[council] GDPR - reply from the European commission

[Erika Mann]

Dear All -

I assume you have already read the EU response to ICANN in connection with
the ePDP, if not, below is the link:
https://mm.icann.org/pipermail/comments-epdp-recs-04mar19/attachments/20190417/6f0a65b2/CommentsontheTemporarySpecificationforgTLDRegistrationDataPolicyRecommendations-0001.pdf

In particular relevant is the last part of the letter:

Next steps

The European Commission would like to suggest that the ICANN Board and
other stakeholders take note of the above mentioned observations. It may be
useful to consider seeking legal counsel in order to ensure these
observations can be taken into account consistently, including for the
further work to develop an appropriate and comprehensive gTLD Registration
Data policy. The European Commission would also like to reconfirm its
support for the on-going dialogue between ICANN and the EU data protection
authorities to ensure that data processing activities in the context of
WHOIS are in line with the EU data protection rules. We also acknowledge
the efforts made so far by ICANN and the stakeholder’s community. At the
same time, we stress that the current situation is affecting EU Member
State authorities’ ability to obtain legitimate access to this data,
necessary to enforce the law online, including in relation to the fight
against cybercrime. Efforts at European Union level, and in the context of
the GAC Public Safety Working Group (PSWG) have already provided for
examples where the current arrangements provided for by contracted parties
have affected law enforcement authorities’ ability to investigate crimes.
In addition, the lack of a stable, transparent and predictable system may
also affect the rights of individuals. Finding a timely and workable
solution for access to non-public WHOIS data should thus be treated as a
matter of priority, as also highlighted in the recent GAC Communique from
Kobe. Although the EPDP concluded its main work on phase one with the
production of its Report, the Commission considers that the development of
an appropriate gTLD Registration Data policy should involve more work on a
number of fronts, which, in our view include: a) The swift implementation
of the recommendations included in the Report, and the new recommendations
stemming from issues deferred from Phase One as they are developed and
agreed. 5 b) Phase two of the EDPD should speedily proceed and focus on the
necessary policies underpinning a comprehensive gTLD registration data
system, also addressing access to non-public registration data in line with
the GDPR. c) Work on the technical model for access to non-public
registration data should inform and complement the work of the EPDP and be
able to incorporate the agreed policies. On this front, we encourage to
further focus on the potentiality offered by privacy-friendly techniques
like pseudonymisation. For each of these work tracks, the Commission
considers the definition of a clear path forward with defined milestones
and timelines could be useful to better involve stakeholders and could
contribute to a positive outcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20190423/216360c9/attachment.html>