[Gnso-epdp-legal] Additional Question From Today's Call

Emily Taylor emily.taylor at oxil.co.uk
Fri Feb 15 14:54:58 UTC 2019


Hi Kurt

Thanks for your suggestions. I agree with your proposed way forward.

Best wishes

Emily

On Thu, Feb 14, 2019 at 8:23 PM Kapin, Laureen via Gnso-epdp-legal <
gnso-epdp-legal at icann.org> wrote:

> And that Bird and Bird should continue their analysis regarding the “city”
> field.
>
>
>
>
>
> Laureen Kapin
>
> Counsel for International Consumer Protection
>
> Office of International Affairs
>
> Federal Trade Commission
>
> (202) 326-3237
>
> lkapin at ftc.gov
>
>
>
> *From:* Kapin, Laureen
> *Sent:* Thursday, February 14, 2019 3:22 PM
> *To:* 'Kurt Pritz' <kurt at kjpritz.com>; gnso-epdp-legal at icann.org
> *Subject:* RE: [Gnso-epdp-legal] Additional Question From Today's Call
>
>
>
> Kurt,
>
>
>
>   I agree that it would be useful to circulate this advice to the full
> team.
>
>
>
>
>
> Laureen Kapin
>
> Counsel for International Consumer Protection
>
> Office of International Affairs
>
> Federal Trade Commission
>
> (202) 326-3237
>
> lkapin at ftc.gov
>
>
>
> *From:* Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> *On Behalf Of
> *Kurt Pritz
> *Sent:* Thursday, February 14, 2019 3:13 PM
> *To:* gnso-epdp-legal at icann.org
> *Subject:* Re: [Gnso-epdp-legal] Additional Question From Today's Call
>
>
>
> Hi Everyone:
>
>
>
> I know you are all extremely busy and apologize for the lateness in coming
> back to these issues:
>
>
>
> I
>
>
>
> We have received two pieces of legal advice: on data accuracy and the
> possible redaction of ‘city name’ form Bird & Bird.
>
>
>
> 1) Should we forward these on the the full Team?
>
> 2) Should we ask Bird and Bird to carry on with the next part of their
> analysis of the city name issue?
>
>
>
> I think the answer to both of these is ‘yes’; please let me know if you
> concur. Even though the analysis of the city name issue is likely to extend
> into Phase 2, I think a response received during Phase 2 would fit well
> with the existing recommendation.
>
>
>
>
>
> II
>
>
>
> I believe the question of a legal basis for thick whois requires a
> detailed legal analysis and also believe we should start the process. My
> experience in working with Bird and Bird so far is that they read the
> questions carefully and extract the intent as well as the meaning of the
> written word so that the precise wording is not critical. I also believe
> that, because of the complexity, there will be some iteration between the
> legal team and B&B before a final memo is delivered.
>
>
>
> Thinking about the materials that B&B will require, I think will want them
> to read the Thick Whois Final Report carefully and probably will also want
> to read a portion of the record to understand the rationale behind the
> policy recommendations. We can refer to ICANN’s Stability and Security
> Mission as Emily suggests but also should refer B&B to theThick Whois
> Policy team’s record to describe the possible legal basis for Thick Whois.
> I.e., I think it is better for B&B to look for justifications in the record
> rather than ask B&B for other possible justifications.
>
>
>
> So,
>
>
>
> Assuming that:
>
>    - ICANN adopts all of the purposes identified in the current draft
>    version of Recommendation 1,  [ICANN TO SEND LIST OF PURPOSES] which
>    addresses processing for the benefit of registries, registrars, ICANN, and
>    third parties, as part of a future Consensus Policy that updates the WHOIS
>    policy to address GDPR concerns
>    - These purposes become incorporated into the relevant registrar and
>    registry agreements with ICANN
>    - There is a prior consensus policy calling for THICK WHOIS that was
>    adopted by the ICANN Board following the Bylaws, that requires the transfer
>    of the WHOIS contact data from the registrars to the registries for reasons
>    that are identified in the Final Report, including ICANN mission related,
>    “substantial benefits from mandating thick instead of thin Whois, including
>    enhanced accessibility and enhanced stability."
>
> Question:  Is there a legal basis under GDPR for a Controller or Processor
> to justify a transfer of data  elements from registrars to registries to
> enable the processing called for in these purposes even though the
> processing  and transfer of data may be to enable processing for the
> benefit of 3rd parties? I.e., should the resulting policy from the EPDP
> would continue the requirement for Thick WHOIS?
>
>
>
> Let me know of your edits to this question.
>
>
>
> Thanks for thinking about this at this time,
>
>
>
> Kurt
>
>
>
>
>
>
>
> On Feb 8, 2019, at 5:54 AM, Emily Taylor <emily.taylor at oxil.co.uk> wrote:
>
>
>
> Hi Margie
>
>
> Thanks for posting your proposed additional question for Bird & Bird.  I
> was not able to be on the last call, so I may well have missed some context.
>
>
>
> I am not able to support the proposed additional question for Counsel at
> this stage.
>
>
>
> So much has changed (including the legal environment) since the consensus
> policy on Thick WHOIS, and this EPDP group is not tasked with reviewing
> that policy, I worry that the reference may just be confusing at best or
> unhelpful at worst.  I"m not sure that we even need to bring in the concept
> of Thick WHOIS at this point. The key issue, as I understand it, is whether
> or not there is a legally justifiable transfer of gTLD registration data
> from registrar to registry.
>
>
>
> A proposed edit would be -
>
>
>
> Assuming that:
>
>
>
> ·        ICANN adopts all of the purposes identified in the current draft
> version of Recommendation 1,  [ICANN TO SEND LIST OF PURPOSES] which
> addresses processing for the benefit of registries, registrars, ICANN, and
> third parties, as part of a future Consensus Policy that updates the WHOIS
> policy to address GDPR concerns
>
> ·        These purposes become incorporated into the relevant registrar
> and registry agreements with ICANN
>
> ·        Registrars continue to collect registration data, and there is a
> contractual requirement to transfer some or all of the data set from
> registrar to registry.
>
>
>
> *Can a controller or processor justify a transfer of data (for example
> from registrar to registry) solely on the basis that a 3rd party may
> require disclosure at some point in the future, for the the purposes of
> upholding the 'Security Stability and Resiliency' of the DNS, as defined in
> ICANN's bylaws? If not, what other justifications could be made to justify
> such a data transfer?*
>
>
>
> However, I'm not convinced that external legal counsel will be the best
> people to ask?  I think that our EPDP plenary group is well placed to work
> through these issues as we continue our work in Phase II.
>
>
>
> Best wishes
>
>
> Emily
>
>
>
>
>
> On Wed, Feb 6, 2019 at 7:33 PM Margie Milam <margiemilam at fb.com> wrote:
>
> Hi-
>
>
>
> Following up on today’s call, here is a draft legal question to pose to
> Ruth:
>
>
>
> Assuming that:
>
>
>
> ·        ICANN adopts all of the purposes identified in the current draft
> version of Recommendation 1,  [ICANN TO SEND LIST OF PURPOSES] which
> addresses processing for the benefit of registries, registrars, ICANN, and
> third parties, as part of a future Consensus Policy that updates the WHOIS
> policy to address GDPR concerns
>
> ·        These purposes become incorporated into the relevant registrar
> and registry agreements with ICANN
>
> ·        There is a prior consensus policy calling for THICK WHOIS that
> was adopted by the ICANN Board following the Bylaws, that requires the
> transfer of the WHOIS contact data from the registrars to the registries
> for reasons that are identified in the Final Report,  including  “*substantial
> benefits from mandating thick instead of thin Whois, including enhanced
> accessibility and enhanced stability.”*
>
> ·        The resulting policy from the EPDP would continue the
> requirement for Thick WHOIS
>
>
>
> *Question:*  is there a legal basis under GDPR to support the requirement
> of a transfer of data elements from registrars to registries to enable the
> processing called for in these purposes even though the processing  and
> transfer of data may be to enable processing for the benefit of 3rd
> parties (e.g. Purposes 2, 3, 5, 6) rather than for the registry’s purposes
> (Purpose 1)?
>
>
>
> Looking forward to your comments.
>
>
>
> All the best,
>
>
>
> Margie
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
>
>
>
>
> --
>
> *Emily Taylor*
>
> CEO, Oxford Information Labs
> *MA (Cantab), Solicitor (non-practising), MBA, *
>
> *Associate Fellow, Chatham House; Editor, Journal of Cyber Policy*
>
> Lincoln House, Pony Road, Oxford OX4 2RD | T: 01865 582885
> E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
>
>
>
> <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
> <http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
>
>
>
> Registered office: Lincoln House, 4 Pony Road, Oxford OX4 2RD. Registered
> in England and Wales No. 4520925. VAT No. 799526263
>
> .
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal



-- 

Emily Taylor

CEO, Oxford Information Labs
*MA (Cantab), Solicitor (non-practising), MBA, *

*A**ssociate Fellow, Chatham House; Editor, Journal of Cyber Policy*

Lincoln House, Pony Road, Oxford OX4 2RD | T: 01865 582885
E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322

<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>
<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>


Registered office: Lincoln House, 4 Pony Road, Oxford OX4 2RD. Registered
in England and Wales No. 4520925. VAT No. 799526263

.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190215/bf2b36a2/attachment-0001.html>


More information about the Gnso-epdp-legal mailing list