[Gnso-epdp-legal] High-level notes and action items from Legal Committee Call #11

Volker Greimann vgreimann at key-systems.net
Wed Dec 4 09:42:42 UTC 2019 

Hi Team

Here are the original five questions on the topic:

1. What is the legal risk associated with publishing a pseudononymized 
email address?2. Does it matter which technique was used to implement 
the pseudonimazation?  If so, which are preferred?

1. Is a uniform anonymized email address considered Personal Data as it 
can be tied to an identifiable person? Would this be different if it is 
pseudonymized vs anonymized? 2. If a uniform anonymized email address is 
considered Personal Data, what are the legal and privacy effects of 
including it in a public registration directory? 3. Is a uniform 
anonymized identifier considered Personal Data as it can be tied to an 
identifiable person?

I feel if we really want to ask these, they need more meat on the bone 
and should be combined into a unified question. To do that, we would 
first have to agree on what we want to be asking, e.g. what we actually 
mean by these terms. As a suggestion, please find the below alternative 
question: "The group has discussed the option of replacing the email 
address provided by the data subject with a alternate email address that 
would in and of itself not identify the data subject (Example: 
'sfjgsdfsafgkas at pseudo.nym'). With this approach, two options emerged in 
the discussion, where (a) the same unique string would be used for 
multiple registrations by the data subject ('pseudonymisation'), or (b) 
the string would be unique for each registration ('anonymization'). 
Under option (a), the identity of the data subject might - but need not 
necessarily - become identifiable by cross-referencing the content of 
all domain name registrations the string is used for.

 From these options, the following question arose:

1) Under options (a) and/or (b), would the the alternate address have to 
be be considered as personal data of the data subject under the GDPR and 
what would be the legal consequences and risks of this determination 
with regard to the proposed publication of this string in the publicly 
accessible part of the registration data service (RDS)? "

Discussions welcome.

Best,

Volker


Am 04.12.2019 um 06:11 schrieb Caitlin Tubergen:
>
> Dear Legal Committee:
>
> Please find below high-level notes and action items from today’s Legal 
> Committee meeting:
>
> *_Action Items and High-Level Notes_*
>
> 1.Q11 on reverse WHOIS look ups, which now incorporates Thomas’ 
> footnote, will be sent to the EPDP Team for their review once the Team 
> has signed off on the draft question in item 2 below.
>
>  2. Following the Legal Committee’s review of the Google Right to be
>     Forgotten case, Legal Committee agreed to send an updated question
>     (proposed by Becky) to the plenary team to review. New question
>     reads as follows: /In light of the finalized guidelines on the
>     territorial scope of the GDPR and the ECJ opinion on regarding the
>     right to be forgotten (Google case), are there any modifications
>     you would propose to your previous memo on the territorial scope
>     of the GDPR?/
>  3. Legal Committee to review the updated memo summaries, which now
>     include edits from Bird & Bird, and note any concerns by *COB
>     Friday, 6 December*. If no objections are expressed, EPDP Support
>     Staff will incorporate the edits and send to the plenary team for
>     its review. (Please see attached.)
>  4. Volker to reformulate Priority 2 pseudonymous email address
>     questions in advance of the next Legal Committee call, *COB
>     Monday, 16 December*. (Support Staff to follow up with Volker
>     directly regarding more specificity with this assignment.)
>  5. Matthew to redraft Priority 2 Legal vs. Natural Q1, Q5, and Q6
>     focusing on a clarifying question on what accuracy means in this
>     context and who the accuracy rights flow to.
>  6. Becky to reach out to Tara re: Priority 2 Legal vs. Natural Q11
>     (submitted by SSAC) in order to provide a rationale for further
>     discussion on the next Legal Committee Call.
>
> Thank you.
>
> Best regards,
>
> Marika, Berry, and Caitlin
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- 
Volker A. Greimann
General Counsel and Policy Manager
*KEY-SYSTEMS GMBH*

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of 
Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in 
England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20191204/db289f47/attachment-0001.html>

More information about the Gnso-epdp-legal mailing list