in a manner that the indemnified person reasonably believed to be in ICANN's best interests and not criminal. For purposes of this Article 20, an "agent" of ICANN includes any person who is or was a Director, Officer, employee, or any other agent of ICANN (including a member of the EC, the EC Administration, any Supporting Organization, any Advisory Committee, the Nominating Committee, any other ICANN committee, or the Technical Liaison Group) acting within the scope of his or her responsibility; or is or was serving at the request of ICANN as a Director, Officer, employee, or agent of another corporation, partnership, joint venture, trust, or other enterprise. The Board may adopt a resolution authorizing the purchase and maintenance of insurance on behalf of any agent of ICANN against any liability asserted against or incurred by the agent in such capacity or arising out of the agent's status as such, whether or not ICANN would have the power to indemnify the agent against that liability under the provisions of this Article 20.

Best regards,

Marika

On 29 Apr 2018, at 07:44, Ayden Férdeline <icann at ferdeline.com<mailto:icann at ferdeline.com>> wrote:

Thanks, Martín-

However I would like to receive a similar confirmation from ICANN's General Counsel that, in the event of civil litigation against ICANN under, say, the GDPR, ICANN will defend community members and not just directors and staff.

I am not a lawyer; I'm not sure whether this is a reassurance we should receive from ICANN org, or whether we should be obtaining this from our own, independent counsel, but I think this is something that we do need to receive advice on.

If we are about to embark, potentially, on an Expedited PDP, where the community will be under a tight time crunch to develop a policy that could well result in legal action (from potentially a wide range of unsatisfied stakeholders!), I think we in the community need assurances that we are not absorbing any personal liability in participating in the EPDP.

Best wishes,

Ayden


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On 28 April 2018 7:54 PM, Martin Pablo Silva Valent <mpsilvavalent at gmail.com<mailto:mpsilvavalent at gmail.com>> wrote:

Ayden, at least from my perspective as lawyer, there is no reason to bealive there could be such liability, ever. Not in this PDP nor any others. We the policy making members are not to worry about that.

Cheers,
Martín Silva

On Sat, Apr 28, 2018, 11:40 AM Ayden Férdeline <icann at ferdeline.com<mailto:icann at ferdeline.com>> wrote:
Dear all,

As we enter into discussions around next steps re: RDS/GDPR and entertain the possibility of an Expedited PDP, I wanted to re-raise a question that Stephanie Perrin asked in Abu Dhabi, and to ask whether or not a response to it was received. And if the answer is we did not receive a response, I think it is important we obtain one urgently. If, in order to receive a response, we must put this question on Council letterhead and submit it as a formal piece of correspondence, I would like to suggest that we do so.

In Abu Dhabi, Stephanie asked the CEO whether community members who participate in Policy Development Processes could be held liable in the event of civil litigation following on from the policies which we develop. She noted that board members, as directors, and employees, as agents of ICANN, have immunity, but wanted to know if ICANN was absorbing this liability too for the community members who participate in the activities of the multistakeholder community. She said we need protection too.

I would like to be able to pull out a transcript and to quote Stephanie directly, however I have reviewed many of them today and cannot find her question in there. However, I do distinctly remember it being asked and a follow-up question coming from another member of the Council. Maybe I missed it in the transcripts; if so, I would appreciate if someone could please link to this transcript and provide the page number. Thanks!

Best wishes,

Ayden Férdeline
_______________________________________________
council mailing list
council at gnso.icann.org<mailto:council at gnso.icann.org>
https://mm.icann.org/mailman/listinfo/council

_______________________________________________
council mailing list
council at gnso.icann.org<mailto:council at gnso.icann.org>
https://mm.icann.org/mailman/listinfo/council



_______________________________________________

council mailing list

council at gnso.icann.org<mailto:council at gnso.icann.org>

https://mm.icann.org/mailman/listinfo/council



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20180528/287c6257/attachment-0001.html>


More information about the council mailing list