[Gnso-epdp-legal] Initial Report Sections for Bird & Bird to Review

[King, Brian]

Hi Caitlin,

Thoughtful suggestions, as promised:

Preliminary Recommendation #1. Accreditation
Not as a standalone section, since this appears to be primarily technical/operational as opposed to legal. This may be helpful background for Bird & Bird in reviewing Recommendation #16.

Preliminary Recommendation #3. Criteria and Content of Requests
Not as a primary focus, but would not oppose this being a bottom-tier question if we have funding.

Preliminary Recommendation #6. Contracted Party Authorization
Yes, propose to ask Bird & Bird to confirm whether a Contracted Party likely carries more liability in this scenario vs. in Recommendation #7.

Preliminary Recommendation #7. Authorization for automated disclosure requests
Yes, propose to ask Bird & Bird to confirm whether a Contracted Party likely carries more liability in this scenario vs. in Recommendation #6, and also whether a Contracted Party carries more liability if it has outsourced its decision making to the Central Gateway vs. voluntarily taken on decision making itself. Bird & Bird should explore whether its previous controllership and liability guidance is changed in a scenario where the Contracted Party has no visibility into who the requestor is or why the data is being requested, and is merely required to provide the data upon instruction by ICANN as controller.

Preliminary Recommendation #10. Acceptable Use Policy
Not as a standalone section. This may be helpful background for Bird & Bird in reviewing Recommendation #16.

Preliminary Recommendation #11. Disclosure Requirement
Not as a primary focus, but would not oppose this being a third-tier priority question if we have funding.

Preliminary Recommendation #14. Retention and Destruction of Data
Not as a standalone section. This may be helpful background for Bird & Bird in reviewing Recommendation #16.

Preliminary Recommendation #16. Automation
Yes, propose to ask Bird & Bird to help us list the types of requests for which disclosure can be automated. We should also ask for a list of additional types of requests that can be automated if we add or improve safeguards and limitations, and/or if we enable and require the requestor to make an affirmation or allegation. Bird & Bird should be specific and constructive.

Preliminary Recommendation #17. Logging
Only consider this section if analyzing logging is helpful to their analysis on automation.

Preliminary Recommendation #18. Audits
Only consider this section if analyzing audits is helpful to their analysis on automation.

Preliminary Recommendation #19. Mechanism for the evolution of SSAD
Yes, propose to ask Bird & Bird to confirm whether a Contracted Party likely carries more liability in this scenario if ICANN as controller may unilaterally evolve the SSAD to automate and take on decision making for different request types. Do Contracted Parties remain controllers in this scenario? How does their liability change (if at all)?

Brian J. King
Director of Internet Policy and Industry Affairs

T +1 443 761 3726
markmonitor.com<http://www.markmonitor.com>

MarkMonitor
Protecting companies and consumers in a digital world

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200305/49070b83/attachment.html>