[Gnso-epdp-legal] Legal Committee Homework

Wed Feb 24 22:53:22 UTC 2021

Please find below my proposed consolidation of questions 2,3, and 4.
(Apologies for late delivery and my inability to insert a new row in the
Google Doc.)

*Revised/Consolidated Questions #2,3 and 4.  *

Paragraphs 17 through 25 of Bird & Bird’s memo data January 25, 2019
discussed the potential risks to Registrars associated with reliance on a
Registrant’s (i) self-designation as a legal person and (ii) confirmation
that the registration data does not contain personal data.  The memo
identified a variety of steps that Registrars could take to mitigate the
risk of inadvertent publication of personal data.

For example, the memo suggested Registrars might take certain steps to
improve the accuracy of self-designation/attestation including: separate,
clear disclosures, including descriptions of the consequences of
self-designation as a legal person and confirmation of no personal data;
testing the clarity of such disclosures through, e.g., focus groups;
periodic follow up emails to registrants and/or technical contact; and
provision of a mechanism to change self-designation, or correct or object
to publication of personal data.

Assuming that a Registrar takes all of the mitigation steps identified by
Bird & Bird:

1.     Please describe the level of remaining risk to Registrars flowing
from subsequent inadvertent publication of personal data.  E.g., based on
your experience and applicable precedent, what is the likelihood of (i)
enforcement action by DPAs, and (ii) imposition of material fines (as
opposed to counseling and de minimus fines)?

2.     Expanding on Question 1, please discuss what risks a Registrar faces
with respect to publication of personal data if the confirmation email sent
to the Registrant and/or the registrant’s tech/admin contacts (i) clearly
states that the Registrant has self-designated as a legal person and has
affirmatively stated that no personal data has been included in its
registration data; (ii) explains that based on those two representations
all fields in the registration data will be published on the Internet; and
(3) provides an easy-to-use mechanism through which the self-designation
can be rescinded and/or an individual can object to publication of their
personal data and rectify any inaccurate date? Must the Registrar require
the registrant’s and/or tech/admin contacts affirmative (opt-in) consent?
Does the answer differ depending on the medium of the notification (e.g.,
snail mail v. email)?

3.     If affirmative consent in response to the confirmation email is
required, what level of risk is associated with publishing the contact
emails until an affirmative response is received?

4.     Are there additional verification steps that a Registrar could take
to further reduce/eliminate liability associated with inadvertent
publication of personal data in connection with reliance on a registrant’s
self-designation, e.g. confirming the existence of corporate identifiers
(Inc., GmbH, Ltd. Etc.)? To what degree would such additional steps reduce
liability?

On Tue, Feb 23, 2021 at 11:57 AM Caitlin Tubergen via Gnso-epdp-legal <
gnso-epdp-legal at icann.org> wrote:

> Dear Phase 2A Legal Committee:
>
>
>
> Please find the action items
> <https://docs.google.com/spreadsheets/d/17qLMYb3HC7qGYPQveXbUq5ZSzvedrQ3t8AdVdrRIdrw/edit#gid=0>
> from today’s call below. Please note all homework is due by COB Wednesday,
> 24 February.
>
>
>
> Legal v. Natural
>
>
>
>    1. Q2-Q4
>    <https://docs.google.com/document/d/156jajwvAkl1l5VsdWXpznrghkKyMUD2bhKkS20X7Xrg/edit?ts=602c5717#heading=h.gjdgxs>:
>    Becky to combine Q2–Q4, and refine the question regarding the nature of the
>    residual risk. Becky to reach out to Melina to confirm if the redrafted Q4
>    is alluding to additional steps, or the steps outlined in B&B’s accuracy
>    memo by COB Wednesday, 24 February.
>    2. Q5
>    <https://docs.google.com/document/d/156jajwvAkl1l5VsdWXpznrghkKyMUD2bhKkS20X7Xrg/edit?ts=602c5717#heading=h.gjdgxs>:
>    Jan to redraft Q5 and include a question re: EURID by COB Wednesday, 24
>    February.
>    3. Q6
>    <https://docs.google.com/document/d/156jajwvAkl1l5VsdWXpznrghkKyMUD2bhKkS20X7Xrg/edit?ts=602c5717#heading=h.gjdgxs>:
>    Margie and Hadia to provide additional context as to how Q6 is both a legal
>    question (rather than a policy/implementation question for the plenary to
>    debate) and is important in the context of answering the question from the
>    GNSO Council, and please take into account the specific feedback from
>    Matthew by COB Wednesday, 24 February.
>
>
>
> Feasibility of Unique Contacts
>
>    1. Q1
>    <https://docs.google.com/document/d/1UCP86uPZJBA_oh_4lfa6GwisfqnXUgbi5kdq-VOQCS0/edit>:
>    Laureen to provide additional context as to how Q1 is important in the
>    context of answering the question from the GNSO Council (please see green
>    highlighted text at top of page) and please take into account the specific
>    feedback from Matthew by COB Wednesday, 24 February.
>
> Thank you.
>
>
>
> Best regards,
>
>
>
> Berry, Marika, and Caitlin
>
>
>
>
>
>
> _______________________________________________
> Gnso-epdp-legal mailing list
> Gnso-epdp-legal at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-legal
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-legal/attachments/20210224/c9c0ed54/attachment.html>