[Gdd-gnso-ppsai-impl] Materials, discussion topics for this week's PP IRT meeting

Amy Bivins amy.bivins at icann.org
Wed Sep 12 13:23:17 UTC 2018 

Thanks, Steve, and all.

I'm updating the draft to correct the locations of the comments, and will distribute that before tomorrow's meeting. I'm also adding in all of the comments over the last couple of days on the list (truncating, where appropriate, as the threads have continued).

On your question about a staff proposal on logging-there isn't one at this stage. As background, note the 5 July communication to ICANN org from the EDPB, which references this topic on p. 5, https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-05jul18-en.pdf

I'm doing everything I can to ensure the IRT's feedback is reviewed by the internal team and responded to as quickly as possible. I'll keep the group up to date on status as I have more information.

Thanks, and I look forward to speaking with you tomorrow.

Amy

From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org> On Behalf Of Metalitz, Steven
Sent: Tuesday, September 11, 2018 11:54 AM
To: gdd-gnso-ppsai-impl at icann.org
Subject: Re: [Gdd-gnso-ppsai-impl] Materials, discussion topics for this week's PP IRT meeting

Hi Amy,

A few additional comments on the PPAA text and suggested revisions to it.

First, could you please check the accuracy of the location of the comment boxes on the redline.  For example, the string of comments beginning with AB13 should be keyed to section 3.5.3.4 on page 12, not to 3.5.3.3.4 on page 10.  Similarly, the string beginning with AB 16 belongs with 3.5.3.8 on page 12, not with 3.5.3.3.8.

Second, with regard to the consent issue (keyed to 3.5.3.4):  Volker, I am not questioning that "forced consent is a no-no" under GDPR.  The significance of this issue is whether a service can be denied based on the customer's refusal to consent to processing of data, or her withdrawal of that consent.  I am not challenging the view that in the case of the provider of registration services, such a denial of service (for failure to consent to processing of registration contact data by making it public) is problematic under GDPR, because (taking a narrow view of the service being provided) the processing is not required to provide the service.  However, this calculus is different where the service being provided is a privacy/proxy service, i.e., the essence of the service being provided is the processing of precisely this data.  It's hard to see how this service could be provided if the customer withdrew consent for the provider to process it.  For this reason, it seems to me, the obtaining of consent (now a defined term in the PPAA, see 1.8) remains relevant and a sufficient basis to justify the processing required.

To give a simple-minded analogy, suppose you offer me the service of printing my business cards.  I contract with you to provide this service, but withhold or withdraw my consent to processing of my name, address, contact points, etc.   Are you still obligated to provide the service, or would you be justified in terminating the contract?

Third,  regarding 3.6 on accreditation fees, this is one area in which the Whois 2 Review Team draft report may be relevant (though of course not binding):

"The RDSWHOIS2 Review Team therefore views with concern the current intent of ICANN to fund the privacy/proxy service accreditation program solely by charging providers accreditation and annual fees comparable to the fees payable by ICANN accredited registrars. The RDS-WHOIS2 Review Team considers that such fees could have an effect counterproductive to the overall goal of the program. Creating a cost barrier next to the new policy requirements at a time that the use of such services is expected to decline due to the practical effects of GDPR is likely to cause low adoption of the accreditation program by providers.  " (p. 67)

Fourth, in paragraph 3.11.5 on page 17, what is a "generic email address"?

Fifth, regarding the question in your e=mail about "provider logging of third-party requests for non-public RDDS data," I would have no objection in principle to requiring this, but isn't the more sensitive question who has access to such logs and under what conditions?  Does the staff have a specific proposal to make on this topic?  If so can you bring it forward now?

Finally, it is disappointing that the staff won't have any "official feedback" for us this week on the points already raised in discussion of the revised PPAA over the past two weeks.  Can we get a commitment to a response by say Sept. 17 so we will have a chance to review and comment on it prior to the Sept. 20 call?

Thanks Amy!

Steve Metalitz




From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces at icann.org<mailto:gdd-gnso-ppsai-impl-bounces at icann.org>> On Behalf Of Amy Bivins
Sent: Monday, September 10, 2018 2:53 PM
To: gdd-gnso-ppsai-impl at icann.org<mailto:gdd-gnso-ppsai-impl at icann.org>
Subject: [Gdd-gnso-ppsai-impl] Materials, discussion topics for this week's PP IRT meeting

Dear Colleagues,

Thank you for your feedback on the list since our last meeting. We will continue to discuss your feedback on the PPAA draft during our next PPIRT meeting on Thursday, 13 September, 1600 UTC. The most recent PPAA draft, including comments received on the list since our last meeting, is attached.

Action Item: The purpose of our call this week is to continue reviewing your feedback on the PPAA draft. We will pick up at Section 3.5, where we adjourned last week. If you have any additional items that you would like to note in this week's discussion version of the draft (for display in the AC room), please send them to the list no later than your end of day Wednesday.

Action Item: We'd also like to hear any feedback you have on the possibility of adding a PPAA provision(s) to require provider logging of third-party requests for non-public RDDS data. Please consider this possibility and share any feedback you have on the list this week or during Thursday's call.

I'm attaching a screenshot of the results of the PP IRT poll.

Of the 15 IRT members who responded to the poll:

  *   Nine IRT members answered "yes" to the question, "Do you believe that the Privacy and Proxy Service Provider Accreditation Program Implementation Review Team should consult with the GNSO Council prior to proceeding to public comment due to one or more Policy questions surrounding the implementation of the Final Recommendations?" (8-registrar; 1-no affiliation provided)

  *   Six IRT members answered "No." (2-PSWG, 1-registrar, 2-IPC, 1-BC)

Your feedback on the PPAA draft and all other issues is being shared with the broader internal team for review. I won't have official feedback to share this week, but am hoping that there will be more to share next week.

Best,
Amy

Amy E. Bivins
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax:  +1 (202) 789-0104
Email: amy.bivins at icann.org<mailto:amy.bivins at icann.org>
www.icann.org<http://www.icann.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gdd-gnso-ppsai-impl/attachments/20180912/6e5e06a7/attachment.html>

More information about the Gdd-gnso-ppsai-impl mailing list