[Gnso-epdp-legal] Revised Question on Territorial Scope

Crossman, Matthew mmcross at amazon.com
Thu Jan 9 19:22:31 UTC 2020 

Hi folks,

One small note on Question 1: "Does this ruling and the Guidelines affect . . . [t]he advice given in Phase 1 Regarding Territorial Scope<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fcommunity.icann.org-252Fdownload-252Fattachments-252F102138857-252FICANN-252520-2D-252520Memo-252520on-252520Territorial-252520Scope-252520.docx-253Fversion-253D1-2526modificationDate-253D1552176561000-2526api-253Dv2-26data-3D02-257C01-257CMarksv-2540microsoft.com-257C0fc10369b86b4fb54cdb08d745d81ad8-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C1-257C637054666773951714-26sdata-3D85hB3n-252BgHO5zltdzTm5Pmd-252FUeu0T7OL-252F4bywkCcb7dg-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DOGmtg_3SI10Cogwk-ShFiw%26r%3DqQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA%26m%3DqgqaikAoSyJzElcg7C-u09feQBWajzhT1JT2LBv05jg%26s%3D8TCbK69KiXCKrPpNO-KL9rKcsRkCISjzvCof8uKQBRs%26e%3D&data=02%7C01%7CMarksv%40microsoft.com%7C2925832daae546b63e0408d745f74dba%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637054800792839937&sdata=exadgrNqqCKVQ%2FLTBKZXXJMnBkfDjA9SNSTaJuX%2FH4Q%3D&reserved=0>, in Sections 4.2 or 6.2- 6.9?"

Section 4.2 of the opinion is a restatement of the Temp Spec language (and the subsequent Rec 10) and not advice that Bird & Bird provided, so I suggest we remove it to avoid confusion.

Thanks,
Matt

From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> On Behalf Of Volker Greimann
Sent: Wednesday, January 8, 2020 2:13 AM
To: gnso-epdp-legal at icann.org
Subject: Re: [Gnso-epdp-legal] Revised Question on Territorial Scope


Hello,

I think for clarity, question three should include all relevant presumptions and facts, such as the location of data processing, so additional language to that effect is needed:

"...allowed automated disclosure responses for redacted data of registrants located outside of the EU where such data may or may not be processed by processors or additional controllers inside the EU or otherwise subject to the GDPR, for legitimate...."

Just focussing on the location of ICANN and the data subject falls short in cases where CPs are located or conduct their data processing in the EU.

Best,

Volker
Am 07.01.2020 um 21:54 schrieb King, Brian via Gnso-epdp-legal:
Hi Team,

Margie and I reviewed the question we discussed this morning per our homework assignment, and we respectfully submit the below revised question below for your consideration. Since we agreed on #1 and #2 this morning, only #3 has been changed.

Rewritten Question:
In light of the Right to Be Forgotten Case regarding the reach of GDPR, and the recent guidelines published by the EDPB on Geographic Scope<https://urldefense.proofpoint.com/v2/url?u=https-3A__edpb.europa.eu_sites_edpb_files_files_file1_edpb-5Fguidelines-5F3-5F2018-5Fterritorial-5Fscope-5Fafter-5Fpublic-5Fconsultation-5Fen.pdf&d=DwMGaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=VH1lTBbXRHuGBzmHv6MDdFMGJFp4rxC3HNks7yXp8Ag&s=Wm0q2xFIYFO65E1T_FPWz5HfiNnV_iNT5JBbHTsyVQM&e=>,
Does this ruling and the Guidelines affect:
1.      The advice given in Phase 1 Regarding Territorial Scope<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fcommunity.icann.org-252Fdownload-252Fattachments-252F102138857-252FICANN-252520-2D-252520Memo-252520on-252520Territorial-252520Scope-252520.docx-253Fversion-253D1-2526modificationDate-253D1552176561000-2526api-253Dv2-26data-3D02-257C01-257CMarksv-2540microsoft.com-257C0fc10369b86b4fb54cdb08d745d81ad8-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C1-257C637054666773951714-26sdata-3D85hB3n-252BgHO5zltdzTm5Pmd-252FUeu0T7OL-252F4bywkCcb7dg-253D-26reserved-3D0%26d%3DDwMGaQ%26c%3DOGmtg_3SI10Cogwk-ShFiw%26r%3DqQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA%26m%3DqgqaikAoSyJzElcg7C-u09feQBWajzhT1JT2LBv05jg%26s%3D8TCbK69KiXCKrPpNO-KL9rKcsRkCISjzvCof8uKQBRs%26e%3D&data=02%7C01%7CMarksv%40microsoft.com%7C2925832daae546b63e0408d745f74dba%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637054800792839937&sdata=exadgrNqqCKVQ%2FLTBKZXXJMnBkfDjA9SNSTaJuX%2FH4Q%3D&reserved=0>, in Sections 4.2 or 6.2- 6.9?
2.      The advice given in Q1-2 with respect to liability (Section 4 of the memo)?

3.      In light of this ECJ decision and the Geographic Scope Guidelines<https://urldefense.proofpoint.com/v2/url?u=https-3A__edpb.europa.eu_sites_edpb_files_files_file1_edpb-5Fguidelines-5F3-5F2018-5Fterritorial-5Fscope-5Fafter-5Fpublic-5Fconsultation-5Fen.pdf&d=DwMGaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=VH1lTBbXRHuGBzmHv6MDdFMGJFp4rxC3HNks7yXp8Ag&s=Wm0q2xFIYFO65E1T_FPWz5HfiNnV_iNT5JBbHTsyVQM&e=>, using the same assumptions identified for Q1 and Q2, would there be less risk to EEA-based contracted parties if:

A.      an SSAD operated by ICANN (as opposed to the EEA-based contracted party) based in ICANN's Los Angeles Headquarters allowed automated disclosure responses for redacted data of registrants located outside of the EU, for legitimate purposes (such as cybersecurity investigations and mitigation) and/or other fundamental rights such as intellectual property infringement investigations (See EU Charter of Fundamental Rights Article 17, Section 2 https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:12012P/TXT<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam06.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Feur-2Dlex.europa.eu-252Flegal-2Dcontent-252FEN-252FTXT-252F-253Furi-253DCELEX-253A12012P-252FTXT-26data-3D02-257C01-257CMarksv-2540microsoft.com-257C2925832daae546b63e0408d745f74dba-257C72f988bf86f141af91ab2d7cd011db47-257C1-257C1-257C637054800792819948-26sdata-3DRxgqL9eYdRavnaFqIDjzDOT4GPHJRSsmQ1-252Favz10vKw-253D-26reserved-3D0&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=VLG2NlF9SKlO5Br01dwddo_lA4oncgv7PkSSSsw8ZV4&s=fPD2dxvOeBSKNBXQT0rUNkNPmaova0kNQcFCii_4G6Y&e=>)


Brian J. King
Director of Internet Policy and Industry Affairs

T +1 443 761 3726
markmonitor.com<http://www.markmonitor.com>

MarkMonitor
Protecting companies and consumers in a digital world




_______________________________________________

Gnso-epdp-legal mailing list

Gnso-epdp-legal at icann.org<mailto:Gnso-epdp-legal at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-epdp-legal

_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
--
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net<http://www.key-systems.net>

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200109/be716b47/attachment-0001.html>

More information about the Gnso-epdp-legal mailing list