[Gnso-epdp-legal] [Ext] RE: For your review: First batch of questions to be sent to EPDP Team for final sign-off

Volker Greimann vgreimann at key-systems.net
Thu Aug 22 12:01:22 UTC 2019 

Just adding my support for this approach.

Am 22.08.2019 um 13:42 schrieb Thomas Rickert (eco):
> Hi Caitlin,
> I would like to subscribe to Brian’s note. The anchor question is 
> pretty decisive for what we are doing. Delaying that will have an 
> impact on our work and timeline. Maybe our dear leadership team is 
> willing to reconsider. But, as Brian, I will respect any decision made 
> on this.
>
> Thomas
>
> *****
> rickert.law
>
>
>
> On Wed, Aug 21, 2019 at 11:00 PM +0200, "King, Brian via 
> Gnso-epdp-legal" <gnso-epdp-legal at icann.org 
> <mailto:gnso-epdp-legal at icann.org>> wrote:
>
>     Hi Caitlin,
>
>     You’re welcome. While I slightly disagree with that approach as
>     I’d rather have the anchor question introduced with the others, I
>     will respect that decision, and I look forward to a productive
>     call tomorrow.
>
>     Thank you.
>
>     *Brian J. King *
>     Director of Internet Policy and Industry Affairs
>
>     T +1 443 761 3726_
>     markmonitor.com <http://www.markmonitor.com>_
>
>     *MarkMonitor
>     *Protecting companies and consumers in a digital world
>
>     *From:*Caitlin Tubergen <caitlin.tubergen at icann.org>
>     *Sent:* Wednesday, August 21, 2019 4:32 PM
>     *To:* King, Brian <Brian.King at markmonitor.com>
>     *Cc:* gnso-epdp-legal at icann.org
>     *Subject:* Re: [Ext] RE: For your review: First batch of questions
>     to be sent to EPDP Team for final sign-off
>
>     Hi Brian,
>
>     Thank you for the message, and thank to you and Thomas for quickly
>     reverting to the Legal Committee with the updated language for Q 2/5.
>
>     EPDP Leadership is keen to show the plenary team some progress
>     from the Legal Committee during tomorrow’s call. We do understand
>     how the anchor question informs the other questions the Legal
>     Committee has been working on. Because the other members of the
>     Legal Committee will not have sufficient time to review the
>     updated text by the provided deadline of 16:00 UTC, we will send
>     the first batch of questions to the plenary team but note that an
>     anchor question regarding contracted party liability will be
>     forthcoming soon.
>
>     Thank you.
>
>
>     Best regards,
>
>     Marika, Berry, and Caitlin
>
>     *From: *"King, Brian" <Brian.King at markmonitor.com
>     <mailto:Brian.King at markmonitor.com>>
>     *Date: *Tuesday, August 20, 2019 at 3:50 PM
>     *To: *Caitlin Tubergen <caitlin.tubergen at icann.org
>     <mailto:caitlin.tubergen at icann.org>>, "gnso-epdp-legal at icann.org
>     <mailto:gnso-epdp-legal at icann.org>" <gnso-epdp-legal at icann.org
>     <mailto:gnso-epdp-legal at icann.org>>
>     *Subject: *[Ext] RE: For your review: First batch of questions to
>     be sent to EPDP Team for final sign-off
>
>     Hi Team,
>
>     I suggest that the first batch of questions we submit to the team
>     must include Q 2/5 as an “anchor question” since it really
>     solicits the million-dollar answer we need: is such a thing
>     possible without CP liability?
>
>     With that answer, it makes sense to build on the concept by asking
>     Q 7 (what if there’s fraud in such a system?) and Q 9 (can such a
>     system be automated?), but these questions don’t stand alone well
>     without the anchor question.
>
>     So, I’d like to finish the requested tweaks to Q 2/5 by COB
>     tomorrow and get this group’s buy-in quickly so we can get a
>     complete Batch 1 including Q 2/5 to the plenary ASAP. Ok?
>
>     *Brian J. King *
>     Director of Internet Policy and Industry Affairs
>
>     T +1 443 761 3726_
>     markmonitor.com [markmonitor.com]
>     <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.markmonitor.com&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=2pdsBq3FQk-Nkb8vTkUe9hbbsKYG04wNdq9eoO57uok&s=gxFB1Hoy5W0JA-SGc1foAwjaxxzt-97pY3VstkR_aKo&e=>_
>
>     *MarkMonitor
>     *Protecting companies and consumers in a digital world
>
>     *From:*Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org
>     <mailto:gnso-epdp-legal-bounces at icann.org>> *On Behalf Of *Caitlin
>     Tubergen
>     *Sent:* Tuesday, August 20, 2019 2:38 PM
>     *To:* gnso-epdp-legal at icann.org <mailto:gnso-epdp-legal at icann.org>
>     *Subject:* [Gnso-epdp-legal] For your review: First batch of
>     questions to be sent to EPDP Team for final sign-off
>
>     Apologies for the additional email, but please indicate by
>     *Wednesday, 21 August at 16:00 UTC* if you disagree with the
>     inclusion of Q9 in the first batch.
>
>     EPDP Leadership would like to send the first batch of questions to
>     the EPDP Team for its review in advance of Thursday’s meeting.
>
>     Thank you.
>
>
>     Best regards,
>
>     Marika, Berry, and Caitlin
>
>     *From: *Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org
>     <mailto:gnso-epdp-legal-bounces at icann.org>> on behalf of Caitlin
>     Tubergen <caitlin.tubergen at icann.org
>     <mailto:caitlin.tubergen at icann.org>>
>     *Date: *Tuesday, August 20, 2019 at 9:52 AM
>     *To: *"gnso-epdp-legal at icann.org
>     <mailto:gnso-epdp-legal at icann.org>" <gnso-epdp-legal at icann.org
>     <mailto:gnso-epdp-legal at icann.org>>
>     *Subject: *[Gnso-epdp-legal] First batch of questions to be sent
>     to EPDP Team for final sign-off
>
>     Dear EPDP Phase 2 Legal Committee,
>
>     Below, please find the first batch of questions to be sent to the
>     EPDP Team for its final sign-off. Please note, as per the action
>     item from today’s meeting, the requested bullet points from Q2/5
>     were added to Q9. As there was no objection on the call, we have
>     included the question below, but please do let us know if you
>     would prefer to continue discussing Q9 on this list before
>     presenting to the plenary team on Thursday.
>
>     There is time reserved in Thursday’s plenary agenda, during which
>     León has kindly offered to present the below questions to the
>     plenary team.
>
>     *_Batch 1_*
>
>      1. (Formerly Q7) To what extent, if any, are contracted parties
>         liable when a third party that accesses non-public WHOIS data
>         under an accreditation scheme where by the accessor is
>         accredited for the stated purpose, commits to certain
>         reasonable safeguards similar to a code of conduct regarding
>         use of the data, but misrepresents their intended purposes for
>         processing such data, and subsequently processes it in a
>         manner inconsistent with the stated purpose.  Under such
>         circumstances, if there is possibility of liability to
>         contracted parties, are there steps that can be taken to
>         mitigate or reduce the risk of liability to the contracted
>         parties?
>
>      2. (Formerly Q9) Assuming that there is a policy that allows
>         accredited parties to access non-public WHOIS data through an
>         SSAD (and requires the accredited party to commit to certain
>         reasonable safeguards similar to a code of conduct), is it
>         legally permissible under Article 6(1)(f) to:
>
>       * define specific categories of requests from accredited parties
>         (e.g. rapid response to a malware attack or contacting a
>         non-responsive IP infringer), for which there can be automated
>         submissions for non-public WHOIS data, without having to
>         manually verify the qualifications of the accredited parties
>         for each individual disclosure request, and/or
>       * enable automated disclosures of such data, without requiring a
>         manual review by the controller or processor of each
>         individual disclosure request.
>
>     In addition, if it is not possible to automate any of these steps,
>     please provide any guidance for how to perform the balancing test
>     under Article 6(1)(f).
>
>     For reference, please refer to the following potential safeguards:
>
>       * Disclosure is required under CP’s contract with ICANN
>         (resulting from Phase 2 EPDP policy).
>       * CP’s contract with ICANN requires CP to notify the data
>         subject of the purposes for which, and types of entities by
>         which, personal data may be processed. CP is required to
>         notify data subject of this with the opportunity to opt out
>         before the data subject enters into the registration agreement
>         with the CP, and again annually via the ICANN-required
>         registration data accuracy reminder. CP has done so.
>       * ICANN or its designee has validated the requestor’s identity,
>         and required that the requestor:
>
>     orepresents that it has a lawful basis for requesting and
>     processing the data,
>
>     oprovides its lawful basis,
>
>     orepresents that it is requesting only the data necessary for its
>     purpose,
>
>     oagrees to process the data in accordance with GDPR, and
>
>     oagrees to standard contractual clauses for the data transfer.
>
>       * ICANN or its designee logs requests for non-public
>         registration data, regularly audits these logs, takes
>         compliance action against suspected abuse, and makes these
>         logs available upon request by the data subject.
>
>     3. (Formerly Q12/13) In light of the 3 May 2019 correspondence
>     from the European Commission [icann.org]
>     <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_correspondence_odonohue-2Dto-2Dmarby-2D03may19-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8K75qGdDlOta4kh6k2F0jrT195M3tF3J_Fxcz6EvuG2kYKDeA67ZTEnthHXAPVXH&m=2pdsBq3FQk-Nkb8vTkUe9hbbsKYG04wNdq9eoO57uok&s=LfTW_4f8-ycgWqCWGXRxfToxSMw6x9oh4ovjg-D2fYw&e=>,
>     are any updates on the previous memo on 6(1)(b)
>     <https://community.icann.org/download/attachments/102138857/6%281%29%28b%29%20Memo.docx?version=1&modificationDate=1548874809000&api=v2> necessary?
>
>
>     Thank you.
>
>     Best regards,
>
>     Marika, Berry, and Caitlin
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- 
Volker A. Greimann
General Counsel and Policy Manager
*KEY-SYSTEMS GMBH*

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of 
Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in 
England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190822/7c4e5a55/attachment-0001.html>

More information about the Gnso-epdp-legal mailing list