[Gnso-epdp-legal] Proposed Agenda - Legal Committee Meeting #17 - 18 March 2020

[Crossman, Matthew]

Hi folks,

Below are some thoughts on language to send to Bird & Bird along with the Automation Use Case document that the small team has prepared.  Looking forward to discussing tomorrow.

Thanks,
Matt

***
Automation Use Cases Legal Question

The EPDP team is deliberating on a set of use cases for potential automation of the decision to disclose non-public registrant data (attached as Exhibit 1).  This automation would occur within the agreed model for disclosure, which consists of a central gateway for the intake of requests by accredited users with the ultimate decision to disclose resting with Contracted Parties (who possess the underlying non-public registration data). Under the proposed automation use cases, the central gateway makes an automated decision on disclosure which is communicated to the relevant Contracted Party. The Contracted Party may then choose to follow that decision and disclose the data (see “Assumptions” in Exhibit 1 for further details).

In light of the advice previously provide on Question 1&2<https://community.icann.org/download/attachments/117604842/ICANN-EPDP%20-%20Qs%201%20%26%202%20-%209th%20September%202019%5B2%5D.pdf?version=2&modificationDate=1568143518000&api=v2> (Liability) and Question 3<https://community.icann.org/download/attachments/117604842/ICANN-EPDP%20-%20Question%203%20-%2010th%20September%202019%5B1%5D.pdf?version=1&modificationDate=1568143539000&api=v2> (Automation), please provide the following analysis for each use case:


  1.  Please describe the risk of liability for the Central Gateway and Contracted Parties related to automating this decision to disclose registrant data. If there is additional information required to assess the risk, please note the additional information needed.
  2.  Is this a decision “which produces legal effects concerning [the data subject] or similarly significantly affects him or her” within the scope of Article 22?
  3.  Are there additional measures or safeguards that would mitigate the risk of liability?
  4.  Does automated decision-making performed in this manner impact your analysis on the roles/liability of the parties described in the Question 1&2 memo (e.g., Contracted Parties remain controllers with liability where “disclosure takes place in an automated fashion, without any manual intervention.” 1.1.4)

Additional automation clarifications:


  1.  [Placeholder for Brian K. proximate cause question]
  2.  [Any other clarifications from Question 3 memo]



From: Gnso-epdp-legal <gnso-epdp-legal-bounces at icann.org> On Behalf Of policy at bacinblack.com
Sent: Tuesday, March 17, 2020 3:09 PM
To: gnso-epdp-legal at icann.org
Subject: [Gnso-epdp-legal] Proposed Agenda - Legal Committee Meeting #17 - 18 March 2020

Dear Legal Committee:

Please find below the proposed agenda for tomorrow’s Legal Committee meeting.

EPDP Phase 2 Legal Committee- Meeting #17
Proposed Agenda
Tuesday, 18 March 2020 at 14.00 UTC


  1.  Roll Call & SOI Updates (5 minutes)
  2.  Review B&B legal guidance on Consent where legal persons may contain data of natural persons

     *   https://mm.icann.org/pipermail/gnso-epdp-team/2020-March/003186.html
     *   https://community.icann.org/x/SKijBg

  1.  Review WHOIS accuracy/Legal vs. Natural (attached), based on GNSO Council’s decision

     *   https://docs.google.com/document/d/1pS9Pibanj-Hp6LztZpeERtxdoLsnp4y_-do0vU5VJuw/edit

  1.  Review suggestion to send the automation use cases to outside counsel for further guidance on liability and risk, for the Legal Committee’s review (Matthew)
  2.  Wrap and confirm next Legal Committee Meeting

     *   TBD
     *   Confirm action items

Thank you.

Best regards,

Marika, Berry, and Caitlin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20200318/09d15870/attachment-0001.html>