[CPWG] [Ext] Re: [GTLD-WG] Unified Access Model published for community input

GDPR Questions gdpr-questions at icann.org
Mon Aug 27 14:34:22 UTC 2018 

Dear Christopher,

My name is Diana Middleton, and I’m a project manager at ICANN working on GDPR, including going through submissions via our gdpr at icann.org<mailto:gdpr at icann.org> inbox.

This proposed version of a unified access model builds on work from across the ICANN organization as well as discussions with the broader community and the European Data Protection Board.

I will publish the comments you submitted separately per your request.

Best,
Diana


From: "mail at christopherwilkinson.eu CW" <mail at christopherwilkinson.eu>
Reply-To: "mail at christopherwilkinson.eu CW" <mail at christopherwilkinson.eu>
Date: Thursday, August 23, 2018 at 13:28
To: Greg Shatan <greg at isoc-ny.org>, GDPR Questions <gdpr-questions at icann.org>, CPWG <cpwg at icann.org>
Subject: Re: [Ext] Re: [GTLD-WG] [CPWG] Unified Access Model published for community input


Well, both. I replied in the context of CPWG, but my views go beyond current responses. Because I have a long historical perspective.

I shall return to this question when I know what CPWG makes of this and other comments.

CW

PS: Who are you? Who wrote the (unsigned) paper in the first place ?
El 23 de agosto de 2018 a las 21:17 GDPR Questions <gdpr-questions at icann.org> escribió:

Dear Christopher,



Do you want your comments attached published separately under your name, or are they meant to be a part of a larger group submitting a combined document for publishing?



Thank you.



From: "mail at christopherwilkinson.eu CW" <mail at christopherwilkinson.eu>
Reply-To: "mail at christopherwilkinson.eu CW" <mail at christopherwilkinson.eu>
Date: Thursday, August 23, 2018 at 15:09
To: Greg Shatan <greg at isoc-ny.org>, CPWG <cpwg at icann.org>
Cc: "gdpr at icann.org" <gdpr at icann.org>
Subject: [Ext] Re: [GTLD-WG] [CPWG] Unified Access Model published for community input



Dear Greg Shatan:

Thankyou for this draft. Please find below a few comments on my part.
May I draw particular attention to the point about no bulk access.

Regards



Christopher Wilkinson



-------------------------------



Proposed Framework for Unified Access Model – GDPR/WHOIS

I would have the following comments and suggestions on the draft that we have received.
They are noted in the order in which they appear in the document, not in the order of importance.
I have focussed on a few high-profile issues. Most of the rest of the draft seems to be quite reasonable, if rather long in this context.

A. Introduction

1. Intellectual Property Rights Holders. (p.3): It would be useful to specify from the beginning that this refers to the individual rights holder of a specific IPR and not to any agent or other third party. This definition should be incorporated into the qualifications for predictable access.

B. Brief Summary…

2. 'appropriate balance… is not over ridden…' (p. 3): This formulation is unsettling. Some parts of the ICANN community seem to still think that the status quo ante was an appropriate balance, whereas it was largely infringing European data protection and privacy law, long before GDPR.

3. Terms of Use (pp 3-4): Speak of 'the eligible user'. It is not clear who are the 'groups', if any.

E. Community Views (p.7):

I can imagine the advantages of the 'decentralized' authentication process, but it should come with certain strict caveats.

  *   certainly NOT separate authenticating bodies for each type of eligible user group. That would be a classic poacher/gamekeeper situation.
  *   if decentralization is done on a geographical basis, there should be no extraterritoriality, notably with law-enforcement.
  *   (NB the use of the word 'returned' is ambiguous to most uninstructed readers; returned by who to whom?)
  *   The option of a 'centralized repository' (p.14) would doubtless prove to be unfeasible in light of the languages, scripts and jurisdictions involved.

F. Summary Description:

'User groups might include IPR holders' (p.9). On the basis of authenticating only the primary right holder, not agents and other third parties.

Who provides access? (p. 10): This has to be BOTH Registries and Registrars. The boundary between the two business categories has become blurred since the flawed vertical integration practice was allowed.

It would be helpful to clarify that in the case of a Registrar holding multiple Registries, where exactly is the WHOIS data retained?

'Scope of data available…' (p.12): We have known for more than 20 years that bulk access breached data protection laws. That ICANN still adumbrates this option is frankly surprising. Strongly recommend deletion of that paragraph (pp. 11-12).

'Terms of use' (pp. 14-15): The proposal provides that data shall not be forwarded to unauthorized third parties, of course. But the paper is silent about the duration of retention and final deletion of accessed data. The authorized users should not be able to accumulate data that they acquire through their access to Whois.

Christopher Wilkinson

23 August 2018

El 23 de agosto de 2018 a las 6:25 Greg Shatan <greg at isoc-ny.org> escribió:

All,

As mentioned on today's CPWG call, ICANN org published a blog earlier this
week releasing the proposed Unified Access Model for community input.

https://www.icann.org/news/blog/possible-unified-access-model [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_news_blog_possible-2Dunified-2Daccess-2Dmodel&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=McgOqAYWb57Vuj1L-xSTQFQo-QkqHa4erPI-XIntKTU&m=-qs6QDUA9uHQrg4s6sN5ipuBTm-ofyYbrqCrFERFPFA&s=NVQoh72eg-j3M5sh6iaHJAeV4oO1Xq7-MihUD84Zv1A&e=>
-published-for-community-input

The proposal itself can be found here: Draft Framework for a Possible
Unified Access Model for Continued Access to Full WHOIS Data – For
Discussion
<https://www.icann.org/en/system/files/files/framework-elements-unified-access-model-for-discussion-20aug18-en.pdf>

I am the penholder on this comment. Please reply to this email if your are
interested in commenting. Thanks!

Greg
--
Greg Shatan
greg at isoc-ny.org

"The Internet is for everyone"

_______________________________________________
CPWG mailing list
CPWG at icann.org
https://mm.icann.org/mailman/listinfo/cpwg

_______________________________________________
GTLD-WG mailing list
GTLD-WG at atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/gtld-wg [atlarge-lists.icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__atlarge-2Dlists.icann.org_mailman_listinfo_gtld-2Dwg&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=McgOqAYWb57Vuj1L-xSTQFQo-QkqHa4erPI-XIntKTU&m=-qs6QDUA9uHQrg4s6sN5ipuBTm-ofyYbrqCrFERFPFA&s=E02v1Ni9GxphNLcUbgnX4JqFCLLuSOp__CvvP95CR_Y&e=>

Working Group direct URL: https://community.icann.org/display/atlarge/New+GTLDs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20180827/3b2a3d12/attachment-0001.html>

More information about the CPWG mailing list