[Gnso-epdp-legal] [Ext] RE: For your review: First batch of questions to be sent to EPDP Team for final sign-off
Caitlin Tubergen
caitlin.tubergen at icann.org
Thu Aug 22 13:26:57 UTC 2019
Thank you, Brian, Thomas, and Volker.
EPDP Leadership has noted the points below and has agreed to postpone the discussion of the approved legal questions until next week, when the anchor question will be available.
León will give a short update during today’s plenary meeting, but we will ask the Team to await the updated questions.
Best regards,
Marika, Berry, and Caitlin
From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> on behalf of Volker Greimann <vgreimann at key-systems.net>
Date: Thursday, August 22, 2019 at 5:01 AM
To: "gnso-epdp-legal at icann.org" <gnso-epdp-legal at icann.org>
Subject: Re: [Gnso-epdp-legal] [Ext] RE: For your review: First batch of questions to be sent to EPDP Team for final sign-off
Just adding my support for this approach.
Am 22.08.2019 um 13:42 schrieb Thomas Rickert (eco):
Hi Caitlin,
I would like to subscribe to Brian’s note. The anchor question is pretty decisive for what we are doing. Delaying that will have an impact on our work and timeline. Maybe our dear leadership team is willing to reconsider. But, as Brian, I will respect any decision made on this.
Thomas
*****
rickert.law
On Wed, Aug 21, 2019 at 11:00 PM +0200, "King, Brian via Gnso-epdp-legal" <gnso-epdp-legal at icann.org> wrote:
Hi Caitlin,
You’re welcome. While I slightly disagree with that approach as I’d rather have the anchor question introduced with the others, I will respect that decision, and I look forward to a productive call tomorrow.
Thank you.
Brian J. King
Director of Internet Policy and Industry Affairs
T +1 443 761 3726
markmonitor.com [markmonitor.com]
MarkMonitor
Protecting companies and consumers in a digital world
From: Caitlin Tubergen <caitlin.tubergen at icann.org>
Sent: Wednesday, August 21, 2019 4:32 PM
To: King, Brian <Brian.King at markmonitor.com>
Cc: gnso-epdp-legal at icann.org
Subject: Re: [Ext] RE: For your review: First batch of questions to be sent to EPDP Team for final sign-off
Hi Brian,
Thank you for the message, and thank to you and Thomas for quickly reverting to the Legal Committee with the updated language for Q 2/5.
EPDP Leadership is keen to show the plenary team some progress from the Legal Committee during tomorrow’s call. We do understand how the anchor question informs the other questions the Legal Committee has been working on. Because the other members of the Legal Committee will not have sufficient time to review the updated text by the provided deadline of 16:00 UTC, we will send the first batch of questions to the plenary team but note that an anchor question regarding contracted party liability will be forthcoming soon.
Thank you.
Best regards,
Marika, Berry, and Caitlin
From: "King, Brian" <Brian.King at markmonitor.com>
Date: Tuesday, August 20, 2019 at 3:50 PM
To: Caitlin Tubergen <caitlin.tubergen at icann.org>, "gnso-epdp-legal at icann.org" <gnso-epdp-legal at icann.org>
Subject: [Ext] RE: For your review: First batch of questions to be sent to EPDP Team for final sign-off
Hi Team,
I suggest that the first batch of questions we submit to the team must include Q 2/5 as an “anchor question” since it really solicits the million-dollar answer we need: is such a thing possible without CP liability?
With that answer, it makes sense to build on the concept by asking Q 7 (what if there’s fraud in such a system?) and Q 9 (can such a system be automated?), but these questions don’t stand alone well without the anchor question.
So, I’d like to finish the requested tweaks to Q 2/5 by COB tomorrow and get this group’s buy-in quickly so we can get a complete Batch 1 including Q 2/5 to the plenary ASAP. Ok?
Brian J. King
Director of Internet Policy and Industry Affairs
T +1 443 761 3726
markmonitor.com [markmonitor.com]
MarkMonitor
Protecting companies and consumers in a digital world
From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> On Behalf Of Caitlin Tubergen
Sent: Tuesday, August 20, 2019 2:38 PM
To: gnso-epdp-legal at icann.org
Subject: [Gnso-epdp-legal] For your review: First batch of questions to be sent to EPDP Team for final sign-off
Apologies for the additional email, but please indicate by Wednesday, 21 August at 16:00 UTC if you disagree with the inclusion of Q9 in the first batch.
EPDP Leadership would like to send the first batch of questions to the EPDP Team for its review in advance of Thursday’s meeting.
Thank you.
Best regards,
Marika, Berry, and Caitlin
From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> on behalf of Caitlin Tubergen <caitlin.tubergen at icann.org>
Date: Tuesday, August 20, 2019 at 9:52 AM
To: "gnso-epdp-legal at icann.org" <gnso-epdp-legal at icann.org>
Subject: [Gnso-epdp-legal] First batch of questions to be sent to EPDP Team for final sign-off
Dear EPDP Phase 2 Legal Committee,
Below, please find the first batch of questions to be sent to the EPDP Team for its final sign-off. Please note, as per the action item from today’s meeting, the requested bullet points from Q2/5 were added to Q9. As there was no objection on the call, we have included the question below, but please do let us know if you would prefer to continue discussing Q9 on this list before presenting to the plenary team on Thursday.
There is time reserved in Thursday’s plenary agenda, during which León has kindly offered to present the below questions to the plenary team.
Batch 1
(Formerly Q7) To what extent, if any, are contracted parties liable when a third party that accesses non-public WHOIS data under an accreditation scheme where by the accessor is accredited for the stated purpose, commits to certain reasonable safeguards similar to a code of conduct regarding use of the data, but misrepresents their intended purposes for processing such data, and subsequently processes it in a manner inconsistent with the stated purpose. Under such circumstances, if there is possibility of liability to contracted parties, are there steps that can be taken to mitigate or reduce the risk of liability to the contracted parties?
(Formerly Q9) Assuming that there is a policy that allows accredited parties to access non-public WHOIS data through an SSAD (and requires the accredited party to commit to certain reasonable safeguards similar to a code of conduct), is it legally permissible under Article 6(1)(f) to:
define specific categories of requests from accredited parties (e.g. rapid response to a malware attack or contacting a non-responsive IP infringer), for which there can be automated submissions for non-public WHOIS data, without having to manually verify the qualifications of the accredited parties for each individual disclosure request, and/or
enable automated disclosures of such data, without requiring a manual review by the controller or processor of each individual disclosure request.
In addition, if it is not possible to automate any of these steps, please provide any guidance for how to perform the balancing test under Article 6(1)(f).
For reference, please refer to the following potential safeguards:
Disclosure is required under CP’s contract with ICANN (resulting from Phase 2 EPDP policy).
CP’s contract with ICANN requires CP to notify the data subject of the purposes for which, and types of entities by which, personal data may be processed. CP is required to notify data subject of this with the opportunity to opt out before the data subject enters into the registration agreement with the CP, and again annually via the ICANN-required registration data accuracy reminder. CP has done so.
ICANN or its designee has validated the requestor’s identity, and required that the requestor:
o represents that it has a lawful basis for requesting and processing the data,
o provides its lawful basis,
o represents that it is requesting only the data necessary for its purpose,
o agrees to process the data in accordance with GDPR, and
o agrees to standard contractual clauses for the data transfer.
ICANN or its designee logs requests for non-public registration data, regularly audits these logs, takes compliance action against suspected abuse, and makes these logs available upon request by the data subject.
3. (Formerly Q12/13) In light of the 3 May 2019 correspondence from the European Commission [icann.org], are any updates on the previous memo on 6(1)(b) necessary?
Thank you.
Best regards,
Marika, Berry, and Caitlin
_______________________________________________
Gnso-epdp-legal mailing list
Gnso-epdp-legal at icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy [icann.org]) and the website Terms of Service (https://www.icann.org/privacy/tos [icann.org]). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
--
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH
T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net [key-systems.net]
Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin
Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190822/dd969129/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190822/dd969129/smime-0001.p7s>
More information about the Gnso-epdp-legal
mailing list