[Gnso-epdp-legal] Proposed agenda - EPDP Phase 2 Legal Committee Meeting #4

Hadia El Miniawi hadiaminiawi at yahoo.com
Tue Aug 20 15:12:01 UTC 2019 

 
Hi All,

Following Today's discussion and as suggested during the call, I propose explicitly mentioning the automation of the balancing test in our question

Updated Question 9: Assuming that there is a policy that allows accredited parties to access non-public WHOIS data through an SSAD (and requires the accredited party to commit to certain reasonable safeguards similar to a code of conduct), is it legally permissible under Article 6(1)(f) to:

(1)define specific categories of requests from accredited parties (e.g. rapid response to a malware attack or contacting a non-responsive IP infringer), for which there can be automated submissions for non-public WHOIS data, without having to manually verify the qualifications of the accredited parties for each individual disclosure request
(2)Automate the balancing test required under Article 6(1) f 
(3)Automate disclosures of such data, without requiring a manual review by the controller or processor of each individual disclosure request.
 

In addition, if it is not possible to automate any of these steps, please provide guidance in relation to the preferable process 
     On Monday, August 19, 2019, 9:59:36 PM EDT, Margie Milam <margiemilam at fb.com> wrote:  
 
 #yiv8259739864 #yiv8259739864 -- _filtered #yiv8259739864 {font-family:Wingdings;panose-1:5 0 0 0 0 0 0 0 0 0;} _filtered #yiv8259739864 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv8259739864 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}#yiv8259739864 #yiv8259739864 p.yiv8259739864MsoNormal, #yiv8259739864 li.yiv8259739864MsoNormal, #yiv8259739864 div.yiv8259739864MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:11.0pt;font-family:sans-serif;}#yiv8259739864 a:link, #yiv8259739864 span.yiv8259739864MsoHyperlink {color:#0563C1;text-decoration:underline;}#yiv8259739864 a:visited, #yiv8259739864 span.yiv8259739864MsoHyperlinkFollowed {color:#954F72;text-decoration:underline;}#yiv8259739864 p.yiv8259739864MsoListParagraph, #yiv8259739864 li.yiv8259739864MsoListParagraph, #yiv8259739864 div.yiv8259739864MsoListParagraph {margin-top:0in;margin-right:0in;margin-bottom:0in;margin-left:.5in;margin-bottom:.0001pt;font-size:11.0pt;font-family:sans-serif;}#yiv8259739864 p.yiv8259739864msonormal0, #yiv8259739864 li.yiv8259739864msonormal0, #yiv8259739864 div.yiv8259739864msonormal0 {margin-right:0in;margin-left:0in;font-size:11.0pt;font-family:sans-serif;}#yiv8259739864 span.yiv8259739864EmailStyle18 {font-family:sans-serif;color:windowtext;}#yiv8259739864 .yiv8259739864MsoChpDefault {font-size:10.0pt;} _filtered #yiv8259739864 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv8259739864 div.yiv8259739864WordSection1 {}#yiv8259739864 _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Symbol;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Wingdings;} _filtered #yiv8259739864 {font-family:Symbol;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Wingdings;} _filtered #yiv8259739864 {font-family:Symbol;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Wingdings;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {margin-left:38.65pt;font-family:Symbol;} _filtered #yiv8259739864 {margin-left:74.65pt;} _filtered #yiv8259739864 {margin-left:110.65pt;font-family:Wingdings;} _filtered #yiv8259739864 {margin-left:146.65pt;font-family:Symbol;} _filtered #yiv8259739864 {margin-left:182.65pt;} _filtered #yiv8259739864 {margin-left:218.65pt;font-family:Wingdings;} _filtered #yiv8259739864 {margin-left:254.65pt;font-family:Symbol;} _filtered #yiv8259739864 {margin-left:290.65pt;} _filtered #yiv8259739864 {margin-left:326.65pt;font-family:Wingdings;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Symbol;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Wingdings;} _filtered #yiv8259739864 {font-family:Symbol;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Wingdings;} _filtered #yiv8259739864 {font-family:Symbol;} _filtered #yiv8259739864 {} _filtered #yiv8259739864 {font-family:Wingdings;}#yiv8259739864 ol {margin-bottom:0in;}#yiv8259739864 ul {margin-bottom:0in;}#yiv8259739864 
Hi-
 
  
 
I wasn’t able to sync with Hadia today, but here is my suggested revision to address her concerns:
 
  
 
Updated Question 9: Assuming that there is a policy that allows accredited parties to access non-public WHOIS data through an SSAD (and requires the accredited party to commit to certain reasonable safeguards similar to a code of conduct), is it legally permissible under Article 6(1)(f) to:
 
  
    
   - define specific categories of requests from accredited parties (e.g. rapid response to a malware attack or contacting a non-responsive IP infringer), for which there can be automated submissions for non-public WHOIS data, without having to manually verify the qualifications of the accredited parties for each individual disclosure request, and/or
   - enable automated disclosures of such data, without requiring a manual review by the controller or processor of each individual disclosure request.
 
  
 
In addition, if it is not possible to automate any of these steps, please provide any guidance for how to perform the balancing test under Article 6(1)(f).
 
  
 
All the best,
 
  
 
Margie
 
  
 
From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> on behalf of Caitlin Tubergen <caitlin.tubergen at icann.org>
Date: Friday, August 16, 2019 at 3:09 PM
To: "gnso-epdp-legal at icann.org" <gnso-epdp-legal at icann.org>
Subject: [Gnso-epdp-legal] Proposed agenda - EPDP Phase 2 Legal Committee Meeting #4

  
 
Updated Question 9: Assuming that there is a policy that allows accredited parties to access non-public WHOIS data through an SSAD (and requires the accredited party to commit to certain reasonable safeguards similar to a code of conduct), is it legally possible to have automated disclosures to third parties that have requested access under 6(1)(f)? If it is possible, please provide any guidance for how this can be accomplished. For example, is it legally permissible to define specific categories of requests (e.g. rapid response to a malware attack or contacting a non-responsive IP infringer) to identify types of user groups or processing activities that reduce the need for manual review?  In addition, please describe the circumstances (if any) where a manual review is required under 6(1)(f), and any guidance for how to perform this balancing test.
 _______________________________________________
Gnso-epdp-legal mailing list
Gnso-epdp-legal at icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190820/f52ee42b/attachment.html>

More information about the Gnso-epdp-legal mailing list