[Gnso-epdp-team] Notes & action items from today's meeting

Emily Taylor emily.taylor at oxil.co.uk
Tue Oct 9 08:36:41 UTC 2018


Hi Margie

Thank you for raising this point. I also support your proposal.

ICANN determines a great deal of how the data comprised in WHOIS records is
processed, and before the temporary specification was imposed it was ICANN
that required publication of WHOIS data.  As James B said in a recent call,
it is important that ICANN's voice is heard in the EPDP.

Best wishes

Emily

On Tue, Oct 9, 2018 at 12:55 AM Margie Milam <margiemilam at fb.com> wrote:

> Hi Trang-
>
>
>
> It is really important that ICANN Org meaningfully participate in this
> EPDP.  If ICANN Org believes it is constrained because of the Board
> resolution, then please ask the Board for approval to participate.  Our
> Board liaisons should be able to facilitate that approval for you.
>
>
>
> All the best,
>
> Margie
>
>
>
> *From: *Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of
> Trang Nguyen <trang.nguyen at icann.org>
> *Date: *Thursday, October 4, 2018 at 8:28 AM
> *To: *Marika Konings <marika.konings at icann.org>, "gnso-epdp-team at icann.org"
> <gnso-epdp-team at icann.org>
> *Subject: *Re: [Gnso-epdp-team] Notes & action items from today's meeting
>
>
>
> Dear All,
>
>
>
> As per action item #3 below, Dan and I as ICANN Org liaisons reviewed the
> draft "Lawful Basis" memo
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_95094053_Lawful-2520Basis-2520for-2520Processing-2520Testv3-2528k-2529-2528ct-2529.pdf-3Fversion-3D1-26modificationDate-3D1538429788000-26api-3Dv2&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=AELsAwOgbSZrfsBHRoEg52SggdgpO_14YD9qNtgl69Q&e=>
> circulated on Monday. There are some areas where there is considerable
> change from the contents of the Temporary Specification, such as redefining
> and assigning owners to the "purposes", as well as the characterization of
> the "responsible parties" and their roles.
>
>
>
> It's understandable that the EPDP Team is considering changes from what
> was in the Temporary Specification as per the EPDP charter
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_sites_default_files_file_field-2Dfile-2Dattach_temp-2Dspec-2Dgtld-2Drd-2Depdp-2D19jul18-2Den.pdf&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=mJgAE4qHewfMIzq5i7aBzBTYkPLnWK9W0oMTXkSruE0&e=>.
> ICANN Org however has been directed
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_board-2Dmaterial_resolutions-2D2018-2D05-2D17-2Den&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=DjUqHBOa7Aa8X_ILT_Tam-DeZWycXd8TYnNuBmms-UA&e=>
> by the Board to implement the Temporary Specification. Accordingly, as
> liaisons from ICANN Org we are unable to convey an official ICANN position
> that differs from the Temporary Specification at this time. We will however
> continue to follow the EPDP Team's discussions carefully and supply
> whatever information we can to help advance the Team's discussions.
>
>
>
> Best,
>
>
>
> Trang and Dan
>
> ICANN Org Liaisons
>
>
>
>
>
> *From: *Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of
> Marika Konings <marika.konings at icann.org>
> *Date: *Tuesday, October 2, 2018 at 9:20 AM
> *To: *"gnso-epdp-team at icann.org" <gnso-epdp-team at icann.org>
> *Subject: *[Gnso-epdp-team] Notes & action items from today's meeting
>
>
>
> Dear All,
>
>
>
> Please find below the notes and action items from today’s meeting. In
> order to facilitate the signing up for the small teams, please use the
> following link
> https://docs.google.com/document/d/1ChEYy-cZmT3qTD62-HsoVmddD96m6cbkSOv5dmAjmpY/edit?usp=sharing
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_document_d_1ChEYy-2DcZmT3qTD62-2DHsoVmddD96m6cbkSOv5dmAjmpY_edit-3Fusp-3Dsharing&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=Dk1S6b3UpbiFdn0iBX0PrLrYeQbnpJplhgvjJITfUX8&e=>.
> As a reminder, please self-organize and assign max. 1 member from each
> group per small team. Call details will be sent to all, but only designated
> members are expected to attend (view only AC will be available for others
> interested to follow the deliberations).
>
>
>
> Best regards,
>
>
>
> Caitlin, Berry and Marika
>
>
>
> =============
>
>
>
> EPDP Team Meeting #16
>
> Tuesday, 2 October 2018
>
> Notes and Action Items
>
>
>
> *High-level Notes/Actions:*
>
>
>
> *Action item #1: *add to Purpose C a second processing activity that is
> focused on disclosure of technical contacts to third parties t to
> communicate or notify RNH of technical and/or administrative issues (third
> parties 6.1(f)).
>
>
>
> *Action item #2: *Regarding the Legal Basis document, RySG to provide
> additional data processing steps by Wednesday 3 October COB.
>
>
>
> *Action item #3: *EPDP Team to review lawful basis memo and proposed
> designations for each purpose and processing activity and communicate by
> Wednesday COB any objections to the proposed designations
>
>
>
> *Action item #4: *Leadership to develop methodology to be developed to
> further consider idea of ICANN having direct contract with registrants.
>
>
>
> *Action item #5: *Alan Greenberg to write statement why optional
> provision of admin/tech contact is important.
>
>
>
> *Action item #6: *EPDP Team to review planning and schedule and share any
> feedback on the list.
>
>
>
> *Questions for ICANN Org from the EPDP Team:*
>
> None
>
>
>
> *Notes & Action items*
>
>
>
> *These high-level notes are designed to help the EPDP Team navigate
> through the content of the call and are not meant as a substitute for the
> transcript and/or recording. The MP3, transcript, and chat are provided
> separately and are posted on the wiki at:
> https://community.icann.org/x/2IpHBQ
> <https://community.icann.org/x/2IpHBQ>.*
>
>
>
> *1. Roll Call & SOI Updates (5 minutes)*
>
>
>
>    - Attendance will be taken from Adobe Connect
>    - Please remember to mute your microphones when not speaking, and
>    state your name before speaking for transcription purposes.
>    - Please remember to review your SOIs on a regular basis and update as
>    needed. Updates are required to be shared with the EPDP Team.
>
>
>
> *2. Welcome and Updates from EPDP Team Chair (5 minutes)*
>
>    - Recap EPDP Team F2F meeting - see high level notes circulated and
>    posted on the wiki (https://community.icann.org/x/rQarBQ
>    <https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_rQarBQ&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=Wg2hMhXv7SE1NQTE2wRZrOKssGG_VP8Or4q_bmKg3sw&e=>).
>    Feedback welcome on what worked well and what didn't.
>    - Meeting schedule going forward - to be discussed under item 5 on the
>    agenda.
>    - Review of outstanding action items - see
>    https://community.icann.org/x/NwSNBQ
>    - Other updates, if applicable
>
>
>
> *3. Legal basis for purposes and related processing activities*
>
> Objective of discussion:
>
> (1) Agree on legal basis for different purposes and related processing
> activities
>
> a) Review legal basis memo outlining how to differentiate between Art
> 6.1(b) and Art 6.1(f) and discuss how this can be applied to purposes
> identified and related processing activities
>
> b) Agree on legal basis for purposes and related processing activities
>
>    - See memo that was circulated prior to this meeting
>    - Lawful test designed by Thomas facilitated the discussions but there
>    was still confusion around what it means "necessary for performance of a
>    contract"
>    - Example found from the UK Information Commissioner's Office -
>    processing must be necessary for the delivery of your part of the contract.
>    If the processing is only necessary to maintain your business model more
>    generally, this lawful basis will not apply.
>    - Lawful test in combination with example applies to the EPDP Team
>    purposes. Highlighted in blue is where small team came to agreement on
>    lawful basis, those in orange, based on leadership team assessment.
>    - For purpose A, does this just concern data for WHOIS or is it
>    broader than that - this is focused on the data that is collected by the
>    registrar, regardless of where it is.
>    - Purpose C - focused on registrar communication, but this is mainly
>    for other parties, why is that not included? If it is for other parties,
>    the lawful basis would be 6.1(f). Add second processing activity focused on
>    third parties (6.1(f)). May also be captured under purpose B?
>    - May need to distinguish between what is collected and what goes into
>    an RDDS? For example, in relation to Purpose N. Purpose N not limited to
>    Spec 13, would also include Spec 12 gTLDs. Policy recommendations to cover
>    the circumstances and purposes through which additional data elements are
>    collected, even if those are not published or disclosed through RDDS.
>    - In Purpose A, is a processing activity missing? Responding to
>    requests from Registered Name Holder for purpose A. Should RNH be mentioned
>    as a separate party? RNH is the data subject.
>    - For Purpose A, transmission of registration data - why is this both
>    6.1(b) and 6.1(f) - isn't protecting against abuse a necessary part of the
>    contract?
>    - For Purpose E, isn't this also 6.1(b) as it is part of the broader
>    requirements? Small team discussed what would present best case for success
>    presenting this to DPAs and agreed on 6.1(f).
>    - BC would support ICANN Org having a direct relationship with
>    registrant to allow for 6.1(b) if this is currently prevented because ICANN
>    does not have a direct contractual relationship with registrants.
>    - For purpose F, why not 6.1(b)? In theory you could abolish
>    contractual compliance and domain name registration would still work, hence
>    6.1(f) argument.
>    - Need additional processing activity in M for party that files
>    complaint and needs access to information. Needs to be further considered.
>    - Helpful way to lay this out visually, makes it easier to understand.
>    Groups need a bit more time to review and comment.
>    - EPDP Team to review memo and especially link to CIO web-site.
>    - Also note that there where disagreement may persist, this could be
>    called out in the Initial Report as a question for which specific input is
>    requested especially from DPAs.
>
>
>
> *Action item #1: *add to Purpose C a second processing activity that is
> focused on disclosure of technical contacts to third parties access to this
> information to communicate or notify RNH of technical and/or administrative
> issues (third parties 6.1(f)).
>
>
>
> *Action item #2: *Regarding the Lawful Basis document, RySG to provide
> additional data processing steps EPDP Team to review this document and come
> back with feedback by Wednesday 3 October COB.
>
>
>
> *Action item #3: *EPDP Team to review Lawful Basis memo and proposed
> designations for each purpose and processing activity and communicate by
> Wednesday COB any objections to the proposed designations
>
>
>
> *Action item #4: *Leadership to develop methodology to be developed Small
> team to further consider idea of ICANN having direct contract with
> registrants.
>
>
>
> *4. Review data elements workbook for purpose C - Enable communication or
> notification to the Registered Name Holder and/or their delegated parties
> of technical and/or administrative issues with a Registered Name (see
> https://community.icann.org/x/5AC8BQ
> <https://community.icann.org/x/5AC8BQ>)*
>
> Objective of discussion:
>
> (1) Review data elements workbook for purpose C as completed by small team
> during LA F2F meeting
>
> (2) Agree on data elements needed for this purpose as well as responses to
> different questions in data elements workbook
>
> a) Review data elements workbook for purpose C
>
> b) Discuss any outstanding items / questions
>
> c) Finalize data elements workbook for purpose C
>
>    - See data elements workbook for purpose C (see
>    https://community.icann.org/x/5AC8BQ)
>    - Mandatory fields to be collected under 6.1b, optional fields to be
>    collected under 6.1(a) - consent.
>    - What does optional mean? If no admin/tech contact info is provided,
>    does it then default back to the registrant information?
>    - If admin/tech contact info is provided, consent will need to be
>    provided by the admin/tech contact.
>    - If there is no reason to collect the data, would it go against the
>    principle of data minimisation? Is option that is provided to RNH, only
>    those that want to make use of this would opt for it, not a requirement.
>    - In practice it is often a duplicate and no unique information is
>    provided.
>    - You could define two different products: 1 where the registrant acts
>    for all contacts 2 where he / she wishes to designate additional contacts.
>    In such case, both could be 6 I b and collection of third party that would
>    occur based on Art. 14.
>    - Why is making it an optional field problematic? As no one is
>    required to do anything? Under GDPR you will still need to explain why data
>    is collected.
>
>
>
> *Action item #5: *Alan Greenberg to write statement why optional
> provision of admin/tech contact is important.
>
>
>
> *5. Share list of outstanding issues and plan for addressing these*
>
>    - See planning document circulated prior to the meeting
>    - How to sign up for small groups? Groups expected to self-organize -
>    ideally max. 1 rep per group. Could use google doc to have an idea of
>    attendance.
>
>
>
> *Action item #6: *EPDP Team to review planning and schedule and share any
> feedback on the list.
>
> *6. Wrap and confirm next meeting to be scheduled for Thursday 4 October
> at 13.00 UTC.*
>
> a) Confirm action items
>
> b) Confirm questions for ICANN Org, if any
>
>
>
> *Marika Konings*
>
> *Vice President, Policy Development Support – GNSO, Internet Corporation
> for Assigned Names and Numbers (ICANN) *
>
> *Email: **marika.konings at icann.org* <marika.konings at icann.org>
>
>
>
> *Follow the GNSO via Twitter @ICANN_GNSO*
>
> *Find out more about the GNSO by taking our **interactive courses*
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=>* and
> visiting the **GNSO Newcomer pages*
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>
> *. *
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team



-- 

Emily Taylor

CEO, Oxford Information Labs
*MA (Cantab), Solicitor (non-practising), MBA, *

*A**ssociate Fellow, Chatham House; Editor, Journal of Cyber Policy*

Lincoln House, Pony Road, Oxford OX4 2RD | T: 01865 582885
E: emily.taylor at oxil.co.uk | D: 01865 582811 | M: +44 7540 049322

<http://explore.tandfonline.com/cfp/pgas/rcyb-cfp-2017>

Registered office: Lincoln House, 4 Pony Road, Oxford OX4 2RD. Registered
in England and Wales No. 4520925. VAT No. 799526263

.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181009/de584896/attachment-0001.html>


More information about the Gnso-epdp-team mailing list