[Gnso-epdp-legal] EPDP - Additional Legal Issues (with attachment) [B&B-M.FID11020712]

Gabe Maldoff Gabe.Maldoff at twobirds.com
Fri Mar 8 20:46:09 UTC 2019

Hi Kurt,

Please see our note on the Thick Whois question attached.

If you have any questions, please don't hesitate to ask.

Best regards,
Gabe & Ruth

Gabe Maldoff

Attorney (New York)
Bird & Bird
gabe.maldoff at twobirds.com<mailto:gabe.maldoff at twobirds.com>

Direct   +44 (0)20 7982 6442
Tel       +44 (0)20 7415 6000
Fax      +44 (0)20 7415 6111

Bird & Bird LLP
12 New Fetter Lane
London EC4A 1JP
United Kingdom


[Bird & Bird Logo]

From: Kurt Pritz [mailto:kurt at kjpritz.com]
Sent: 16 February 2019 22:55
To: Ruth Boardman; Gabe Maldoff
Cc: gnso-epdp-legal at icann.org
Subject: EPDP - Additional Legal Issues (with attachment)

Dear Ruth and Gabe:

On behalf of the EPDP Legal Team, I hope this letter finds you both well. I am writing for two reasons.

1. City Name Memorandum.

We found your memo (analysis and conclusions) to be clear. Please take this letter as authorization to continue the research and analysis as indicated in Sections 3.16-3.18 of your memorandum on this topic.

Please let us know if you require an additional consultation before starting this effort.

2. Additional question: “Thick Whois"

The question has to do with the current “Thick Whois” Policy.

Assuming that:

  *   ICANN adopts all of the “purposes" identified in the EPDP current draft version of Recommendation 1,  [see below for reference to those purposes for processing registration data], which addresses processing for the benefit of registries, registrars, ICANN, and third parties, as part of a future Consensus Policy that updates the WHOIS policy to address GDPR concerns
  *   These purposes become incorporated into the relevant registrar and registry agreements with ICANN
  *   There is a prior consensus policy calling for THICK WHOIS that was adopted by the ICANN Board following the Bylaws, that requires the transfer of the WHOIS contact data from the registrars to the registries for reasons that are identified in the Final Report, including ICANN mission related, “substantial benefits from mandating thick instead of thin Whois, including enhanced accessibility and enhanced stability."
Question:  Is there a legal basis under GDPR for a Controller or Processor to justify a transfer of data  elements from registrars to registries to enable the processing called for in these purposes even though the processing  and transfer of data may be to enable processing for the benefit of 3rd parties? I.e., should the resulting policy from the EPDP would continue the requirement for Thick WHOIS?

For supporting your work on this question, please take note of the  Thick Whois Final Report<https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf> (https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf<https://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf>) that describes the policy reasons for the recommendations. See also, https://www.icann.org/resources/pages/thick-whois-2016-06-27-en<https://www.icann.org/resources/pages/thick-whois-2016-06-27-en>.

If you believe that a portion of the meeting records might be helpful to understand the rationale behind the policy recommendations, ICANN will be able to help you with that research.

The current version of the EPDP report is attached and lists the purposes for processing registration data: see page 5, Section 2.1, Recommendation 1.

In discussion this issue among the Team we believe that, because of its complexity, there will be some iteration between the EPDP Legal Team and Bird and Bird before a final memo is delivered. Therefore, please feel free to contact us at any point during your research and analysis.

Final note: Please take note that your input ion these issues will affect Phase 2 or implementation discussions and are not on the critical path for the Final Report on Phase 1 of the EPDP. So while timely input is requested, we are not working against a hard and immediate deadline.

Please let us know if you have any questions.

Best regards,



For information on the international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses (together "Bird & Bird"), our offices, our members and partners, regulatory information, complaints procedure and the use of e-mail see www.twobirds.com/LN 

For our privacy policy, including the types of personal information we collect, how we collect and process that information, who we may share it with in relation to the services we provide and certain rights and options that you have in this respect, see www.twobirds.com/LNPrivacy. If you would like to opt-out of receiving marketing communications from Bird & Bird, please visit https://sites-twobirds.vuture.net/5/52/landing-pages/unsubscribe-blank.asp. Opting out of receiving marketing communications will not affect our continuing communications with you for the provision of our legal services.

Any e-mail sent from Bird & Bird may contain information which is confidential and/or privileged. Unless you are the intended recipient, you may not disclose, copy or use it; please notify the sender immediately and delete it and any copies from your systems. You should protect your system from viruses etc.; we accept no responsibility for damage that may be caused by them. 

For the terms on which we receive from, hold for or make available to a client or third party client money see www.twobirds.com/CM 

Bird & Bird LLP, a limited liability partnership, registered in England and Wales with registered number OC340318, with its registered office and principal place of business at 12 New Fetter Lane, London EC4A 1JP, is authorised and regulated by the Solicitors Regulation Authority, whose professional rules and code may be found at www.sra.org.uk/handbook/ 

A list of members of Bird & Bird LLP and of any non-members who are designated as partners, being lawyers or other professionals with equivalent standing or qualifications, and of their respective professional qualifications, is open to inspection at its registered office.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190308/80817d1c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ICANN - Memo on thick Whois.DOCX
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 440675 bytes
Desc: ICANN - Memo on thick Whois.DOCX
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20190308/80817d1c/ICANN-MemoonthickWhois-0001.DOCX>

More information about the Gnso-epdp-legal mailing list