[Gnso-epdp-legal] Notes and action items - EPDP Phase 2 Legal Committee Meeting #3

Mon Aug 12 10:14:20 UTC 2019

Hi Margie,

this is not quite what I meant. I proposed reframing it in the 
affirmative in a clearly described circumstance:

*Updated Question 11*: Can legal counsel be consulted to determine 
whether in [completely defined Scenario X] a fast automated, and 
non-rate limited responses (as described in SSAC 101) to nonpublic WHOIS 
data for properly credentialed security practitioners (as defined in 
SSAC 101), who have agreed on appropriate safeguards would be 
permissable under the GDRP and not cause any liability in data 
controllers/processors with regard to unrightful disclosures? Or would 
any automated disclosure carry a potential for liability of the 
disclosing party? Can counsel provide examples of safeguards (such as 
pseudonymization/anonymization) that should be considered?

Best,

Volker

Am 09.08.2019 um 18:55 schrieb Margie Milam:
>
> Hi-
>
> Following up on the action items from Tuesday’s call -  I added the 
> use case we discussed on yesterday’s call to Question 11.
>
> **
>
> *Updated Question 11*: Can legal counsel be consulted to determine 
> whether GDPR prevents fast automated, and non-rate limited responses 
> (as described in SSAC 101) to nonpublic WHOIS data with regards to the 
> SSAC use case (Overarching Purpose: Crime and abuse investigation by 
> non-law enforcement parties)for properly credentialed security 
> practitioners (as defined in SSAC 101), who have agreed on appropriate 
> safeguards?  If such access is not prohibited, can counsel provide 
> examples of safeguards (such as pseudonymization) that should be 
> considered? (BC)**
>
> All the best,
>
> Margie
>
> *From: *Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> on behalf 
> of Caitlin Tubergen <caitlin.tubergen at icann.org>
> *Date: *Tuesday, August 6, 2019 at 11:07 AM
> *To: *"gnso-epdp-legal at icann.org" <gnso-epdp-legal at icann.org>
> *Subject: *[Gnso-epdp-legal] Notes and action items - EPDP Phase 2 
> Legal Committee Meeting #3
>
> *Updated Question11*: Can legal counsel be consulted to determine 
> whether GDPR prevents fast automated, and non-rate limited responses 
> (as described in SSAC 101) to nonpublic WHOIS data for properly 
> credentialed security practitioners (as defined in SSAC 101), who have 
> agreed on appropriate safeguards?  If such access is not prohibited, 
> can counsel provide examples of safeguards (such as pseudonymization) 
> that should be considered? (BC)
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- 
Volker A. Greimann
General Counsel and Policy Manager
*KEY-SYSTEMS GMBH*

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of 
Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in 
England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190812/cd9915fb/attachment.html>