[Gdd-gnso-ppsai-impl] Materials, action items from 17 Oct Privacy/Proxy IRT call
Theo Geurts
gtheo at xs4all.nl
Wed Nov 22 17:09:40 UTC 2017
How much of this is expected to be obsolete next year, even if only for
some subset (EU) of Registrants?
It looks like we are going to end up with a very complex & burdensome
accreditation program, with the above in mind is this justified?
Again, I think we are moving out of scope due to shifting dynamics.
Theo
On 22-11-2017 17:59, Chris Pelling wrote:
> I agree with Darcy, before running, we need to walk and understand the
> GDPR implications first for our work. There is no point wasting
> valuable time creating policy/procedures if at the end of the day they
> will be in violation of GDPR - it wastes everyones time and resources.
>
> Kind regards,
>
> Chris
>
> ------------------------------------------------------------------------
> *From: *"Darcy Southwell" <darcy.southwell at endurance.com>
> *To: *"theo geurts" <gtheo at xs4all.nl>, gdd-gnso-ppsai-impl at icann.org,
> "Steven Metalitz" <met at msk.com>, "Sara Bockey" <sbockey at godaddy.com>
> *Sent: *Wednesday, 22 November, 2017 15:19:11
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17
> Oct Privacy/Proxy IRT call
>
> Agree with Theo.
>
> @Steve, My concern here is that we’re moving forward with developing
> processes that may violate the GDPR, which goes into effect in just
> six months. It seems far more efficient to identify and discuss how
> GDPR affects any PDP policy recommendations before finalizing
> processes. We need to take a step back to do that first. I’m
> certainly not a GDPR expert, but data collection and transmission
> registrants who are EU residents appear to be problematic if we
> continue to ignore the GDPR.
>
> Darcy
>
> *From: *theo geurts <gtheo at xs4all.nl>
> *Date: *Tuesday, November 21, 2017 at 12:50 PM
> *To: *<gdd-gnso-ppsai-impl at icann.org>, "Metalitz, Steven"
> <met at msk.com>, 'Darcy Southwell' <darcy.southwell at endurance.com>, Sara
> Bockey <sbockey at godaddy.com>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from 17
> Oct Privacy/Proxy IRT call
>
> Hi all,
>
> Some comments.
> @Darcy I agree on all points, very fundamental, and I think worth
> discussing at the Dec 5th meeting.
>
> 1 I agree Vlad's suggestion is good, the only question I have, and we
> discussed this earlier, do we wait for the second Hamilton piece or do
> we already have enough? I am not sure where at right now, perhaps
> staff can weigh in some to get a sense here.
> 3 PSWG liaison to the IRT, what is the status? Can we indeed confirm
> his availability?
>
> @Steve, your question to Darcy about the GDPR and the impact, and
> obviously I am not Darcy ;) but we contracted parties spent a ton of
> time on this GDPR thing, and we get frustrated how this GDPR keeps
> creeping up on us from angles we never imagined.
>
> Thick WHOIS IRT, I don't have to remind you there, you and I spent a
> lot of time there wrapping it up. Since Johannesburg, that thing has
> been a moving target.
>
> The WG recommendations for the PPSAI were made under different
> circumstances, and I hope you and fellow IRT members can understand we
> registrars we do not want a repeat here.
> Going through an exempt process with compliance is just
> time-consuming, costing money and all that. We need to be in scope
> here, and if we are not, we go back to the GNSO.
>
> Does this make any sense?
>
> Best
>
> Theo Geurts
>
> On 21-11-2017 20:39, Metalitz, Steven wrote:
>
> Re item 3 in Darcy’s list, I understand contact has been
> established with the new PSWG liaison to the IRT. Can we confirm
> his availability to participate in a call on December 5?
>
> Re item 1 I would note Vlad’s earlier comment to the list, which I
> support: “Maybe we can focus on critical issues that are not
> related to GDPR, and once ICANN comes back to us with some clarity
> on GDPR then we can tackle those issues.”
>
> Finally, Darcy perhaps you could clarify how you think these
> issues could be discussed constructively “before moving forward
> with reviewing the draft documents.” Items 2 and 3 seem to refer
> to specific points in one or more of the draft documents. Re item
> 1, can you identify any specific points in the draft documents you
> would like to discuss with regard to the impact of GDPR?
>
> *mage001*
>
> *Steven J. Metalitz *|***Partner, through his professional
> corporation*
>
> T: 202.355.7902 | met at msk.com <mailto:met at msk.com>
>
> *Mitchell Silberberg & Knupp**LLP*|*www.msk.com <http://www.msk.com/>*
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
> *THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY
> FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED
> RECIPIENTS.**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION,
> AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS
> MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT
> ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS
> MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY
> REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL
> ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
>
> *From:*Darcy Southwell [mailto:darcy.southwell at endurance.com]
> *Sent:* Tuesday, November 21, 2017 2:00 PM
> *To:* gdd-gnso-ppsai-impl at icann.org
> <mailto:gdd-gnso-ppsai-impl at icann.org>; Metalitz, Steven; Sara Bockey
> *Subject:* Re: [Gdd-gnso-ppsai-impl] Materials, action items from
> 17 Oct Privacy/Proxy IRT call
>
> @ICANN Staff,
>
> I wanted to re-raise the issues mentioned below in advance our
> next meeting on 5 December. I think many IRT members would like
> to see us tackle these issues first before moving forward with
> reviewing the draft documents. Specifically:
>
> 1.Impact of GDPR on policy/implementation (i.e., aspects of the
> recommendations from the Final Report that will be impacted by the
> GDPR).
>
> 2.Contradictions between draft implementation language and the
> Final Report (e.g., how/why this is happening).
>
> 3.Concerns with proposed framework Public Safety Working Group.
>
> I suggest that our 5 Dec. agenda should focus on these discussion
> items.
>
> Thanks,
>
> Darcy
>
> *From: *Darcy Southwell <darcy.southwell at endurance.com
> <mailto:darcy.southwell at endurance.com>>
> *Date: *Tuesday, November 7, 2017 at 7:47 AM
> *To: *<gdd-gnso-ppsai-impl at icann.org
> <mailto:gdd-gnso-ppsai-impl at icann.org>>, "Metalitz, Steven"
> <met at msk.com <mailto:met at msk.com>>, Sara Bockey
> <sbockey at godaddy.com <mailto:sbockey at godaddy.com>>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from
> 17 Oct Privacy/Proxy IRT call
>
> I agree with Theo. The scope has changed and implementation is
> impacted by GDPR. While I appreciate that Steve wants to move
> forward expeditiously, I don’t believe we can do so without
> jeopardizing the creation of an effective program. Further, in
> just the last week or so, issues have been raised about
> implementation language contradicting the policy. The role of an
> IRT is to implement the consensus policy produced in the PDP and
> we need to spend sufficient time reviewing and discussing the
> implementation to ensure we’re not changing policy. Similarly, I
> think there were questions raised about the proposed framework
> Public Safety Working Group. In addition to policy creep, I
> believe concerns were expressed that staff failed to modify the
> proposed framework based on the feedback from IRT participants.
> Rather than picking through the documents line by line, it seems
> like we should step back and have a discussion about the concepts
> to ensure we’re making progress toward an effective implementation
> that reflects the policy. There have also been repeated questions
> raised about the over-engineering of this implementation. Because
> many of the meetings have focused on reviewing language from a
> specific section (rather than reviewing issues as whole items), it
> seems like we haven’t gotten past this issue, and should probably
> take a fresh look at that to ensure we’re not making this
> implementation more complicated than it needs to be. We all know
> that doesn’t lead us to a better implementation. Right now, we
> have four draft documents for review/input: (1) accreditation
> agreement, (2) de-accreditation process, (3) applicant guide, and
> (4) data escrow specification. For many members, these require
> operational and legal review (at a minimum). Many registrars have
> commented that 1 December is the earliest they can provide full
> feedback given the complexity of these documents (although not all
> have committed to that date).
>
> Given these issues, as well as the fact that the privacy/proxy
> challenge stemming from IRTP-C needs to be added to this IRT for a
> solution, we need to take a step back and address these critical
> issues first. This isn’t about derailing the IRT; it’s about
> ensuring we don’t create an implementation that’s an operational
> nightmare for providers as well as registrants and end users – and
> that means addressing these critical issues first.
>
> Thanks,
>
> Darcy
>
> *From: *<gdd-gnso-ppsai-impl-bounces at icann.org
> <mailto:gdd-gnso-ppsai-impl-bounces at icann.org>> on behalf of theo
> geurts <gtheo at xs4all.nl <mailto:gtheo at xs4all.nl>>
> *Reply-To: *<gdd-gnso-ppsai-impl at icann.org
> <mailto:gdd-gnso-ppsai-impl at icann.org>>
> *Date: *Monday, November 6, 2017 at 12:27 PM
> *To: *<gdd-gnso-ppsai-impl at icann.org
> <mailto:gdd-gnso-ppsai-impl at icann.org>>, "Metalitz, Steven"
> <met at msk.com <mailto:met at msk.com>>, Sara Bockey
> <sbockey at godaddy.com <mailto:sbockey at godaddy.com>>
> *Subject: *Re: [Gdd-gnso-ppsai-impl] Materials, action items from
> 17 Oct Privacy/Proxy IRT call
>
> Hi Steve, Vicky,
>
> Now your argument is logical and makes sense.
> Yes, as I mentioned before, CPH's will implement privacy services
> on many different levels to comply with the GDPR, we agree here.
>
> My biggest problem with the PPSAI IRT is the changing dynamics.
> The WG contemplated and discussed and made recommendations based
> on a very fixed situation.
>
> In my opinion, privacy services should not be used as bandaid for
> data protection problems.
> Complying with data protection laws was not the driving force
> during the WG days, and now it is.
>
> I think the scope of the IRT has changed and we should deal with
> this before we move on. We need to think a little smarter and
> deeper here before we unleash this to many contracted parties who
> have zero experience with these services and will be required to
> implement this to comply with data protection laws.
>
> So how do we do that? I think a fixed set of procedures and
> contractual agreements are essential, yet I do not want us to
> enter into a situation that causes more issues and forces
> providers into a situation that we need to ask compliance to defer.
> https://www.icann.org/resources/pages/contractual-compliance-statement-2017-11-02-en
>
> I think that scenario is unwanted for everyone on the IRT is it not?
>
> Thanks,
>
> Theo Geurts
>
> On 6-11-2017 19:40, Metalitz, Steven wrote:
>
> I strongly second Vicky’s comments. The ongoing ICANN work re
> GDPR is of course very important, but let’s not let it derail
> progress on the path we have moved so far along toward a P/P
> service accreditation framework to present to the community.
>
> In that regard, I have some sympathy (empathy?) for those
> requesting a relaxation of the comment deadline in light of so
> much other activity demanding our attention. May I suggest
> that we try to get as many proposed edits onto the list before
> our November 14 call (with much thanks to those who have
> already done so), with the goal of dealing with them then if
> possible, but leaving the door open for further edits over the
> next couple of weeks if necessary.
>
> Finally, some ICANN groups are adjusting the scheduling of
> their calls to reflect the return to standard time in North
> America and Europe. Is this group doing so as well? If our
> calls stay at 1400 UTC that is now 9 am EST and 6 am for those
> on Pacific time. Moving to 1500 UTC would retain the
> pre-existing local start times, I believe.
>
> Steve Metalitz
>
> *ge001*
>
> *Steven J. Metalitz *|***Partner, through his professional
> corporation*
>
> T: 202.355.7902 | met at msk.com <mailto:met at msk.com>
>
> *Mitchell Silberberg & Knupp**LLP*|*www.msk.com
> <http://www.msk.com/>*
>
> 1818 N Street NW, 8th Floor, Washington, DC 20036
>
> *THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED
> ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED
> RECIPIENTS.**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT
> COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF
> THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU
> ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION,
> FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED.
> PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND
> DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR
> SYSTEM. THANK YOU.*
>
> *From:*gdd-gnso-ppsai-impl-bounces at icann.org
> <mailto:gdd-gnso-ppsai-impl-bounces at icann.org>
> [mailto:gdd-gnso-ppsai-impl-bounces at icann.org] *On Behalf Of
> *Victoria Sheckler
> *Sent:* Tuesday, October 31, 2017 5:55 PM
> *To:* gdd-gnso-ppsai-impl at icann.org
> <mailto:gdd-gnso-ppsai-impl at icann.org>; Sara Bockey
> *Subject:* Re: [Gdd-gnso-ppsai-impl] Materials, action items
> from 17 Oct Privacy/Proxy IRT call
>
> Please note that ICANN’s work on GDPR’s on a separate track
> and that one thing we know almost for sure is that the
> adoption of rational, predictable rules for privacy/proxy will
> be more important post-GDPR than it ever was. So please let’s
> get those rules in place as expeditiously as possible.
>
> On 30-10-2017 11:32, Sara Bockey wrote:
>
> Caitlin,
>
> Thanks for the revised docs. A few items at first glance
> that need to be revised, as I believe they have been
> discussion/raised before. I will take a closer look and
> follow up with additional edits, but in the meantime…
>
> 1. Edit the definitions of Proxy Service and Privacy
> Service to match the definitions provided in the Final
> Report/2013 RAA
>
> 1. The definitions of Privacy Service and Proxy
> Service reflect those in the 2013 RAA.
> 2. In this context, the 2013 RAA also defines
> “Registered Name” as a domain name within the
> domain of a gTLD, about which a gTLD Registry
> Operator (or an Affiliate or subcontractor thereof
> engaged in providing Registry Services) maintains
> data in a Registry Database, arranges for such
> maintenance, or derives revenue from such
> maintenance, and “Registered Name Holder” is
> defined as the holder of a Registered Name.
> 3. It’s noted that ICANN staff has replace
> “Registered Name Holder” with “Customer” in many
> instances, but I question the logic in that since
> it is inconsistent with the RAA.
>
> 2. Edit Sections 3.5.3.3. thru 3.5.3.6 to take into
> consideration GDPR requirements regarding consent.
>
> 1. Consent must be explicitly given for each purpose
> and can be withdrawn at any time and not a
> requirement for registration or use of the
> service. Therefore, 3.5.3.3. – 3.5.3.6 (at a
> minimum) are not compatible and must be revise.
>
> 3. Edit section 3.12.2, as it still contains new language
> that has been added since the IRT agreement on
> language in August. The first sentence in its
> entirety should be removed.
>
> 1. The section should start with “Well founded…”
>
> Additionally, the following sections need revision or at a
> minimum further discuss by the IRT
>
> 4. Edit Section 3.14 to remove the language re no
> automation. This is not feasible. This language must
> be removed:
>
> 1. Provider shall not use high-volume, automated
> electronic processes (for example, processes that
> do not utilize human review) for sending Requests
> or responses to Requests to Requesters or
> Customers in performing any of the steps in the
> processes outlined in the Intellectual Property
> Disclosure Framework Specification.
>
> 5. Edit Section 3.15 – Labeling – to remove excessive
> language.
>
> 1. Provider shall ensure that each Registered Name
> for which Provider is providing the Services is
> clearly labeled as such in the Registration Data
> Directory Service, as specified in the Labeling
> Specification attached hereto, and shall otherwise
> comply with the requirements of the Labeling
> Specification attached hereto. This language is
> duplicative and not necessary. Let’s not add
> unnecessary words to this already long document.
> If there are doing to be extra works, perhaps
> mention complying with applicable local laws in
> light of GDPR.
>
> *sara bockey*
>
> *sr. policy manager | **Go**Daddy^™ *
>
> *sbockey at godaddy.com <mailto:sbockey at godaddy.com>
> 480-366-3616*
>
> *skype: sbockey*
>
> /This email message and any attachments hereto is intended
> for use only by the addressee(s) named herein and may
> contain confidential information. If you have received
> this email in error, please immediately notify the sender
> and permanently delete the original and any copy of this
> message and its attachments./
>
> *From: *<gdd-gnso-ppsai-impl-bounces at icann.org>
> <mailto:gdd-gnso-ppsai-impl-bounces at icann.org> on behalf
> of Caitlin Tubergen <caitlin.tubergen at icann.org>
> <mailto:caitlin.tubergen at icann.org>
> *Reply-To: *"gdd-gnso-ppsai-impl at icann.org"
> <mailto:gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org>
> <mailto:gdd-gnso-ppsai-impl at icann.org>
> *Date: *Wednesday, October 25, 2017 at 4:44 AM
> *To: *"gdd-gnso-ppsai-impl at icann.org"
> <mailto:gdd-gnso-ppsai-impl at icann.org>
> <gdd-gnso-ppsai-impl at icann.org>
> <mailto:gdd-gnso-ppsai-impl at icann.org>
> *Subject: *[Gdd-gnso-ppsai-impl] Materials, action items
> from 17 Oct Privacy/Proxy IRT call
>
> Dear Colleagues,
>
> Thanks so much for your participation on today’s
> Privacy/Proxy IRT call. For those who could not attend, I
> encourage you to review the recording and materials on the
> wiki, https://community.icann.org/display/IRT/24+October+2017.
>
> During the call, we discussed an overview of the changes
> to the draft PPAA.
>
> Please note that ICANN proposed a deadline of *Tuesday,*
> *14 November* for all comments, concerns, and edits to the
> draft PPAA. The changes from the last iteration, provided
> to the IRT in July, have been highlighted in the attached
> issues list. Please respond to the list if you would like
> to request a longer review period.
>
> During ICANN60, we will be presenting an overview of the
> P/P program’s status to the community. Attached, please
> find the slide deck for the presentation.
>
> To highlight a few notes from the IRT’s discussion this
> morning, we received feedback to:
>
> 1. Edit the definition of *Working Group in Section
> 1.43*, to specify that the Provider Stakeholder Group,
> if formed, shall only appoint the /provider/
> representatives of the Working Group, and the GNSO may
> appoint other members of the community.
>
> **
>
> 2. Add back in the previously-deleted *Code of Conduct
> *language in *Section 3.5.1*.
>
> **
>
> **
>
> 3. Add back in the previously-deleted *review provision
> *in *Section 7 of the Customer Data Accuracy Program
> Specification*.
>
> **
>
> If you believe the above items do not reflect the intent
> of the Working Group’s recommendations, please reply to
> the list by *14 November 2017*.
>
> Thank you, and safe travels to those of you attending
> ICANN 60!
>
> Kind regards,
>
> *Caitlin Tubergen*
>
> Registrar Services and Engagement Senior Manager
>
> ICANN
>
> 12025 Waterfront Drive, Suite 300
>
> Los Angeles, CA 90094
>
> Office: +1 310 578 8666
>
> Mobile: +1 310 699 5326
>
> Email: caitlin.tubergen at icann.org
> <mailto:caitlin.tubergen at icann.org>
>
> _______________________________________________
>
> Gdd-gnso-ppsai-impl mailing list
>
> Gdd-gnso-ppsai-impl at icann.org
> <mailto:Gdd-gnso-ppsai-impl at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl at icann.org
> <mailto:Gdd-gnso-ppsai-impl at icann.org>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
>
>
>
> _______________________________________________
>
> Gdd-gnso-ppsai-impl mailing list
>
> Gdd-gnso-ppsai-impl at icann.org
> <mailto:Gdd-gnso-ppsai-impl at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl at icann.org
> <mailto:Gdd-gnso-ppsai-impl at icann.org>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
>
>
> _______________________________________________
>
> Gdd-gnso-ppsai-impl mailing list
>
> Gdd-gnso-ppsai-impl at icann.org <mailto:Gdd-gnso-ppsai-impl at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
>
>
>
>
> _______________________________________________
> Gdd-gnso-ppsai-impl mailing list
> Gdd-gnso-ppsai-impl at icann.org
> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20171122/2748e9c3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2773 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20171122/2748e9c3/image001-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2775 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20171122/2748e9c3/image002-0001.gif>
More information about the Gdd-gnso-ppsai-impl
mailing list