[Gnso-epdp-legal] Notes and action items - EPDP Phase 2 Legal Committee Meeting #3

Mon Aug 12 10:16:01 UTC 2019

I think we need to add in the liability analysis to complete the 
picture. Even if something is not strictly prohibited, it may carry the 
risk of liability.

Volker

Am 10.08.2019 um 21:39 schrieb Leon Sanchez:
> Would everyone feel comfortable if, instead of submitting the question 
> along the complete use case, we submitted the question with a summary 
> of the situation that the use case tries to address?
>
>
> Kind regards,
>
>
>
> Leon Sanchez
> Board Director
> Internet Corporation for Assigned Names and Numbers (ICANN)
> leon.sanchez at board.icann.org <mailto:leon.sanchez at board.icann.org>
>
>
>
>> El 9 ago 2019, a las 15:19, Tatiana Tropina 
>> <tatiana.tropina at gmail.com <mailto:tatiana.tropina at gmail.com>> escribió:
>>
>> Hi Margie,
>> thanks for your reply. I guess then we will need to make a caveat 
>> that the case is just illustrative and is still being finalised by 
>> the group. I do find some issues with references to the legislation 
>> made in that case and the applicability of cited recitals, which 
>> possibly have to be changed or brought in conformity with applicable 
>> law/regulation. So if we submit the case fully and not just as a few 
>> lines illustrating "what's the case is about" -- there might be a 
>> problem.
>> Again, I guess we can discuss how to proceed during the next meeting 
>> of the legal team, but I want to flag this for now.
>> Cheers,
>> Tanya
>>
>> On Fri, 9 Aug 2019 at 22:10, Margie Milam <margiemilam at fb.com 
>> <mailto:margiemilam at fb.com>> wrote:
>>
>>     Hi Tatiana –
>>
>>     The use case is meant to be illustrative, to facilitate Bird &
>>     Bird’s general understanding in order to provide its analysis. 
>>     As a result I don’t believe that the use case needs to be
>>     finalized before it is presented.
>>
>>     All the best,
>>
>>     Margie
>>
>>     *From: *Tatiana Tropina <tatiana.tropina at gmail.com
>>     <mailto:tatiana.tropina at gmail.com>>
>>     *Date: *Friday, August 9, 2019 at 10:20 AM
>>     *To: *Margie Milam <margiemilam at fb.com <mailto:margiemilam at fb.com>>
>>     *Cc: *Caitlin Tubergen <caitlin.tubergen at icann.org
>>     <mailto:caitlin.tubergen at icann.org>>, "gnso-epdp-legal at icann.org
>>     <mailto:gnso-epdp-legal at icann.org>" <gnso-epdp-legal at icann.org
>>     <mailto:gnso-epdp-legal at icann.org>>
>>     *Subject: *Re: [Gnso-epdp-legal] Notes and action items - EPDP
>>     Phase 2 Legal Committee Meeting #3
>>
>>     Hi Margie,
>>
>>     a question - is this the case we discussed on the call yesterday?
>>     I just wonder if there is a need to reach a general agreement
>>     within the bigger EPDP team on this use case before we forward
>>     the question to legal -- there were some questions about the use
>>     case yesterday and SSAC said they would reply. I think there is a
>>     need to wait until at least the issues with the case are resolved
>>     before sending the question to legal? - but would listen to what
>>     others say.
>>
>>     But as we have 1,5 weeks before the next meeting, maybe this
>>     could be sorted.
>>
>>     Wish you and all others a great weekend,
>>
>>     Cheers,
>>
>>     Tanya
>>
>>     On Fri, 9 Aug 2019 at 18:55, Margie Milam <margiemilam at fb.com
>>     <mailto:margiemilam at fb.com>> wrote:
>>
>>         Hi-
>>
>>         Following up on the action items from Tuesday’s call -  I
>>         added the use case we discussed on yesterday’s call to
>>         Question 11.
>>
>>         **
>>
>>         *Updated Question 11*: Can legal counsel be consulted to
>>         determine whether GDPR prevents fast automated, and non-rate
>>         limited responses (as described in SSAC 101) to nonpublic
>>         WHOIS data with regards to the SSAC use case (Overarching
>>         Purpose: Crime and abuse investigation by non-law enforcement
>>         parties)for properly credentialed security practitioners (as
>>         defined in SSAC 101), who have agreed on appropriate
>>         safeguards?  If such access is not prohibited, can counsel
>>         provide examples of safeguards (such as pseudonymization)
>>         that should be considered? (BC)
>>
>>         All the best,
>>
>>         Margie
>>
>>         *From: *Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org
>>         <mailto:gnso-epdp-legal-bounces at icann.org>> on behalf of
>>         Caitlin Tubergen <caitlin.tubergen at icann.org
>>         <mailto:caitlin.tubergen at icann.org>>
>>         *Date: *Tuesday, August 6, 2019 at 11:07 AM
>>         *To: *"gnso-epdp-legal at icann.org
>>         <mailto:gnso-epdp-legal at icann.org>"
>>         <gnso-epdp-legal at icann.org <mailto:gnso-epdp-legal at icann.org>>
>>         *Subject: *[Gnso-epdp-legal] Notes and action items - EPDP
>>         Phase 2 Legal Committee Meeting #3
>>
>>         *Updated Question11*: Can legal counsel be consulted to
>>         determine whether GDPR prevents fast automated, and non-rate
>>         limited responses (as described in SSAC 101) to nonpublic
>>         WHOIS data for properly credentialed security practitioners
>>         (as defined in SSAC 101), who have agreed on appropriate
>>         safeguards?  If such access is not prohibited, can counsel
>>         provide examples of safeguards (such as pseudonymization)
>>         that should be considered? (BC)
>>
>>         _______________________________________________
>>         Gnso-epdp-legal mailing list
>>         Gnso-epdp-legal at icann.org <mailto:Gnso-epdp-legal at icann.org>
>>         https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
>>         <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dlegal&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=4Ct67L7B_OjiOzhFeRkGiZRNhJIU_MbBQeGI63cNa5I&s=euxVLQNefiEYd-TqfcuyjR1kybnG8vqVeVwoDX9xeRo&e=>
>>         _______________________________________________
>>         By submitting your personal data, you consent to the
>>         processing of your personal data for purposes of subscribing
>>         to this mailing list accordance with the ICANN Privacy Policy
>>         (https://www.icann.org/privacy/policy
>>         <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=4Ct67L7B_OjiOzhFeRkGiZRNhJIU_MbBQeGI63cNa5I&s=R9nOdr9ruR6dzN9mAoEy3HqOqKeXAxluNM0CPWYOHQc&e=>)
>>         and the website Terms of Service
>>         (https://www.icann.org/privacy/tos
>>         <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=4Ct67L7B_OjiOzhFeRkGiZRNhJIU_MbBQeGI63cNa5I&s=FQVQkCt49mSrAD_a0inmlfD8HcQRjSFCSfnphDTMIy0&e=>).
>>         You can visit the Mailman link above to change your
>>         membership status or configuration, including unsubscribing,
>>         setting digest-style delivery or disabling delivery
>>         altogether (e.g., for a vacation), and so on.
>>
>> _______________________________________________
>> Gnso-epdp-legal mailing list
>> Gnso-epdp-legal at icann.org <mailto:Gnso-epdp-legal at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of 
>> your personal data for purposes of subscribing to this mailing list 
>> accordance with the ICANN Privacy Policy 
>> (https://www.icann.org/privacy/policy) and the website Terms of 
>> Service (https://www.icann.org/privacy/tos). You can visit the 
>> Mailman link above to change your membership status or configuration, 
>> including unsubscribing, setting digest-style delivery or disabling 
>> delivery altogether (e.g., for a vacation), and so on.
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- 
Volker A. Greimann
General Counsel and Policy Manager
*KEY-SYSTEMS GMBH*

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of 
Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in 
England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190812/ceaca0fd/attachment-0001.html>