[Gnso-epdp-team] Report on Small team on roles & responsibilities in preparation for EPDP Team Meeting #25
epdp at gdpr.ninja
Tue Nov 13 11:09:02 UTC 2018
Hello Marika, all,
yesterday, the call of the small roles & responsibilities team had its call.
We thank JJ and Erika from ICANN Org for attending the call.
I will only be able to attend the first 90 mins of the call and I do not know whether it is possible to squeeze in a report and discussion of the outcome of our call while I am in attendance. Therefore, I would like to give a brief update in writing.
The plan for the meeting was to discuss
- what roles GDPR offers and if these are sufficiently described in the language I offered for the report
- discussion of Rationale for joint controller vs. other scenarios
- options and limitations of policy work / charter limitations
- strategy to implementation
I hoped we could make sufficient progress during the call so that the small team could suggest a solid path forward to the EPDP plenary.
JJ reported to us that ICANN Org has a 10 page memo in the making in which concerns and ICANN’s views on the roles are described.
He said that we should not jump to the conclusion that a joint controller scenario is given before the roles and responsibilities for the individual processing activities are determined.
In his view, it is like putting the cart before the horse if a joint controller scenario is adopted before all parties had a chance to assess the impact on their liabilities and that joint controllership might not adequately reflect the risks the respective parties might want to take.
We then discussed that it is not really a question of what the parties want to choose to best suit their wishes, but a question of what the legal determination of the setup is. Several participants expressed their view that a joint controller scenario is likely present and therefore a joint controller agreement needs to be negotiated to reflect the roles and responsibilities and the required indemnifications etc. need to be put in place to associate the risks appropriately.
There are two issues with this that the EPDP Team and - in particular - the leadership needs to decide.
1. The issue of legal assessment vs. policy work
The question was brought up by Kurt and JJ in particular. They said - rightfully - that our group cannot really give legal advice. We have discussed the unfortunate situation that our policy group needs to do both compliance work as well as policy work in the EPDP plenary on multiple occasions before. We have a charter that requires us to speak to the responsibilities of the parties and this is just not possible without being transparent (in our report) about what concept we think is applicable. So I think the plenary needs to discuss and confirm that we will take position on this (which can be vetted during the public comment period).
If the EPDP Team does not wish to take a position on this question, I think we need to go back to the GNSO Council to ask for a revision of the charter.
We were not given any indication as to how quickly a memo would be shared with the EPDP Team. JJ said that their memo should inform and help our work but it should not stand in the way of our work.
In my view (which was shared by several participants), the EPDP Team must know what ICANN org’s view on the matter is. The SGs and Cs need to be able to take into account the concerns and suggestions that ICANN Org might have to inform their own positioning. Also, I think we cannot detach our work from ICANN org’s position. It would be unfortunate - to say the least - if our group came up with a recommendation for the parties to negotiate a JCA just to find out that ICANN Org will refuse to implement that recommendation. Thus, clarity is required as soon as possible and a report should not be published before the memo has been shared, analyzed, discussed in the EPDP team and potential revisions to the initial report have been made.
In closing, let me be honest with the entire team and express my frustration with the process.
We have asked both Board liaisons as well as ICANN staff multiple times to share any legal memos / opinions there are to inform our discussions. Also, we have asked whether there would be concerns by ICANN Org with respect to entering into a joint controller agreement or data processing agreements in several meetings. We were not given any indication whatsoever that there could be problems. It is unfortunate to only learn about ICANN’s memo and that there are concerns a few days before the planned publication of our report.
> Am 12.11.2018 um 16:25 schrieb Marika Konings <marika.konings at icann.org>:
> Dear All,
> Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Tuesday 13 November at 14.00 UTC.
> In relation to agenda item #3, please find attached an updated version of the proposed language for inclusion in the Initial Report in which staff has aimed to capture some of the input that was received in response to the Initial Report through the google doc, as well as input received on the mailing list.
> In relation to agenda item #4, please find attached a table which provides an overview of the changes proposed by EPDP Team members that staff didn’t feel comfortable applying because e.g. either the proposed change is not clear, the proposed change affects previously agreed preliminary agreements / text, or is a substantive change that requires further discussion / consideration by the full EPDP Team (see https://docs.google.com/document/d/1SoNTnvvadNQ8nX_-OxN4mtsd-gfLNxT54GXSXyGQwEQ/edit?ts=5be6721f <https://docs.google.com/document/d/1SoNTnvvadNQ8nX_-OxN4mtsd-gfLNxT54GXSXyGQwEQ/edit?ts=5be6721f> for all comments received to date). In certain cases, staff has proposed a path forward, but would appreciate EPDP Team/commenter feedback before applying this change. Note that a number of comments were made in relation to preliminary recommendations and/or text that is still under consideration. It is the expectation that this input will be raised in the context of those discussions.
> FYI, staff expects to share an updated version of the Initial Report later today so you can see how other input has been addressed (non-substantial issues) as well as how other aspects are coming together as a result of the EPDP Team work over the last couple of meetings.
> Best regards,
> Caitlin, Berry and Marika
> <>EPDP Meeting #25 Agenda <>
> Tuesday, 13 November 2018
> Roll Call & SOI Updates (5 minutes)
> Welcome and Updates from EPDP Team Chair (5 minutes)
> Initial Report finalization status, incl. items remaining to be addressed and schedule for the week ahead
> Confirm status and next steps in relation to natural vs. legal and geographic status
> Review of outstanding action items
> Other updates, if applicable
> Data Redaction (see attached)
> Objective of discussion:
> Confirm language for inclusion in the Initial Report in relation to data redaction as well as email communication
> Review latest version of language for inclusion in relation to data redaction
> Consider charter questions:
> f2) Should standardized requirements on registrant contact mechanism be developed?
> f3) Under what circumstances should third parties be permitted to contact the registrant, and how should contact be facilitated in those circumstances?
> And related draft recommendation:
> In relation to facilitating email communication between third parties and the registrant, the EPDP Team recommends that [current requirements in the Temporary Specification that specify that a Registrar MUST provide an email address or a web form to facilitate email communication with the relevant contact, but MUST NOT identify the contact email address or the contact itself, remain in place. [[[Other to be decided]]].
> Confirm next steps, if any
> Commence review & discussion of comments / input received on Initial Report
> Objective of discussion:
> (1) Review proposed changes / comments on the Initial Report that require EPDP Team consideration
> (2) Agree on if/how these proposed changes / comments are to be applied to the Initial Report
> Commence review of proposed changes / comments on the Initial Report (see list attached)
> Confirm approach for addressing these
> Confirm next steps, if any
> Wrap and confirm next meeting to be scheduled for Wednesday 14 November / Thursday 15 November at 14.00 UTC (dependent on progress made).
> Confirm action items
> Confirm questions for ICANN Org, if any
> Marika Konings
> Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
> Email: marika.konings at icann.org <mailto:marika.konings at icann.org>
> Follow the GNSO via Twitter @ICANN_GNSO
> Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
> <Data Redaction - up 12 November 2018.docx><Initial Report changes for discussion - upd 12 November 2018.docx>_______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team