[Gnso-epdp-legal] Additional Question From Today's Call

Fri Feb 8 13:54:06 UTC 2019

Hi Margie

Thanks for posting your proposed additional question for Bird & Bird.  I
was not able to be on the last call, so I may well have missed some context.

I am not able to support the proposed additional question for Counsel at
this stage.

So much has changed (including the legal environment) since the consensus
policy on Thick WHOIS, and this EPDP group is not tasked with reviewing
that policy, I worry that the reference may just be confusing at best or
unhelpful at worst.  I"m not sure that we even need to bring in the concept
of Thick WHOIS at this point. The key issue, as I understand it, is whether
or not there is a legally justifiable transfer of gTLD registration data
from registrar to registry.

A proposed edit would be -

Assuming that:

   - ICANN adopts all of the purposes identified in the current draft
   version of Recommendation 1,  [ICANN TO SEND LIST OF PURPOSES] which
   addresses processing for the benefit of registries, registrars, ICANN, and
   third parties, as part of a future Consensus Policy that updates the WHOIS
   policy to address GDPR concerns
   - These purposes become incorporated into the relevant registrar and
   registry agreements with ICANN
   - Registrars continue to collect registration data, and there is a
   contractual requirement to transfer some or all of the data set from
   registrar to registry.

*Can a controller or processor justify a transfer of data (for example from
registrar to registry) solely on the basis that a 3rd party may require
disclosure at some point in the future, for the the purposes of upholding
the 'Security Stability and Resiliency' of the DNS, as defined in ICANN's
bylaws? If not, what other justifications could be made to justify such a
data transfer?*

However, I'm not convinced that external legal counsel will be the best
people to ask?  I think that our EPDP plenary group is well placed to work
through these issues as we continue our work in Phase II.

Best wishes

Emily

On Wed, Feb 6, 2019 at 7:33 PM Margie Milam <margiemilam at fb.com> wrote:

> Hi-
>
>
>
> Following up on today’s call, here is a draft legal question to pose to
> Ruth:
>
>
>
> Assuming that:
>
>
>
>    - ICANN adopts all of the purposes identified in the current draft
>    version of Recommendation 1,  [ICANN TO SEND LIST OF PURPOSES] which
>    addresses processing for the benefit of registries, registrars, ICANN, and
>    third parties, as part of a future Consensus Policy that updates the WHOIS
>    policy to address GDPR concerns
>    - These purposes become incorporated into the relevant registrar and
>    registry agreements with ICANN
>    - There is a prior consensus policy calling for THICK WHOIS that was
>    adopted by the ICANN Board following the Bylaws, that requires the transfer
>    of the WHOIS contact data from the registrars to the registries for reasons
>    that are identified in the Final Report,  including  “*substantial
>    benefits from mandating thick instead of thin Whois, including enhanced
>    accessibility and enhanced stability.”*
>    - The resulting policy from the EPDP would continue the requirement
>    for Thick WHOIS
>
>
>
> *Question:*  is there a legal basis under GDPR to support the requirement
> of a transfer of data elements from registrars to registries to enable the
> processing called for in these purposes even though the processing  and
> transfer of data may be to enable processing for the benefit of 3rd
> parties (e.g. Purposes 2, 3, 5, 6) rather than for the registry’s purposes
> (Purpose 1)?
>
>
>
> Looking forward to your comments.
>
>
>
> All the best,
>
>
>
> Margie
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal

-- 

Emily Taylor

CEO, Oxford Information Labs
*MA (Cantab), Solicitor (non-practising), MBA, *

*A**ssociate Fellow, Chatham House; Editor, Journal of Cyber Policy*

Lincoln House, Pony Road, Oxford OX4 2RD | T: 01865 582885
E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322

<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>

Registered office: Lincoln House, 4 Pony Road, Oxford OX4 2RD. Registered
in England and Wales No. 4520925. VAT No. 799526263

.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190208/0db3e58b/attachment.html>