[Gnso-epdp-team] EPDB Communication - small group meeting

Chris Disspain chris at disspain.uk
Sun Dec 2 16:57:24 UTC 2018 


Cheers,

Chris

> On 2 Dec 2018, at 15:22, Kurt Pritz <kurt at kjpritz.com> wrote:
> 
> Hi Everyone: 
> 
> A “small” team met on Thursday to discuss communication with the European Data Protection Board (EDPB). We actually met in two small groups in order to accommodate everyone’s schedule. The discussion of each “smaller” group differed somewhat although there was a large area of intersection in thought and desired actions. 
> 
> The agenda considered to issues: (1) whether and how we should communication to the EDPB generally, and after consideration of that, (2) what the content of a near-term communication might be.
> 
> As a preamble to the ICANN staff meeting notes (attached), here are the conclusions that I noted. Please provide corrections, edits or additions so that we all have the same understanding. 
> 
> (1) We are not sure we need to or should communicate with the EDPB at this point. In any event, communications with the EDPB must be undertaken carefully and the current draft letter is not suitable for this purpose. We had intended to communicate with them as: (1)  the EPDP Charter states that we “should’ (but not “must”) send the initial report to them; (2) we have been creating questions for possible EDPB review as part of our discussions. 
> 
> (2) However, we noted  the EDPB web page states, "The EDPB does not provide individual consultancy services. Please note that individuals or organisations with questions related to data protection law are advised to consult the website of the Supervisory Authority in the country where they are based.” Some of the call participants noted that, from personal experience, EDPB member have expressed displeasure at the receipt of questions from ICANN and another round of questions would result in a negative, rather than constructive, reaction. When I suggested that our (EPDP) questions could be differentiated from ICANN questions, it was reasonably pointed out that the EDPB would not be able, nor care to try to differentiate between ICANN org and our team. 
> 
> (3) Therefore, the general agreement was that any communication to the EDPB should be fairly brief and restricted to conclusions of our team rather than in the form of questions. We might decide that we do not want to share the Initial Report with the EDPB. In that case, we should notify the GNSO Council of that intention in order to get their feedback and direction. 
> 
> (4) In the meantime,  we will continue to draft / hone a letter to the EDPB as one way to determine if a reasonable, meaningful communication can be developed. Stephanie has undertaken an initial draft of that. Given that the EDPB more or less stated in their earlier missive to ICANN to “get on with it,” it was my  opinion that our letter might state that we are doing that and provide a link to the initial report. This would provide the EDPB the opportunity to review the report if they wish and provide notice that our Final Report will be issued at a later date.  
> 
> (5) During the second meeting, it was indicated that there are questions requiring answers that are on the critical path to finishing our work. For example, it is unclear whether the EDPB indication that third party data could be included in a domain registration so long as the third party was “notified" by the registered name holder still requires “consent" of that third party. It was also noted that the team does not have dispositive information on whether a registrar could rely without liability on a registered name holder’s indication of whether s/he was presenting the data of a legal or natural person. Answers to certain questions must still be pursued but the existing question set requires edits. 
> 
> (6) Answers and advice should be pursued in two places. 
> 
>    (a) The team should redouble its efforts to secure independent legal advice. To expedite this, it was recommended that a firm already under contract to ICANN (WSGR in Brussels) be employed. Other possibilities would be welcomed but time is of the essence. This effort will start immediately. 
> 
>    (b) Consultation with Data Privacy Authorities should be pursued in lieu of the EDPB. It was suggested that the Belgium DPA be consulted as ICANN has an office there. Contacts with DPAs will be attempted through different channels. Thomas is working with one contact set. 
> 
> To briefly recap, as a result of these recent team discussions we will: continue to work on an EDPB draft letter as a way of determining whether such a communication be made; review and edit questions requiring answers to inform our work, secure outside legal counsel, approach a DPA for consultation, report those plans to the GNSO Council. 
> 
> Thank you to everyone that participated on the additional calls. Sorry for the long letter; I hope it was useful.
> 
> Best regards,
> 
> Kurt
> 
> <Small Teams on EDPB Letter (29 Nov 2018).docx>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team

More information about the Gnso-epdp-team mailing list