[Gnso-epdp-legal] Agenda and Additional Questions

[Kurt Pritz]

Dear Legal Team: 

For tomorrow’s meeting, we are likely to have some feedback from Ruth on some or all of our three questions. In today’s meeting (and in Toronto) we discussed two questions that might e submitted to legal counsel. We should discuss these and, if we so decide, send them on to legal counsel. I have taken a rough stab at these to kick off the discussion; they might be sent as some form of: 

Two legal issues or questions were raised in our last EPDP meeting: 

One is whether the data field for City is personal data or could result in unconsented disclosure of personal data and thus should be redacted from the data that is made publicly available in Whois.  - where the City is part of the address of the Registered Name Holder. What bases are there in the GDPR, its official advisories and interpretations, and in practices similar to our own for making such a determination.

The second has to do with “accuracy." Some in the group cite the GDPR requirement (article xx) for the data controller to maintain accurate data as a requirement for this group to undertake an examination of how accuracy is currently defined in the contracts between ICANN and the registrars and possibly require changes to those methods. Others maintain that the GDPR requirement is to accurately record, maintain and process the data provided by the data subject and to update that information as informed by the data subject. 

I hope this is a helpful start to tomorrow’s discussion. 

Best regards,

Kurt