[Gnso-epdp-legal] EPDP - Additional Legal Issues (with attachment) [B&B-M.FID11020712]
Gabe.Maldoff at twobirds.com
Fri Mar 8 20:46:09 UTC 2019
Please see our note on the Thick Whois question attached.
If you have any questions, please don't hesitate to ask.
Gabe & Ruth
Attorney (New York)
Bird & Bird
gabe.maldoff at twobirds.com<mailto:gabe.maldoff at twobirds.com>
Direct +44 (0)20 7982 6442
Tel +44 (0)20 7415 6000
Fax +44 (0)20 7415 6111
Bird & Bird LLP
12 New Fetter Lane
London EC4A 1JP
[Bird & Bird Logo]
From: Kurt Pritz [mailto:kurt at kjpritz.com]
Sent: 16 February 2019 22:55
To: Ruth Boardman; Gabe Maldoff
Cc: gnso-epdp-legal at icann.org
Subject: EPDP - Additional Legal Issues (with attachment)
Dear Ruth and Gabe:
On behalf of the EPDP Legal Team, I hope this letter finds you both well. I am writing for two reasons.
1. City Name Memorandum.
We found your memo (analysis and conclusions) to be clear. Please take this letter as authorization to continue the research and analysis as indicated in Sections 3.16-3.18 of your memorandum on this topic.
Please let us know if you require an additional consultation before starting this effort.
2. Additional question: “Thick Whois"
The question has to do with the current “Thick Whois” Policy.
* ICANN adopts all of the “purposes" identified in the EPDP current draft version of Recommendation 1, [see below for reference to those purposes for processing registration data], which addresses processing for the benefit of registries, registrars, ICANN, and third parties, as part of a future Consensus Policy that updates the WHOIS policy to address GDPR concerns
* These purposes become incorporated into the relevant registrar and registry agreements with ICANN
* There is a prior consensus policy calling for THICK WHOIS that was adopted by the ICANN Board following the Bylaws, that requires the transfer of the WHOIS contact data from the registrars to the registries for reasons that are identified in the Final Report, including ICANN mission related, “substantial benefits from mandating thick instead of thin Whois, including enhanced accessibility and enhanced stability."
Question: Is there a legal basis under GDPR for a Controller or Processor to justify a transfer of data elements from registrars to registries to enable the processing called for in these purposes even though the processing and transfer of data may be to enable processing for the benefit of 3rd parties? I.e., should the resulting policy from the EPDP would continue the requirement for Thick WHOIS?
For supporting your work on this question, please take note of the Thick Whois Final Report<https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf> (https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf<https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf>) that describes the policy reasons for the recommendations. See also, https://www.icann.org/resources/pages/thick-whois-2016-06-27-en<https://www.icann.org/resources/pages/thick-whois-2016-06-27-en>.
If you believe that a portion of the meeting records might be helpful to understand the rationale behind the policy recommendations, ICANN will be able to help you with that research.
The current version of the EPDP report is attached and lists the purposes for processing registration data: see page 5, Section 2.1, Recommendation 1.
In discussion this issue among the Team we believe that, because of its complexity, there will be some iteration between the EPDP Legal Team and Bird and Bird before a final memo is delivered. Therefore, please feel free to contact us at any point during your research and analysis.
Final note: Please take note that your input ion these issues will affect Phase 2 or implementation discussions and are not on the critical path for the Final Report on Phase 1 of the EPDP. So while timely input is requested, we are not working against a hard and immediate deadline.
Please let us know if you have any questions.
BIRD & BIRD
For information on the international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses (together "Bird & Bird"), our offices, our members and partners, regulatory information, complaints procedure and the use of e-mail see www.twobirds.com/LN
Any e-mail sent from Bird & Bird may contain information which is confidential and/or privileged. Unless you are the intended recipient, you may not disclose, copy or use it; please notify the sender immediately and delete it and any copies from your systems. You should protect your system from viruses etc.; we accept no responsibility for damage that may be caused by them.
For the terms on which we receive from, hold for or make available to a client or third party client money see www.twobirds.com/CM
Bird & Bird LLP, a limited liability partnership, registered in England and Wales with registered number OC340318, with its registered office and principal place of business at 12 New Fetter Lane, London EC4A 1JP, is authorised and regulated by the Solicitors Regulation Authority, whose professional rules and code may be found at www.sra.org.uk/handbook/
A list of members of Bird & Bird LLP and of any non-members who are designated as partners, being lawyers or other professionals with equivalent standing or qualifications, and of their respective professional qualifications, is open to inspection at its registered office.
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ICANN - Memo on thick Whois.DOCX
Size: 440675 bytes
Desc: ICANN - Memo on thick Whois.DOCX
More information about the Gnso-epdp-legal