[Gnso-epdp-legal] Proposed agenda - EPDP Phase 2 Legal Committee Meeting #4

Margie Milam margiemilam at fb.com
Mon Aug 19 19:17:17 UTC 2019 

Hi-
Following up on Question 11 – here is a an updated question with a summary to replace the SSAC use case:
Updated Question 11:

Is it permissible under GDPR to provide fast, automated, and non-rate limited responses (as described in SSAC 101) to nonpublic WHOIS data for properly credentialed security practitioners (as defined in SSAC 101)  who are responsible for defense against e-crimes (including network operators, providers of online services, commercial security services, cyber-crime investigators) for use in investigations and mitigation activities to protect their network, information systems or services (as referenced in GDPR Recital 49) and have agreed on appropriate safeguards? Or would any automated disclosure carry a potential for liability of the disclosing party, or the controllers or processors of such data? Can counsel provide examples of safeguards (such as pseudonymization/anonymization) that should be considered?


Talk to you tomorrow.

All the best,
Margie

From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> on behalf of Caitlin Tubergen <caitlin.tubergen at icann.org>
Date: Friday, August 16, 2019 at 3:09 PM
To: "gnso-epdp-legal at icann.org" <gnso-epdp-legal at icann.org>
Subject: [Gnso-epdp-legal] Proposed agenda - EPDP Phase 2 Legal Committee Meeting #4

Updated Question 11: Can legal counsel be consulted to determine whether in [completely defined Scenario X] a fast automated, and non-rate limited responses (as described in SSAC 101) to nonpublic WHOIS data for properly credentialed security practitioners (as defined in SSAC 101), who have agreed on appropriate safeguards would be permissible under the GDRP and not cause any liability in data controllers/processors with regard to unrightful disclosures? Or would any automated disclosure carry a potential for liability of the disclosing party? Can counsel provide examples of safeguards (such as pseudonymization/anonymization) that should be considered?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190819/824170a3/attachment-0001.html>

More information about the Gnso-epdp-legal mailing list