[Gnso-epdp-legal] Legal Committee Action Items and Homework - 7 Jan 2019

Caitlin Tubergen caitlin.tubergen at icann.org
Tue Jan 7 21:39:53 UTC 2020 

Dear Legal Committee:

 

Please find below the action items and homework from today’s call. As Becky has requested, please complete all remaining action items as soon as possible so we can share the updated slate of questions with the plenary team by Thursday, 16 January. In order to share the questions by next Thursday, the updated homework will need to be submitted and signed off by the Legal Committee well in advance of Thursday, 16 January. 

 

We have attached two documents to this message:
Bird & Bird’s Phase 1 Memo on data accuracy
Approved questions awaiting plenary review (note, the questions approved during today’s meeting are also included)
 

Further to Becky’s request to notify Bird & Bird of forthcoming questions, we reached out to Bird & Bird and provided questions in draft form (in order to size the review effort), noting the questions are not yet final and more will be forthcoming. Bird and Bird advised us of the following:

 
Ruth will be unavailable from 22 – 24 January, so it would be preferable to submit questions well in advance of these dates if the EPDP Team would like to receive guidance in advance of its F2F meeting beginning on 27 Jan.
With respect to the reverse look-up question, it would be helpful for Bird & Bird if the Legal Committee could provide an example for scenario 2 and the alternative proposal (similar to the example provided in the first scenario). 
 

Action Items
Brian and Margie to review 2A of the Territorial Scope question to clarify the ask based on the Legal Committee’s discussion, for example, consider adding a matrix. 
Question provided for reference: 

2. The advice given in Q1-2 with respect to liability (Section 4 of the memo)?

In light of this ECJ decision and the Geographic Scope Guidelines [edpb.europa.eu], using the same assumptions identified for Q1 and Q2, would there be less risk under GDPR to contracted parties if:
the SSAD allowed automated disclosure responses to requests submitted by accredited entities for redacted data of registrants and/or controllers located outside of the EU, for legitimate purposes (such as cybersecurity investigations and mitigation) and/or other fundamental rights such as intellectual property infringement investigations (See Article 17, Section 2 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT);and/or   
 
Laureen and Georgios to review and consider combining GAC-proposed questions 4, 5, 7, and 8 based on the Legal Committee’s discussion as well as the Phase 1 Accuracy Memo. 
 

Questions provided for reference:

 

4. If current verification statistics provide that a number of data is inaccurate, would that be considered a metric to deduce that the accuracy principle is not served in a reasonable manner as demanded by the GDPR? 

 

5. According to the GDPR all personal data are processed based on the principle that they are necessary for the purpose for which they are collected. If those data are necessary, how can the purpose be served while the data are inaccurate? 

 

7. How is the accuracy principle in connection to the parties' liability has to be understood in light of the accountability principle of the GDPR? What are the responsibilities of ICANN and the contracted parties (who are subject to the GDPR) under Chapter IV of the GDPR? If the contracted parties (as data controllers) engage third entities as processors (e.g. to provide data back-up services), what are the responsibilities of these entities? What does this mean in terms of liabilities (in light of Art. 82 GDPR)? 

 

8. While it is up to the registrants to provide accurate details about themselves and it is up to the registrants not to mistakenly identify themselves as natural or legal persons, the Memo on "Natural vs Legal persons" provides interesting ideas/suggestions for the contracted parties to proactively ensuring the reliability of information provided, including through measures to independently verify the data. Could similar mechanisms be identified also for ensuring the reliability of the contact details of the registrant? Can best practices be drawn from the ccTLDs? 

 

Thank you.

 

Best regards,

 

Marika, Berry, and Caitlin

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200107/2f94efcf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ICANN - Memo on Accuracy (4).docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 428401 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200107/2f94efcf/ICANN-MemoonAccuracy4-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EPDP Phase 2 Legal Questions, pending plenary review.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 24186 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200107/2f94efcf/EPDPPhase2LegalQuestionspendingplenaryreview-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200107/2f94efcf/smime-0001.p7s>

More information about the Gnso-epdp-legal mailing list