[Gnso-epdp-team] Notes & action items - EPDP Team #33
Marika Konings
marika.konings at icann.org
Tue Dec 11 20:30:13 UTC 2018
Dear EPDP Team,
Please find below the notes and action items from today’s EPDP Team meeting.
Best regards,
Caitlin, Berry and Marika
EPDP Team Meeting #33
Tuesday, 11 December 2018
Notes and Action Items
High-level Notes/Actions:
Action item #1: Proponents of accuracy discussion to put forward specific proposals / changes that should be considered by the EPDP Team.
Action item #2: Leadership and staff support team to update and re-publish timeline to demonstrate anticipated timing of phase 2 launch.
Action item #3: EPDP Team encouraged to further discuss topic of ‘optional’, as well as items deferred to next meeting (geographic basis, policy change impact analysis) on the mailing list and focus on possible recommendations associated with this topic for EPDP Team consideration.
Questions for ICANN Org from the EPDP Team: None
Notes & Action items
These high-level notes are designed to help the EPDP Team navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/ZwPVBQ.
1. Roll Call & SOI Updates
* Attendance will be taken from Adobe Connect
* Remember to mute your microphones when not speaking and state your name before speaking for transcription purposes.
* Please remember to review your SOIs on a regular basis and update as needed. Updates are required to be shared with the EPDP Team.
2. Welcome and Updates from EPDP Team Chair (5 minutes)
a. Status of letter to EDPB / External Legal Counsel
* Agreed to hold off sending the letter for now. Letter has been drafted for GNSO Council to update them on the status in relation to the letter. Important to review previous letters sent by the EDPB - now is not an opportune time.
* PCST meeting scheduled for tomorrow - in that meeting, further discussion expected re. procurement of legal service and proposed process. Conflicts will need to be considered in any procurement process. Process will be to develop written questions followed by written responses, which could be followed up by a conversation, if needed. Cost control will be another important aspect - arm’s length engagement should assist with that. Formulating the questions will be key. How to do that effectively should be focus. Could potentially be done through a small team, potentially consisting of lawyers from the group, which focus on formulating in an objective manner the questions. It would then be considered if the question has already been answered in existing memos, can be answered by ICANN legal or whether external counsel input is needed. ICANN would be responsible for developing the SOW, EPDP Team's focus should be on formulating the questions.
b. Review of outstanding action items - see https://community.icann.org/x/NwSNBQ
c. Other updates, if applicable
* Small team meeting held yesterday to further discuss controller/joint-controller related issues. No agreement on whether a joint-controller situation exists - ICANN Org committed to further study the situation and provide feedback. It may also depend on the processing steps as different responsibilities may apply. Review current information in the Initial Report and see if/how this needs to be updated or further clarified. Important to document position so that the EPDP Team can further review what to include in the Final Report.
* Accuracy - is it in scope, if it is, what is to be considered? What is the expected outcome / objective, changes in the current regime?
Action item #1: Proponents of accuracy discussion to put forward specific proposals / changes that should be considered by the EPDP Team.
3. Preview of Phase 2 work items (15 minutes):
a. Review mind map
b. Confirm understanding of EPDP Team on where it is on meeting requirements to commence phase 2 work.
c. Confirm next steps, if any
* Mind map outlines the aspects of the charter that are expected to be covered in phase 2. This does not only include the system for standardized access to non-public registration data but also a number of topics that appear in the annex to the temporary specification ("important issues for further community action")
* May be worth seeking clarification from the GNSO Council what they expect to receive in order to provide 'non-objection'.
* The charter says "the threshold for establishing "answered" for the gating questions shall be the consensus of the EPDP Team and non-objection by the GNSO Council". May need to obtain clarification from the Council of what is meant with 'consensus' - is this on any recommendations in relation to gating questions or in relation to the aggregate of the gating questions?
* Is there a risk in delaying the access discussion after Final Report on temp spec produced? What is the incentive for the EPDP Team to work and compromise on those issues in phase 2. Commitment to work in good faith.
* Specific timeline is in place for phase 1 that cannot wait for phase 2 to complete.
* Some of the outstanding questions may be addressed through the discussions on the system for standardized access.
* May need to review timeline again to see how phase 2 fits in.
* Charter questions were responded to in the Initial Report - is that sufficient to commence phase 2? May need to look at those responses again?
* Final Report on Temporary Specification is due in 6 weeks and should be the priority for now. However, if work on that can be finalized ahead of time, work could start earlier and/or in parallel.
* Mind map is intended to be a catalyst for subsequent discussion, not a block.
* Need to work through issues that are on the critical path.
Action item #2: Leadership and staff support team to update and re-publish timeline to demonstrate anticipated timing of phase 2 launch.
4. Continue review of list of topics for further discussion
a. Topic List Item #7 – Definition of optional
Recommendation #4: the EPDP Team is still considering whether optional also means optional for the registrar to offer the ability to the Registered Name Holder to provide these data elements, or whether it would be required for the registrar to offer this ability. (Initial Report)
* Consider current requirements
* Consider risk / compliance issues of requiring or not requiring registrars to request RNH to provide optional data elements
* Confirm whether data that is optional, but which has been provided by RNH is to be transferred to the registry.
* Confirm next steps, if any
* There are a number of data elements listed as optional in the Initial Report: organization, phone ext, fax, fax ext, tech fields (name, phone, email), DNSSEC, validating RNH eligibility to register a domain name under certain TLDs.
* No agreement yet on what 'optional' means in this context.
* What is the impact of third party that is involved for tech contact? What is risk involved?
* Is answer contingent on response provided by EDPB / external advice? What does 'informed' mean in relation to third parties that provide this information? If it is optional for CP to provide this option, would they ever offer it as there is always a risk involved. Need to understand what liability, if any, exists.
* Further input may be received on this topic in response to public comment.
* Some segments of client base want to provide this information - registrars may choose to accept this risk to serve these customers. Market driven may be a solution?
* Note requirements to obtain consent - legal question that may need to be further clarified as the EDPB letter was not sufficiently clear on this point, what is exactly needed? Also issue of what happens if consent is withdrawn? Is informed sufficient or is informed consent required? Also need to consider article 14 in the context of collecting data from someone other than the data subject.
* How to separate out transfer to registries? As even if one registrar requests this information, it would need to be supported by registries. What happens to data portability? Risk for data mismatch by having optional data elements. Making things optional for a registrar to collect doesn't solve "the problem" and really just complicates things more from an operational point. The value of the information itself is a separate debate.
* What happens with legacy data? Would optional info get removed if registrars no longer offer it, would registrants be informed? Data that has been collected needs to be tested against GDPR requirements - if at the time of collection it was compliant with GDPR you can keep it, if not, it will need to be removed. Legacy data pools will need to be dealt with independent of this group's recommendations, this includes legacy data held by Registrars, Registries and third-party data aggregators.
* If it is optional, why should it be collected in the first place?
* High degree of likelihood that major registrars will offer this function as customers are asking for it, but not clear how many or for how long. No assurance that it is a permanent situation. How is the end user factored into this discussion? This has always been offered - what risks are imposed by GDPR?
* What about other data elements that are optional (apart from tech contact data elements)? For example, organization. May need to build in two steps: need to have consent for collection of organization field if it includes personal data, and second step to obtain consent for publication. No protections associated with an organization. Organization info may be the link to personal information. Publication should be optional and only if it is the wish of the RNH that the info should be available in a public data base.
Action item #3: EPDP Team encouraged to further discuss topic of ‘optional’, as well as items deferred to next meeting (geographic basis, policy change impact analysis) on the mailing list and focus on possible recommendations associated with this topic for EPDP Team consideration.
b. Geographic basis
* Consider EDPB Guideline (see https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-32018-territorial-scope-gdpr-article-3-version_en [edpb.europa.eu])
* How does this guideline impact EPDP Teams position on this topic? What changes, if any, should be considered for the Final Report?
c. Policy Change Impact Analysis
* Review current language in Initial Report
* Discuss what other information this section should contain
* Volunteers to work on this section?
Items b and c are deferred to next meeting
5. Wrap and confirm next meeting to be scheduled for Thursday 13 December 2018 at 14.00 UTC
a. Confirm action items
b. Confirm questions for ICANN Org, if any
Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181211/0a18c7b2/attachment-0001.html>
More information about the Gnso-epdp-team
mailing list