[Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct Privacy/Proxy IRT call
Eric Rokobauer
eric.rokobauer at endurance.com
Fri Dec 1 21:54:26 UTC 2017
Hi all,
I agree with Sara's idea about separating the agreement (and process) for
affiliated and non-affiliated providers. As I read (and re-read several
times) parts of the draft agreement, I find that we are working to push
affiliated and non-affiliated providers into the same agreement/process
when they are not really the same. IMO separating the
agreements/processes would alleviate the conflicts members of the IRT are
trying to resolve when reading through as there are lines that try to
emphasize what each provider type is obligated to follow. If in our
discussions we agree how these parties are separate in their business
models, it only makes sense that we work towards having 2 separate
agreements tailored to accommodate.
In addition, here are our additional concerns:
1.37 - "Service Provider" is defined here and should be used consistently
throughout (i.e., don’t use “Provider” when “Service Provider” is the
defined term).
3.2.3 - As Theo and Sara had already articulated in a previous comment,
need specifics illustrated with regards to data and adding "subject to
applicable" law.
3.5.3.1 - "Terminating a Registered name" should not be included and a
viable option here.
3.5.3.17 - Should be removed. Service Providers will not have control to
cancel a registered name.
3.7 - Change "at all times employee" to "dedicated"
3.16.7 - Language should be revised to follow Final Report.
3.17.2 - Language should be revised to follow Final Report: "*Before
Service Provider decides whether or not to comply with a Disclosure or
Publication request, Service Provider shall not mandate that a Requester
first make a Relay request.*"
3.18.2 - Theo made comments here that I agree with. Staff, will you please
identify which paragraphs of the policy does this operation relate to? I
think at minimum we must remove "facilitate and" as Service Provider does
not have control in respect to those registrar functions called out within.
7.4 - "Provider Stakeholder Group" needs to be defined here, but also
recommend revising this paragraph to be more clear. Maybe we have this in
brackets with a footnote that this is TBD until a stakeholder group is
first created?
Spec 2, 1.(ii) - Service Providers do not control transfers so this should
be removed.
Spec 2, 5. - Requests to Registrars to terminate or suspend (at least
terminate) should be removed. Registrars not bound to this.
Spec 3 - "P/P Customer" is defined in RAA along with "beneficial user." Why
are we not using that defined term here?
Spec 4 LEA Framework - Question to staff - Is this framework the most up to
date with our comments from prior meetings? Based on comments below for
this Spec, it seems there are still open-ended questions that were in
discussions IRT had had (including with PSWG)? We need to identify how the
GDPR will affect this framework when it comes to Disclosure (or
Publication) for EU resident registrants and address those issues in the
framework.
Spec 4, 3.2.2 - Question to staff - How would Service Provider verify?
Also if in section 2 of the spec (minimum standard set requirements); if
provider does not receive all LEA Requestor details including their
identity, they will respond back inquiring as such. This section seems
redundant as a result.
Spec 4, 4.1.2. and 4.2.1. - We can't continue to reference "High Priority"
and use, as criteria was removed from 4.1.1. (an example regarding if all
proposed edits were included).
Spec 4, 4.2.2. - Change "Disclosure can be reasonably refused by Provider"
to "Provider may reasonably refuse Disclosure"
Spec 4, 4.2.2.2. - Change "national or international" to "applicable" law.
Spec 4, 4.2.5. - What does "give due consideration" mean as this was only
defined in the IP Framework in the Final Report?
Spec 4, 4.3.3. – Is this a requirement of the Final Report? What was the
discussion in prior meetings? This doesn’t seem to be needed.
Spec 4, 6.3. - Does this exceed the provision in the Final Report?
Something to review with PSWG?
Spec 6 – We need to identify how the GDPR will affect this framework when
it comes to Disclosure (or Publication) for EU resident registrants and
address those issues in the framework.
Regards,
Eric
On Fri, Dec 1, 2017 at 3:00 PM, theo geurts <gtheo at xs4all.nl> wrote:
> I like the idea, Sara.
>
> You have two parties here anyways, who operate very differently. Let's see
> if we can flesh this out some more.
> Or we could expand on this and get two different tracks with their own set
> of procedures and contractual obligations.
>
> Theo
>
> Ps
> I won't make the call on Dec 5, my apologies.
>
>
> On 1-12-2017 19:08, Sara Bockey wrote:
>
> Hi all,
>
>
>
> In my last-minute reviewing of the PPAA, I’ve had a few additional
> thoughts:
>
>
>
> We need to revisit PPAA, Spec 2: Customer Data Accuracy. This entire Spec
> needs to be revisited and made clearer since the entire spec is dependent
> on whether or not the Service Provider is affiliated or non-affiliated.
> It’s very disjointed, it starts out Section 1, this is what you need to do,
> then in Section 3, it says you don’t need to do this if you are an
> affiliated Provider, and then in Section 4 it goes back to this is what you
> need to do and forgets about section 3. It seems to me that this entire
> section is dependent on if there is an Affiliated Registrar.
>
>
>
> This section got me thinking and IMHO, in addition to going thru every
> comment that has been submitted and sorting through those issues, I think
> we need to take a serious look at the approach of the PPAA. I think the
> document as it stands is not recognizing the Service Provider as an
> Affiliate of an ICANN accredited Registrar. I’m wondering if what we
> really need is 2 separate PPAAs – one for an Affiliated Service Provider
> and one for a Non-Affiliated Service Provider. For the Affiliated Service
> Provider, it should set out at the very beginning the affiliate
> relationship, and both parties would sign. The basic idea would be
> something like:
>
>
>
> Service Provider X, as an Affiliate of ICANN accredited Registrar A,
> enters into this PPAA to provide a privacy/proxy service. Registrar A, as
> a party to this agreement, agrees to uphold its obligations under the RAA
> and its related consensus policies. Should the relationship between
> Service Provider X and Registrar A cease, so shall this agreement, and
> Service Provider X will have ___ number of days to secure a new affiliate
> registrar and enter into a new Affiliated PPAA or complete the
> Non-Affiliated process and sign the Non-Affiliate PPAA.
>
>
>
> It needs work, I know, but just trying to illustrate the idea. I think
> this would allow the affiliated agreement to be considerably more light
> weight.
>
>
>
> The Non-Affiliate PPAA would be more in line with what we have now (and,
> granted, would need additional work).
>
>
>
> If the Affiliate Provider became unaffiliated, it would need to go thru an
> accreditation process to ensure it meet the requirements. So there would
> need to be 2 accreditation procedures, but again I’m thinking the
> Affiliated process would be relatively light weight based on the
> relationship of the provider to the accredited registrar.
>
>
>
> Also, we need to correct some of the language in the PPAA. Specifically,
> as I’ve stated numerous times before, I think staff’s use of “Customer” in
> place of RNH is problematic when the PPAA is an extension of/referenced in
> the RAA, particularly when considering the above line of thinking.
>
>
>
> The 2013 RAA defines “Registered Name” as a domain name within the domain
> of a gTLD, about which a gTLD Registry Operator (or an Affiliate or
> subcontractor thereof engaged in providing Registry Services) maintains
> data in a Registry Database, arranges for such maintenance, or derives
> revenue from such maintenance, and “Registered Name Holder” is defined as
> the holder of a Registered Name.
>
>
>
> This is a service for the RNH, provided via an Affiliate Registrar, the
> use of “customer” is problematic.
>
>
>
> I’ll admit I’ve not thought thru all the issues and this is kind of loose,
> but it’s an idea that came to mind and something we might ought to consider
> so I’m putting a marker down to discuss the above in case it offers a
> better path forward. Happy to hear what others think.
>
>
>
> Sara
>
>
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy™*
>
> *sbockey at godaddy.com <sbockey at godaddy.com> 480-366-3616
> <(480)%20366-3616>*
>
> *skype: sbockey*
>
>
>
> *This email message and any attachments hereto is intended for use only by
> the addressee(s) named herein and may contain confidential information. If
> you have received this email in error, please immediately notify the sender
> and permanently delete the original and any copy of this message and its
> attachments.*
>
>
>
> *From: *Caitlin Tubergen <caitlin.tubergen at icann.org>
> <caitlin.tubergen at icann.org>
> *Date: *Thursday, November 30, 2017 at 5:05 PM
> *To: *"gdd-gnso-ppsai-impl at icann.org" <gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org>, Sara
> Bockey <sbockey at godaddy.com> <sbockey at godaddy.com>, 'Darcy Southwell'
> <darcy.southwell at endurance.com> <darcy.southwell at endurance.com>
> *Cc: *"Roman, Peter (CRM)" <Peter.Roman at usdoj.gov> <Peter.Roman at usdoj.gov>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> Thank you, Steve, and thank you to the registrars who submitted comments.
>
>
>
> I will compile all of the comments, and we can begin going through the
> comments on Tuesday’s call.
>
>
>
> If any other IRT members have comments on the draft PPAA, please submit
> them by the deadline of *Friday, 1 December*.
>
>
>
> Kind regards,
>
>
>
> *Caitlin Tubergen*
>
> Registrar Services and Engagement Senior Manager
>
> ICANN
>
> 12025 Waterfront Drive, Suite 300
>
> Los Angeles, CA 90094
>
> Office: +1 310 578 8666
>
> Mobile: +1 310 699 5326
>
> Email: caitlin.tubergen at icann.org
>
>
>
>
>
>
>
> *From: *Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org>
> <gdd-gnso-ppsai-impl-bounces at icann.org> on behalf of "Metalitz, Steven"
> <met at msk.com> <met at msk.com>
> *Reply-To: *"gdd-gnso-ppsai-impl at icann.org"
> <gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org>
> *Date: *Thursday, November 30, 2017 at 2:16 PM
> *To: *'Sara Bockey' <sbockey at godaddy.com> <sbockey at godaddy.com>, 'Darcy
> Southwell' <darcy.southwell at endurance.com> <darcy.southwell at endurance.com>,
> "'gdd-gnso-ppsai-impl at icann.org'" <'gdd-gnso-ppsai-impl at icann.org'>
> <gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> PPSAI colleagues,
>
> I offer the following comments and suggested edits regarding the Oct. 20
> redline version of the PPAA. I may have a few other suggestions by
> tomorrow’s deadline, and will definitely have responses later to some of
> the other proposed edits that have been sent to the list. (And thanks to
> Theo and colleagues for their comprehensive review of the document!)
>
> First, I would reiterate the suggestions made in my Oct. 21 posting to the
> list, as follows:
>
> Subsection 3.5.3.15: strike “should” and insert “shall,” for consistency
> with parallel provisions throughout this section 3.5.
>
> Section 3.7, third line from the bottom: “employee” should be “employ.”
>
> Section 3.17.1: I suggest adding the words “as applicable” or “to the
> extent applicable” at the end of the section. Not every Disclosure or
> Publication request that Provider receives will fall under the IP or LEA
> disclosure frameworks.
>
> Section 5.7.3: the notice that the suspended Provider must send to
> customers should specify “that it is unable to offer or provide the
> Services *for any new registrations”* (adding the last 4 words). A
> suspended Provider can (and indeed must) provide the Services to its
> current customers. [Note that the phrasing “any additional registrations”
> might be more accurate here, and in the corresponding provision of 5.7.1
> --- otherwise it might be possible for a suspended provider to being
> providing services for the first time to an existing registration whose
> registrant decides to engage a service.]
>
> Here are some additional suggestions:
>
> Section 1.43: strike “comprising the Working Group,” insert
> “representatives of the Service Providers.” This issue is noted on page 2
> of the Discussion Items document.
>
> Section 3.5.3.3: since this has to do with p/p services and not with
> registration per se, the references to “initial registration and each
> renewal registration” should be changed to something like “each initial
> agreement to provide Services and each renewal or extension of such
> agreement.” I believe this is also responsive to Theo’s sticky note on the
> RrSG redline for this section.
>
> Section 3.8.1 (specifying what needs to be stated on request forms) should
> include a cross-reference to section 3.8.2 (requiring publication of links
> to request forms in some circumstances). Alternatively, perhaps the order
> of these two sections should be reversed.
>
> Section 3.8.5.5 needs some rephrasing. Reveal is not a defined term in
> the PPAA, and the provider does not itself Publish data in the RDS (the
> registrar or registry does that), but can cause it to be Published. This
> may a rare instance in which use of the passive voice may be preferable
> (“the circumstances under which the Customer’s identity or contact data
> will be published in the RDDS….”).
>
> Section 3.19: substitute “shall” for “should.” In fact the entire
> document should be reviewed to see where this change is needed.
>
> Section 5.3: this is another issue I raised in my Oct. 21 posting:
> “Section 5.3 does not give ICANN the right to substitute the new version of
> the agreement, it gives that right to the *provider. *Furthermore, 5.3
> addresses the scenario in which the new agreement is swapped in during
> the term of the current agreement. The point I was trying to raise on the
> call (and I am sorry if this was not clear) is ensuring that all renewals
> of the agreement *at the end of the term* reflect the most recent
> version. As currently drafted, section 5.2 seems to give the provider the
> option of renewing under the terms of the old agreement (“under the terms
> and conditions of this agreement”), even if it has been superseded by a new
> form of agreement that is materially different. This could be fixed by
> adding a subsection 5.2.5 along the following lines: ‘5.2.5: this
> Agreement has been superseded by a revised form accreditation agreement for
> the provision of the Services (“Updated PPAA”) that is materially different
> from this Agreement, in which case the right of renewal provided by this
> section shall be under the terms and conditions of the Updated PPAA.’”
>
> Section 5.7.4: consider inserting at the end of the first sentence “or
> its invocation of section 5.5.7,” which is another path ICANN could take to
> deal with the situation of an uncured “endangerment” scenario.
>
> Section 7.4.1: shouldn’t the Working Group be the party to receive the
> notice re revision of the Agreement? This would be consistent with the
> rest of section 7.4.
>
> Glad to try to answer any questions about these.
>
> Steve Metalitz
>
>
>
>
>
>
>
> *[image: e001]*
>
> *Steven J. Metalitz *| *Partner, through his professional corporation*
>
> T: 202.355.7902 <(202)%20355-7902> | met at msk.com
>
> *Mitchell Silberberg & Knupp* *LLP* | *www.msk.com* <http://www.msk.com/>
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
>
>
> *THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE
> PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS.** THIS
> MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED
> AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED
> RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION,
> FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY
> US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL
> MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
>
>
>
> *From:* Metalitz, Steven
> *Sent:* Tuesday, November 07, 2017 11:42 AM
> *To:* 'Sara Bockey'; Darcy Southwell; gdd-gnso-ppsai-impl at icann.org
> *Subject:* RE: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> I agree with a lot of what Darcy says. Let me make sure my view is
> clearly stated.
>
>
>
> Most of the items Darcy identifies are completely appropriate for
> discussion in our team before the documents are finalized. These issues
> include: perceived discrepancies between the WG Final Report and the
> implementation documents; loose ends in the Law Enforcement disclosure
> framework; and clarifying the status of each of the four documents under
> review. I support addressing these points on our next call so that we can
> continue to make progress. And based on the postings made to our list over
> the last couple of weeks, I would certainly be comfortable with some
> relaxation of the deadline for proposing edits to the accreditation
> agreement – if necessary, to December 1.
>
>
>
> My concerns are focused primarily on the suggestion that we can’t move
> forward until we determine whether our recommendations are GDPR-compliant.
> To me that sounds like some on the IRT want to suspend work until ICANN’s
> separate work on GDPR is concluded. If that is not what is meant, then I
> would ask proponents of that view to clarify just how they think we should
> proceed at this point.
>
>
>
> I am also sad to see the IRTP-C issue brought up again. I thought we had
> reached agreement that the current suspension of ICANN enforcement of this
> aspect of that policy could be continued until an appropriate group is
> formed to address it; or put another way, that we could proceed to get our
> PPSAI implementation plan out for public comment without delaying it until
> the IRTP-C issue is resolved. That is my recollection, anyway, but if I am
> mistaken then please show me how.
>
>
>
> Finally I will repeat my question of whether our call time on 11/14
> remains at 1400 UTC or whether it will be moved an hour later to preserve
> the usual start time in most Northern Hemisphere time zones.
>
>
>
> Steve
>
>
>
>
>
>
>
> *[image: e001]*
>
> *Steven J. Metalitz *| *Partner, through his professional corporation*
>
> T: 202.355.7902 <(202)%20355-7902> | met at msk.com
>
> *Mitchell Silberberg & Knupp* *LLP* | *www.msk.com* <http://www.msk.com/>
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
>
>
> *THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE
> PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS.** THIS
> MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED
> AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED
> RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION,
> FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY
> US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL
> MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
>
>
>
> *From:* Sara Bockey [mailto:sbockey at godaddy.com <sbockey at godaddy.com>]
> *Sent:* Tuesday, November 07, 2017 11:07 AM
> *To:* Darcy Southwell; gdd-gnso-ppsai-impl at icann.org; Metalitz, Steven
> *Cc:* Sara Bockey
> *Subject:* Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> Well said, Darcy. Agree 100%.
>
>
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy™*
>
> *sbockey at godaddy.com* <sbockey at godaddy.com>* 480-366-3616
> <(480)%20366-3616>*
>
> *skype: sbockey*
>
>
>
> *This email message and any attachments hereto is intended for use only by
> the addressee(s) named herein and may contain confidential information. If
> you have received this email in error, please immediately notify the sender
> and permanently delete the original and any copy of this message and its
> attachments.*
>
>
>
> *From: *Darcy Southwell <darcy.southwell at endurance.com>
> *Date: *Tuesday, November 7, 2017 at 8:47 AM
> *To: *"gdd-gnso-ppsai-impl at icann.org" <gdd-gnso-ppsai-impl at icann.org>,
> "Metalitz, Steven" <met at msk.com>, Sara Bockey <sbockey at godaddy.com>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> I agree with Theo. The scope has changed and implementation is impacted
> by GDPR. While I appreciate that Steve wants to move forward
> expeditiously, I don’t believe we can do so without jeopardizing the
> creation of an effective program. Further, in just the last week or so,
> issues have been raised about implementation language contradicting the
> policy. The role of an IRT is to implement the consensus policy produced
> in the PDP and we need to spend sufficient time reviewing and discussing
> the implementation to ensure we’re not changing policy. Similarly, I think
> there were questions raised about the proposed framework Public Safety
> Working Group. In addition to policy creep, I believe concerns were
> expressed that staff failed to modify the proposed framework based on the
> feedback from IRT participants. Rather than picking through the documents
> line by line, it seems like we should step back and have a discussion about
> the concepts to ensure we’re making progress toward an effective
> implementation that reflects the policy. There have also been repeated
> questions raised about the over-engineering of this implementation.
> Because many of the meetings have focused on reviewing language from a
> specific section (rather than reviewing issues as whole items), it seems
> like we haven’t gotten past this issue, and should probably take a fresh
> look at that to ensure we’re not making this implementation more
> complicated than it needs to be. We all know that doesn’t lead us to a
> better implementation. Right now, we have four draft documents for
> review/input: (1) accreditation agreement, (2) de-accreditation process,
> (3) applicant guide, and (4) data escrow specification. For many members,
> these require operational and legal review (at a minimum). Many registrars
> have commented that 1 December is the earliest they can provide full
> feedback given the complexity of these documents (although not all have
> committed to that date).
>
> Given these issues, as well as the fact that the privacy/proxy challenge
> stemming from IRTP-C needs to be added to this IRT for a solution, we need
> to take a step back and address these critical issues first. This isn’t
> about derailing the IRT; it’s about ensuring we don’t create an
> implementation that’s an operational nightmare for providers as well as
> registrants and end users – and that means addressing these critical issues
> first.
>
>
>
> Thanks,
>
> Darcy
>
>
>
> *From: *<gdd-gnso-ppsai-impl-bounces at icann.org> on behalf of theo geurts <
> gtheo at xs4all.nl>
> *Reply-To: *<gdd-gnso-ppsai-impl at icann.org>
> *Date: *Monday, November 6, 2017 at 12:27 PM
> *To: *<gdd-gnso-ppsai-impl at icann.org>, "Metalitz, Steven" <met at msk.com>,
> Sara Bockey <sbockey at godaddy.com>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> Hi Steve, Vicky,
>
> Now your argument is logical and makes sense.
> Yes, as I mentioned before, CPH's will implement privacy services on many
> different levels to comply with the GDPR, we agree here.
>
> My biggest problem with the PPSAI IRT is the changing dynamics.
> The WG contemplated and discussed and made recommendations based on a very
> fixed situation.
>
> In my opinion, privacy services should not be used as bandaid for data
> protection problems.
> Complying with data protection laws was not the driving force during the
> WG days, and now it is.
>
> I think the scope of the IRT has changed and we should deal with this
> before we move on. We need to think a little smarter and deeper here before
> we unleash this to many contracted parties who have zero experience with
> these services and will be required to implement this to comply with data
> protection laws.
>
> So how do we do that? I think a fixed set of procedures and contractual
> agreements are essential, yet I do not want us to enter into a situation
> that causes more issues and forces providers into a situation that we need
> to ask compliance to defer.
> https://www.icann.org/resources/pages/contractual-compliance
> -statement-2017-11-02-en
>
> I think that scenario is unwanted for everyone on the IRT is it not?
>
> Thanks,
>
> Theo Geurts
>
>
>
> On 6-11-2017 19:40, Metalitz, Steven wrote:
>
> I strongly second Vicky’s comments. The ongoing ICANN work re GDPR is of
> course very important, but let’s not let it derail progress on the path we
> have moved so far along toward a P/P service accreditation framework to
> present to the community.
>
>
>
> In that regard, I have some sympathy (empathy?) for those requesting a
> relaxation of the comment deadline in light of so much other activity
> demanding our attention. May I suggest that we try to get as many proposed
> edits onto the list before our November 14 call (with much thanks to those
> who have already done so), with the goal of dealing with them then if
> possible, but leaving the door open for further edits over the next couple
> of weeks if necessary.
>
>
>
> Finally, some ICANN groups are adjusting the scheduling of their calls to
> reflect the return to standard time in North America and Europe. Is this
> group doing so as well? If our calls stay at 1400 UTC that is now 9 am EST
> and 6 am for those on Pacific time. Moving to 1500 UTC would retain the
> pre-existing local start times, I believe.
>
>
>
> Steve Metalitz
>
>
>
> *[image: 01]*
>
> *Steven J. Metalitz *| *Partner, through his professional corporation*
>
> T: 202.355.7902 <(202)%20355-7902> | met at msk.com
>
> *Mitchell Silberberg & Knupp* *LLP* | *www.msk.com* <http://www.msk.com/>
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
>
>
> *THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE
> PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS.** THIS
> MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED
> AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED
> RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION,
> FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY
> US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL
> MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
>
>
>
> *From:* gdd-gnso-ppsai-impl-bounces at icann.org [
> mailto:gdd-gnso-ppsai-impl-bounces at icann.org
> <gdd-gnso-ppsai-impl-bounces at icann.org>] *On Behalf Of *Victoria Sheckler
> *Sent:* Tuesday, October 31, 2017 5:55 PM
> *To:* gdd-gnso-ppsai-impl at icann.org; Sara Bockey
> *Subject:* Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> Please note that ICANN’s work on GDPR’s on a separate track and that one
> thing we know almost for sure is that the adoption of rational, predictable
> rules for privacy/proxy will be more important post-GDPR than it ever was.
> So please let’s get those rules in place as expeditiously as possible.
>
>
>
>
>
> On 30-10-2017 11:32, Sara Bockey wrote:
>
> Caitlin,
>
>
>
> Thanks for the revised docs. A few items at first glance that need to be
> revised, as I believe they have been discussion/raised before. I will take
> a closer look and follow up with additional edits, but in the meantime…
>
>
>
>
>
> 1. Edit the definitions of Proxy Service and Privacy Service to match
> the definitions provided in the Final Report/2013 RAA
>
>
> 1. The definitions of Privacy Service and Proxy Service reflect those
> in the 2013 RAA.
> 2. In this context, the 2013 RAA also defines “Registered Name” as
> a domain name within the domain of a gTLD, about which a gTLD Registry
> Operator (or an Affiliate or subcontractor thereof engaged in providing
> Registry Services) maintains data in a Registry Database, arranges for such
> maintenance, or derives revenue from such maintenance, and “Registered Name
> Holder” is defined as the holder of a Registered Name.
> 3. It’s noted that ICANN staff has replace “Registered Name Holder”
> with “Customer” in many instances, but I question the logic in that since
> it is inconsistent with the RAA.
>
>
>
> 1. Edit Sections 3.5.3.3. thru 3.5.3.6 to take into consideration GDPR
> requirements regarding consent.
>
>
> 1. Consent must be explicitly given for each purpose and can be
> withdrawn at any time and not a requirement for registration or use of the
> service. Therefore, 3.5.3.3. – 3.5.3.6 (at a minimum) are not compatible
> and must be revise.
>
>
>
> 1. Edit section 3.12.2, as it still contains new language that has
> been added since the IRT agreement on language in August. The first
> sentence in its entirety should be removed.
>
>
> 1. The section should start with “Well founded…”
>
>
>
> Additionally, the following sections need revision or at a minimum further
> discuss by the IRT
>
>
>
> 1. Edit Section 3.14 to remove the language re no automation. This is
> not feasible. This language must be removed:
>
>
> 1. Provider shall not use high-volume, automated electronic processes
> (for example, processes that do not utilize human review) for sending
> Requests or responses to Requests to Requesters or Customers in performing
> any of the steps in the processes outlined in the Intellectual Property
> Disclosure Framework Specification.
>
>
>
> 1. Edit Section 3.15 – Labeling – to remove excessive language.
>
>
> 1. Provider shall ensure that each Registered Name for which Provider
> is providing the Services is clearly labeled as such in the Registration
> Data Directory Service, as specified in the Labeling Specification attached
> hereto, and shall otherwise comply with the requirements of the
> Labeling Specification attached hereto. This language is
> duplicative and not necessary. Let’s not add unnecessary words to this
> already long document. If there are doing to be extra works, perhaps
> mention complying with applicable local laws in light of GDPR.
>
>
>
>
>
> *sara bockey*
>
> *sr. policy manager | GoDaddy™*
>
> *sbockey at godaddy.com* <sbockey at godaddy.com>* 480-366-3616
> <(480)%20366-3616>*
>
> *skype: sbockey*
>
>
>
> *This email message and any attachments hereto is intended for use only by
> the addressee(s) named herein and may contain confidential information. If
> you have received this email in error, please immediately notify the sender
> and permanently delete the original and any copy of this message and its
> attachments.*
>
>
>
> *From: *<gdd-gnso-ppsai-impl-bounces at icann.org>
> <gdd-gnso-ppsai-impl-bounces at icann.org> on behalf of Caitlin Tubergen
> <caitlin.tubergen at icann.org> <caitlin.tubergen at icann.org>
> *Reply-To: *"gdd-gnso-ppsai-impl at icann.org"
> <gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org>
> *Date: *Wednesday, October 25, 2017 at 4:44 AM
> *To: *"gdd-gnso-ppsai-impl at icann.org" <gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org> <gdd-gnso-ppsai-impl at icann.org>
> *Subject: *[Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct
> Privacy/Proxy IRT call
>
>
>
> Dear Colleagues,
>
>
>
> Thanks so much for your participation on today’s Privacy/Proxy IRT call.
> For those who could not attend, I encourage you to review the recording and
> materials on the wiki, https://community.icann.
> org/display/IRT/24+October+2017.
>
>
>
> During the call, we discussed an overview of the changes to the draft
> PPAA.
>
>
>
> Please note that ICANN proposed a deadline of *Tuesday,* *14 November*
> for all comments, concerns, and edits to the draft PPAA. The changes from
> the last iteration, provided to the IRT in July, have been highlighted in
> the attached issues list. Please respond to the list if you would like to
> request a longer review period.
>
>
>
> During ICANN60, we will be presenting an overview of the P/P program’s
> status to the community. Attached, please find the slide deck for the
> presentation.
>
>
>
> To highlight a few notes from the IRT’s discussion this morning, we
> received feedback to:
>
>
>
> 1. Edit the definition of *Working Group in Section 1.43*, to specify
> that the Provider Stakeholder Group, if formed, shall only appoint the
> *provider* representatives of the Working Group, and the GNSO may
> appoint other members of the community.
>
>
>
> 1. Add back in the previously-deleted *Code of Conduct *language in *Section
> 3.5.1*.
>
>
>
>
>
> 1. Add back in the previously-deleted *review provision *in *Section 7
> of the Customer Data Accuracy Program Specification*.
>
>
>
> If you believe the above items do not reflect the intent of the Working
> Group’s recommendations, please reply to the list by *14 November 2017*.
>
>
>
> Thank you, and safe travels to those of you attending ICANN 60!
>
>
>
> Kind regards,
>
>
>
> *Caitlin Tubergen*
>
> Registrar Services and Engagement Senior Manager
>
> ICANN
>
> 12025 Waterfront Drive, Suite 300
>
> Los Angeles, CA 90094
>
> Office: +1 310 578 8666
>
> Mobile: +1 310 699 5326
>
> Email: caitlin.tubergen at icann.org
>
>
>
>
>
>
>
> _______________________________________________
>
> Gdd-gnso-ppsai-impl mailing list
>
> Gdd-gnso-ppsai-impl at icann.org
>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
> _______________________________________________ Gdd-gnso-ppsai-impl
> mailing list Gdd-gnso-ppsai-impl at icann.org https://mm.icann.org/mailman/l
> istinfo/gdd-gnso-ppsai-impl
>
>
>
>
>
> _______________________________________________
>
> Gdd-gnso-ppsai-impl mailing list
>
> Gdd-gnso-ppsai-impl at icann.org
>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
> _______________________________________________ Gdd-gnso-ppsai-impl
> mailing list Gdd-gnso-ppsai-impl at icann.org https://mm.icann.org/mailman/l
> istinfo/gdd-gnso-ppsai-impl
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing listGdd-gnso-ppsai-impl at icann.orghttps://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list
> Gdd-gnso-ppsai-impl at icann.org
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20171201/b97f83f8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2776 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20171201/b97f83f8/image001-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2778 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20171201/b97f83f8/image002-0001.gif>
More information about the Gdd-gnso-ppsai-impl
mailing list