[Gnso-epdp-team] Notes & action items from today's meeting
Plaut, Diane
Diane.Plaut at corsearch.com
Tue Oct 9 15:29:32 UTC 2018
Hi Trang, All-
I strongly support Margie and Thomas on this matter. I am a new-comer to this stage but see clearly that in this EPDP and in past working groups there has been an incredible amount of time, energy and resources put into answering questions and making thoughtful recommendations to set-up ICANN to function operationally within a legally compliant, efficient and the capacity to address modern privacy and data protection considerations and multi-stakeholder needs. To move forward and accomplish the goals needed here and for ICANN going forward, there needs to be reliable feedback and clear and open communication from ICANN Org.
We all have the ultimate goal of assisting with a productive and compliant set-up of ICANN and a functioning framework for all.
Sincerely,
Diane
Diane Plaut
General Counsel and Privacy Officer
[cid:image001.png at 01D3CA70.18FC1D40]
Direct +1 646-899-2806
diane.plaut at corsearch.com<mailto:diane.plaut at corsearch.com>
220 West 42nd Street, 11th Floor, New York, NY 10036, United States
www.corsearch.com<http://www.corsearch.com/>
Join Corsearch on Twitter<https://twitter.com/corsearch> Linkedin<https://www.linkedin.com/company/2593860/> Trademarks + Brands<http://trademarksandbrands.corsearch.com/>
Customer Service/Platform Support: 1 800 SEARCH1™ (1 800 732 7241)
Corsearch.USCustomerService at corsearch.com<mailto:Corsearch.USCustomerService at corsearch.com>
Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession.
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of Thomas Rickert <epdp at gdpr.ninja>
Date: Tuesday, October 9, 2018 at 4:12 AM
To: Margie Milam <margiemilam at fb.com>
Cc: "gnso-epdp-team at icann.org" <gnso-epdp-team at icann.org>
Subject: Re: [Gnso-epdp-team] Notes & action items from today's meeting
Hi Trang, all,
Let me support Margie’s request.
It is of paramount importance to the success of this group to be able to obtain reliable feedback from ICANN Org.
You might also remember that I asked Chris to get a written confirmation from ICANN Org confirming that ICANN will in fact enter into the required agreements as suggested by the policy coming out of this group. These would be a Joint Controller Agreement and Data Processing Agreements.
Just imagine if we came up with recommendations that ICANN org would not be willing or able to operationalize. This would be a waist of resources and embarrassment on world stage.
I would also appreciate if the Board members on our team could chime in.
Thanks and kind regards,
Thomas
Am 09.10.2018 um 01:54 schrieb Margie Milam <margiemilam at fb.com<mailto:margiemilam at fb.com>>:
Hi Trang-
It is really important that ICANN Org meaningfully participate in this EPDP. If ICANN Org believes it is constrained because of the Board resolution, then please ask the Board for approval to participate. Our Board liaisons should be able to facilitate that approval for you.
All the best,
Margie
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>> on behalf of Trang Nguyen <trang.nguyen at icann.org<mailto:trang.nguyen at icann.org>>
Date: Thursday, October 4, 2018 at 8:28 AM
To: Marika Konings <marika.konings at icann.org<mailto:marika.konings at icann.org>>, "gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>" <gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>>
Subject: Re: [Gnso-epdp-team] Notes & action items from today's meeting
Dear All,
As per action item #3 below, Dan and I as ICANN Org liaisons reviewed the draft "Lawful Basis" memo<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_95094053_Lawful-2520Basis-2520for-2520Processing-2520Testv3-2528k-2529-2528ct-2529.pdf-3Fversion-3D1-26modificationDate-3D1538429788000-26api-3Dv2&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=AELsAwOgbSZrfsBHRoEg52SggdgpO_14YD9qNtgl69Q&e=> circulated on Monday. There are some areas where there is considerable change from the contents of the Temporary Specification, such as redefining and assigning owners to the "purposes", as well as the characterization of the "responsible parties" and their roles.
It's understandable that the EPDP Team is considering changes from what was in the Temporary Specification as per the EPDP charter<https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_sites_default_files_file_field-2Dfile-2Dattach_temp-2Dspec-2Dgtld-2Drd-2Depdp-2D19jul18-2Den.pdf&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=mJgAE4qHewfMIzq5i7aBzBTYkPLnWK9W0oMTXkSruE0&e=>. ICANN Org however has been directed<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_board-2Dmaterial_resolutions-2D2018-2D05-2D17-2Den&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=DjUqHBOa7Aa8X_ILT_Tam-DeZWycXd8TYnNuBmms-UA&e=> by the Board to implement the Temporary Specification. Accordingly, as liaisons from ICANN Org we are unable to convey an official ICANN position that differs from the Temporary Specification at this time. We will however continue to follow the EPDP Team's discussions carefully and supply whatever information we can to help advance the Team's discussions.
Best,
Trang and Dan
ICANN Org Liaisons
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>> on behalf of Marika Konings <marika.konings at icann.org<mailto:marika.konings at icann.org>>
Date: Tuesday, October 2, 2018 at 9:20 AM
To: "gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>" <gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>>
Subject: [Gnso-epdp-team] Notes & action items from today's meeting
Dear All,
Please find below the notes and action items from today’s meeting. In order to facilitate the signing up for the small teams, please use the following link https://docs.google.com/document/d/1ChEYy-cZmT3qTD62-HsoVmddD96m6cbkSOv5dmAjmpY/edit?usp=sharing<https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.google.com_document_d_1ChEYy-2DcZmT3qTD62-2DHsoVmddD96m6cbkSOv5dmAjmpY_edit-3Fusp-3Dsharing&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=Dk1S6b3UpbiFdn0iBX0PrLrYeQbnpJplhgvjJITfUX8&e=>. As a reminder, please self-organize and assign max. 1 member from each group per small team. Call details will be sent to all, but only designated members are expected to attend (view only AC will be available for others interested to follow the deliberations).
Best regards,
Caitlin, Berry and Marika
=============
EPDP Team Meeting #16
Tuesday, 2 October 2018
Notes and Action Items
High-level Notes/Actions:
Action item #1: add to Purpose C a second processing activity that is focused on disclosure of technical contacts to third parties t to communicate or notify RNH of technical and/or administrative issues (third parties 6.1(f)).
Action item #2: Regarding the Legal Basis document, RySG to provide additional data processing steps by Wednesday 3 October COB.
Action item #3: EPDP Team to review lawful basis memo and proposed designations for each purpose and processing activity and communicate by Wednesday COB any objections to the proposed designations
Action item #4: Leadership to develop methodology to be developed to further consider idea of ICANN having direct contract with registrants.
Action item #5: Alan Greenberg to write statement why optional provision of admin/tech contact is important.
Action item #6: EPDP Team to review planning and schedule and share any feedback on the list.
Questions for ICANN Org from the EPDP Team:
None
Notes & Action items
These high-level notes are designed to help the EPDP Team navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/2IpHBQ<https://community.icann.org/x/2IpHBQ>.
1. Roll Call & SOI Updates (5 minutes)
* Attendance will be taken from Adobe Connect
* Please remember to mute your microphones when not speaking, and state your name before speaking for transcription purposes.
* Please remember to review your SOIs on a regular basis and update as needed. Updates are required to be shared with the EPDP Team.
2. Welcome and Updates from EPDP Team Chair (5 minutes)
* Recap EPDP Team F2F meeting - see high level notes circulated and posted on the wiki (https://community.icann.org/x/rQarBQ<https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_rQarBQ&d=DwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=JtF_A8u6pVp4jWEAz4x6Hu2ZCsRt7Ds2ULRTS-2bKxg&s=Wg2hMhXv7SE1NQTE2wRZrOKssGG_VP8Or4q_bmKg3sw&e=>). Feedback welcome on what worked well and what didn't.
* Meeting schedule going forward - to be discussed under item 5 on the agenda.
* Review of outstanding action items - see https://community.icann.org/x/NwSNBQ<https://community.icann.org/x/NwSNBQ>
* Other updates, if applicable
3. Legal basis for purposes and related processing activities
Objective of discussion:
(1) Agree on legal basis for different purposes and related processing activities
a) Review legal basis memo outlining how to differentiate between Art 6.1(b) and Art 6.1(f) and discuss how this can be applied to purposes identified and related processing activities
b) Agree on legal basis for purposes and related processing activities
* See memo that was circulated prior to this meeting
* Lawful test designed by Thomas facilitated the discussions but there was still confusion around what it means "necessary for performance of a contract"
* Example found from the UK Information Commissioner's Office - processing must be necessary for the delivery of your part of the contract. If the processing is only necessary to maintain your business model more generally, this lawful basis will not apply.
* Lawful test in combination with example applies to the EPDP Team purposes. Highlighted in blue is where small team came to agreement on lawful basis, those in orange, based on leadership team assessment.
* For purpose A, does this just concern data for WHOIS or is it broader than that - this is focused on the data that is collected by the registrar, regardless of where it is.
* Purpose C - focused on registrar communication, but this is mainly for other parties, why is that not included? If it is for other parties, the lawful basis would be 6.1(f). Add second processing activity focused on third parties (6.1(f)). May also be captured under purpose B?
* May need to distinguish between what is collected and what goes into an RDDS? For example, in relation to Purpose N. Purpose N not limited to Spec 13, would also include Spec 12 gTLDs. Policy recommendations to cover the circumstances and purposes through which additional data elements are collected, even if those are not published or disclosed through RDDS.
* In Purpose A, is a processing activity missing? Responding to requests from Registered Name Holder for purpose A. Should RNH be mentioned as a separate party? RNH is the data subject.
* For Purpose A, transmission of registration data - why is this both 6.1(b) and 6.1(f) - isn't protecting against abuse a necessary part of the contract?
* For Purpose E, isn't this also 6.1(b) as it is part of the broader requirements? Small team discussed what would present best case for success presenting this to DPAs and agreed on 6.1(f).
* BC would support ICANN Org having a direct relationship with registrant to allow for 6.1(b) if this is currently prevented because ICANN does not have a direct contractual relationship with registrants.
* For purpose F, why not 6.1(b)? In theory you could abolish contractual compliance and domain name registration would still work, hence 6.1(f) argument.
* Need additional processing activity in M for party that files complaint and needs access to information. Needs to be further considered.
* Helpful way to lay this out visually, makes it easier to understand. Groups need a bit more time to review and comment.
* EPDP Team to review memo and especially link to CIO web-site.
* Also note that there where disagreement may persist, this could be called out in the Initial Report as a question for which specific input is requested especially from DPAs.
Action item #1: add to Purpose C a second processing activity that is focused on disclosure of technical contacts to third parties access to this information to communicate or notify RNH of technical and/or administrative issues (third parties 6.1(f)).
Action item #2: Regarding the Lawful Basis document, RySG to provide additional data processing steps EPDP Team to review this document and come back with feedback by Wednesday 3 October COB.
Action item #3: EPDP Team to review Lawful Basis memo and proposed designations for each purpose and processing activity and communicate by Wednesday COB any objections to the proposed designations
Action item #4: Leadership to develop methodology to be developed Small team to further consider idea of ICANN having direct contract with registrants.
4. Review data elements workbook for purpose C - Enable communication or notification to the Registered Name Holder and/or their delegated parties of technical and/or administrative issues with a Registered Name (see https://community.icann.org/x/5AC8BQ<https://community.icann.org/x/5AC8BQ>)
Objective of discussion:
(1) Review data elements workbook for purpose C as completed by small team during LA F2F meeting
(2) Agree on data elements needed for this purpose as well as responses to different questions in data elements workbook
a) Review data elements workbook for purpose C
b) Discuss any outstanding items / questions
c) Finalize data elements workbook for purpose C
* See data elements workbook for purpose C (see https://community.icann.org/x/5AC8BQ<https://community.icann.org/x/5AC8BQ>)
* Mandatory fields to be collected under 6.1b, optional fields to be collected under 6.1(a) - consent.
* What does optional mean? If no admin/tech contact info is provided, does it then default back to the registrant information?
* If admin/tech contact info is provided, consent will need to be provided by the admin/tech contact.
* If there is no reason to collect the data, would it go against the principle of data minimisation? Is option that is provided to RNH, only those that want to make use of this would opt for it, not a requirement.
* In practice it is often a duplicate and no unique information is provided.
* You could define two different products: 1 where the registrant acts for all contacts 2 where he / she wishes to designate additional contacts. In such case, both could be 6 I b and collection of third party that would occur based on Art. 14.
* Why is making it an optional field problematic? As no one is required to do anything? Under GDPR you will still need to explain why data is collected.
Action item #5: Alan Greenberg to write statement why optional provision of admin/tech contact is important.
5. Share list of outstanding issues and plan for addressing these
* See planning document circulated prior to the meeting
* How to sign up for small groups? Groups expected to self-organize - ideally max. 1 rep per group. Could use google doc to have an idea of attendance.
Action item #6: EPDP Team to review planning and schedule and share any feedback on the list.
6. Wrap and confirm next meeting to be scheduled for Thursday 4 October at 13.00 UTC.
a) Confirm action items
b) Confirm questions for ICANN Org, if any
Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-epdp-team<https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181009/d6897d62/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5570 bytes
Desc: image001.png
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181009/d6897d62/image001-0001.png>
More information about the Gnso-epdp-team
mailing list