[Gnso-epdp-legal] Notes, action items - EPDP Legal Committee Meeting - 23 Jan 2019

Wed Jan 23 15:31:30 UTC 2019

Dear All, 

Please find notes and action items from today’s EPDP Legal Committee meeting. 

Per the Support Team’s action item, please find the two questions from Kurt’s email and the proposed question from Amr for editing: https://docs.google.com/document/d/1EkW2Fa1nN_57NsiOZlFlOz_bhC2eQCKXAlGi_TBHC_s/edit?usp=sharing.

Best regards,

Marika, Berry, and Caitlin

Action item #1: EPDP Support Staff to set up Google Doc with draft questions. COMPLETE. 

Action item #2: Legal Committee members to propose edits to legal questions in advance of next Legal Committee meeting.

23 January 2019

Legal Committee Meeting

Proposed additional questions for Ruth

City Field

Regarding the "city" field, it is important to know what fields would be seen in connection with the city field (show the fields that are redacted vs. not redacted)
The city field is PII, so we should accept that as fact. The question is whether we have a legal basis the city with state/province and country. (the IP/BC argument)
Replace the word "disclosure" with "publication". We're asking this question regarding if this field can be published in a public directory. There may be concerns with referring to other advice that has been provided, but in this instance, it may be important to point her to input that has already been received on this issue. Specifically, the advice the RDS WG received could be helpful here.
It may be helpful for people who suggest revisions to post them in the chat.
It would be helpful to collect feedback on questions but refrain from drafting by committee. 
Volunteers can then flesh the questions out based on the feedback received.

WHOIS Accuracy 

Do the accuracy requirements under GDPR only apply to rectification by the data subject?
Are there requirements above and beyond accurately inputting the data given by the data subject? Does the controller/processor need to validate the data for accuracy?
Suggestion to create google doc on "suggestion mode" to propose edits
What scenarios would lead to registrars being in violation of the agreement?
We understand that the obligation to accurately record data as provided by the registrar is covered by Art. 5 I d GDPR. Are there additional requirements for the registrar to validate the accuracy of data elements, i.e. whether the data provided by the data subject is free of errors.
It's not just about being free of errors - it should not be this precise. "accurate" is better than "free of errors"
The additional question I’d like to propose asking is on the EDPB Guidance on territorial scope of GDPR, particularly the issue of ICANN having stable establishments within the EU, and how this impacts its responsibilities as a data controller. To me, the EDPB guidance suggests that ICANN, as a controller with stable establishments within the EU, might be required to comply with GDPR. My understanding is that this might be applicable even if processing activities (including registrar/reseller collection of data from RNH) take place outside of the EU. This might be helpful to the EPDP Team in determining whether or not the differentiation of practices for RNH based on their geo location is legally feasible, or not.
ICANN's activities within the EU need to be mapped out against what constitutes a "stable establishment". This would be necessary to answer the question
If a controller not based in the EU has a "stable establishment" within the EU, the processing would need to be GDPR compliant.
How does this impact the EPDP Team's policy work?
The geo indicators question is on tomorrow's plenary agenda. Based on that conversation, the LC could consider taking the question further.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190123/69ea6572/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4621 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190123/69ea6572/smime.p7s>