[Gnso-epdp-legal] Reminder: action items from EPDP legal committee call
Rosette, Kristina
rosettek at amazon.com
Wed Jan 2 14:11:52 UTC 2019
All,
I’m still on vacation and have a family obligation momentarily so won’t be on today’s call. I’ve set out below my potential redraft of question 2:
If a registrar permits a registrant, at the time of domain name registration, to self-identify as a natural or legal person, does a registrant’s incorrect self-identification that results in the public display of personal data create liability under GDPR? If so, please advise, for each possible participant in the domain name registration process listed below, if that participant incurs liability.
· Registrar
· Reseller
· Registry Operator
· Backend service provider (for registrar and/or registry operator)
Would providing educational materials to the registrant mitigate any liability risk and, if so, to what extent and for which participant(s)? Please identify any other measures that would mitigate liability risk and, for each, advise on (i) the extent to which that measure mitigates liability risk; and (ii) for which participant(s) in the domain name registration process does that measure mitigate liability risk?
Note: No preference as to whether we use “participant,” “actor,” or some other word. I’ve assumed that counsel knows what a reseller and backend service provider are (alternatively, we can provide definitions, but I haven’t done so here.)
K
From: Gnso-epdp-legal [mailto:gnso-epdp-legal-bounces at icann.org] On Behalf Of Caitlin Tubergen
Sent: Monday, December 31, 2018 9:53 AM
To: Kurt Pritz <kurt at kjpritz.com>; Kapin, Laureen <LKAPIN at ftc.gov>; gnso-epdp-legal at icann.org
Subject: [Gnso-epdp-legal] Reminder: action items from EPDP legal committee call
Hi All,
Happy New Year!
Kind reminder of the action items from our last Legal Committee call.
1. Margie to draft conflict of interest language for this team to review by the end of the week.
2. Thomas to draft CCWG lessons learned, e.g., one law firm preferred, early intervention from Board liaisons preferred, for this team to review by the end of the week.
3. Berry to provide written update on the procurement process.
4. Caitlin to send initial question assignments to team members. (see below)
As a reminder, please independently rewrite the below questions to legal counsel per the following assignments in preparation for our meeting on Wednesday, 2 January:
Question 1: Hadia, Emily, Leon
The EPDP Team also took note of a related footnote which states, “[if contact details for persons other than the RNH are provided] it should be ensured that the individual concerned is informed”. The EPDP Team discussed whether this note implies that it is sufficient for the Registered Name Holder (RNH) to inform the individual it has designated as the technical contact, or whether the registrar may have the additional legal obligations to obtain consent. The EPDP Team agreed to request further clarification from the EDPB on this point. (p. 33 of Initial Report)
Question 2: Laureen, Kristina, Margie
(For the EDPB) If registrars allow registrants to self-identify at the time as a natural or legal person, who will be held liable if the registrant incorrectly self-identifies and personal information is publicly displayed? Apart from self-identification, and educational materials to inform the registrant, are there any other ways in which risk of liability could be mitigated by registrars? (p. 53 of Initial Report)
Question 3: Thomas, Diane, Tatiana
As noted below, the EPDP Team disagreed about the application of Art. 6(1)b, namely, does the reference ‘to which the data subject is party’ limit the use of this lawful basis to only those entities that have a direct contractual relationship with the Registered Name Holder? Similarly, in relation to Art. 6(1)(b), questions arose regarding how to apply “necessary for the performance of a contract”; specifically, does this clause solely relate to the registration and activation of a domain, or, alternatively, could related activities such as fighting DNS abuse also be considered necessary for the performance of a contract? The EPDP Team plans to put these questions forward to the European Data Protection Board (EDPB) to obtain further clarity in order to help inform its deliberations. (p. 57 of the Initial Report)
Our next meeting is on Wednesday, 2 January at 14:00 UTC.
Thank you.
Best regards,
Marika, Berry, and Caitlin
From: Caitlin Tubergen <caitlin.tubergen at icann.org<mailto:caitlin.tubergen at icann.org>>
Date: Wednesday, December 19, 2018 at 1:50 PM
To: Kurt Pritz <kurt at kjpritz.com<mailto:kurt at kjpritz.com>>, "Kapin, Laureen" <LKAPIN at ftc.gov<mailto:LKAPIN at ftc.gov>>, "gnso-epdp-legal at icann.org<mailto:gnso-epdp-legal at icann.org>" <gnso-epdp-legal at icann.org<mailto:gnso-epdp-legal at icann.org>>
Subject: Re: [Gnso-epdp-legal] Proposed Agenda - EPDP Legal Team, Meeting #1
Hi All,
Following up on an action item from today’s call, we randomly assigned the draft EDPB questions to the Legal Team Members, except in cases where volunteers specifically came forward. Of course, if you would prefer to work on a different question, please let us know.
Best regards,
Marika, Berry, and Caitlin
--
Question 1
Team Members: Hadia, Emily, Leon
The EPDP Team also took note of a related footnote which states, “[if contact details for persons other than the RNH are provided] it should be ensured that the individual concerned is informed”. The EPDP Team discussed whether this note implies that it is sufficient for the Registered Name Holder (RNH) to inform the individual it has designated as the technical contact, or whether the registrar may have the additional legal obligations to obtain consent. The EPDP Team agreed to request further clarification from the EDPB on this point. (p. 33 of Initial Report)
Question 2
Team Members: Laureen, Kristina, Margie
(For the EDPB) If registrars allow registrants to self-identify at the time as a natural or legal person, who will be held liable if the registrant incorrectly self-identifies and personal information is publicly displayed? Apart from self-identification, and educational materials to inform the registrant, are there any other ways in which risk of liability could be mitigated by registrars? (p. 53 of Initial Report)
Question 3
Team Members: Thomas, Diane, Tatiana
As noted below, the EPDP Team disagreed about the application of Art. 6(1)b, namely, does the reference ‘to which the data subject is party’ limit the use of this lawful basis to only those entities that have a direct contractual relationship with the Registered Name Holder? Similarly, in relation to Art. 6(1)(b), questions arose regarding how to apply “necessary for the performance of a contract”; specifically, does this clause solely relate to the registration and activation of a domain, or, alternatively, could related activities such as fighting DNS abuse also be considered necessary for the performance of a contract? The EPDP Team plans to put these questions forward to the European Data Protection Board (EDPB) to obtain further clarity in order to help inform its deliberations. (p. 57 of the Initial Report)
From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org<mailto:gnso-epdp-legal-bounces at icann.org>> on behalf of Kurt Pritz <kurt at kjpritz.com<mailto:kurt at kjpritz.com>>
Date: Wednesday, December 19, 2018 at 1:27 PM
To: "Kapin, Laureen" <LKAPIN at ftc.gov<mailto:LKAPIN at ftc.gov>>, "gnso-epdp-legal at icann.org<mailto:gnso-epdp-legal at icann.org>" <gnso-epdp-legal at icann.org<mailto:gnso-epdp-legal at icann.org>>
Subject: Re: [Gnso-epdp-legal] Proposed Agenda - EPDP Legal Team, Meeting #1
Hi Laureen:
Thanks for your question.
First note that the support team has set up an email address for our legal team: gnso-epdp-legal at icann.org<mailto:gnso-epdp-legal at icann.org>
To your question: we ran out of time during the meeting and so I did a poor job of explaining the different question sets.
The first set of questions, the “EDPB questions” are the questions found in the initial report and so are the questions developed through the discussions of the EPDP team. Those are the questions that our group stated should be posed to an outside, independent resource. Those are the questions that we should re-form, if necessary.
The second set of questions, of which there are two, represents the first attempt to take a portion of those three questions and reword them for outside counsel. There are placed in the appendix as a reference.
Our task is to take the first three questions and have them answered.
I hope this is helpful.
Best regards,
Kurt
On Dec 19, 2018, at 7:13 AM, Kapin, Laureen <LKAPIN at ftc.gov<mailto:LKAPIN at ftc.gov>> wrote:
Hi Kurt,
I need some clarity on which questions we are discussing because the appendix has two sets of questions. I thought we were asking for volunteers to tackle the questions to legal counsel (there are two) but then there were references to three questions (the EDPB questions). Before we sort out volunteers it would be helpful to get a common understanding of which questions we’re talking about. I’m interested in tackling question 1 to legal counsel. If we’re discussing the EDPB questions, then I’m interested in question 2.
Laureen Kapin
Counsel for International Consumer Protection
Office of International Affairs
Federal Trade Commission
(202) 326-3237
lkapin at ftc.gov<mailto:lkapin at ftc.gov>
From: Berry Cobb <mail at berrycobb.com<mailto:mail at berrycobb.com>>
Sent: Tuesday, December 18, 2018 5:58 PM
To: kurt at kjpritz.com<mailto:kurt at kjpritz.com>; rafik.dammak at gmail.com<mailto:rafik.dammak at gmail.com>; León Felipe Sánchez Ambía <leonfelipe at sanchez.mx<mailto:leonfelipe at sanchez.mx>>; 'Margie Milam' <margiemilam at fb.com<mailto:margiemilam at fb.com>>; Plaut, Diane <Diane.Plaut at corsearch.com<mailto:Diane.Plaut at corsearch.com>>; Thomas Rickert <thomas at rickert.net<mailto:thomas at rickert.net>>; 'Tatiana Tropina' <tatiana.tropina at gmail.com<mailto:tatiana.tropina at gmail.com>>; rosettek at amazon.com<mailto:rosettek at amazon.com>; Emily Taylor <emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>>; Kapin, Laureen <LKAPIN at ftc.gov<mailto:LKAPIN at ftc.gov>>; 'Hadia Abdelsalam Mokhtar EL miniawi' <Hadia at tra.gov.eg<mailto:Hadia at tra.gov.eg>>; Daniel.Halloran at icann.org<mailto:Daniel.Halloran at icann.org>; Caitlin Tubergen <caitlin.tubergen at icann.org<mailto:caitlin.tubergen at icann.org>>
Cc: Marika Konings <marika.konings at icann.org<mailto:marika.konings at icann.org>>; trang.nguyen at icann.org<mailto:trang.nguyen at icann.org>; Terri Agnew <terri.agnew at icann.org<mailto:terri.agnew at icann.org>>
Subject: Proposed Agenda - EPDP Legal Team, Meeting #1
Hi All,
Please find attached the proposed agenda for the first EPDP Legal Team meeting. We will have a mailman list setup shortly for this group.
Wednesday, 19 December 2018
1. Roll Call & SOI Updates (5 minutes)
2. Confirm EPDP-Legal Team members and designate a Chair:
* EPDP Leadership - Kurt, Rafik
* Board - Leon
* BC - Margie
* IPC - Diane
* ISPCP - Thomas
* NCSG - Tatiana
* RySG - Kristina
* RrSG - Emily
* GAC - Laureen
* ALAC – Hadia
* SSAC - TBD
* Staff - Dan, Caitlin
1. Discuss Legal Team Process and Working Methods (Thomas and Leon to provide experiential lessons from their prior legal team work)
a) How are questions raised to this group; what is the trigger?
b) What is this group’s role (vis-à-vis the EPDP Team) regarding “reforming” the questions?
c) Answering questions, when to use:
1. This group’s own expertise
2. ICANN inside or outside counsel
3. EPDP retained legal counsel
d) What’s is this group’s responsibility for checking back with and reporting to the entire Team?
e) Working methods: what can be done via email vs, when is a meeting required?
f) Scheduling: meeting frequency, ad hoc meetings, etc.
g) Working with provider: do we need an introductory letter?
1. Form EPDP Questions starting from:
a) Questions for EDPB in Initial Report
b) draft Statement of Work
[see Appendix]
1. Wrap and confirm next meeting to be scheduled for Wednesday 2 January 2019 at 14.00 UTC
a) Confirm action items
Thank you.
B
Berry Cobb
GNSO Policy Consultant
@berrycobb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190102/46b68d9e/attachment-0001.html>
More information about the Gnso-epdp-legal
mailing list