[Gnso-epdp-team] Small team #1 draft responses and preliminary recommendations for review

Rosette, Kristina rosettek at amazon.com
Wed Oct 24 12:04:59 UTC 2018


Hi,

RySG will be proposing revisions to the small team #2 draft responses and preliminary recommendations.  We are planning to circulate those before our meeting later today.

K

From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org] On Behalf Of Marika Konings
Sent: Tuesday, October 23, 2018 2:52 PM
To: EPDP <gnso-epdp-team at icann.org>
Subject: [Gnso-epdp-team] Small team #1 draft responses and preliminary recommendations for review

Dear EPDP Team,

In preparation for tomorrow’s EPDP Team meeting which will take place from 17.00 – 18.30 (see https://63.schedule.icann.org/meetings/901653), a sub set of small team #1 (legal vs. natural) got together and collaborated on the proposed EPDP Team responses and preliminary recommendations in relation to this topic which you will find below for your consideration.

Best regards,

Caitlin, Berry and Marika

===============

Small Team #1 – Legal vs. Natural Person


h)     Applicability of Data Processing Requirements – Draft responses


h3) Should Contracted Parties be allowed or required to treat legal and natural persons differently, and what mechanism is needed to ensure reliable determination of status?


We seem to have agreed that yes, contracted parties should be allowed to treat legal and natural persons differently but the mechanism by which this should or can be done should be further explored.


h4) Is there a legal basis for Contracted Parties to treat legal and natural persons differently?


We agreed that under GDPR there is a legal basis.  While the focus of this EPDP is GDPR compliance, we did note that not all jurisdictions have this same distinction so we have to make sure our policy recommendations are flexible enough to take this into account.


h5) What are the risks associated with differentiation of registrant status as legal or natural persons across multiple jurisdictions? (See EDPB letter of 5 July 2018).


The main risk seems to be that while legal persons don’t have the same protections under GDPR, natural persons employed by a legal person (and who may be designated as the registrant, admin or technical contact) are still natural persons with rights/protection under GDPR. This risk may be minimized through educational resources as recommended below. [further flesh out risks: James Bladel to provide proposed language]

Proposed Preliminary Policy Recommendation for inclusion in the Initial Report

The EPDP Team recommends that:


●        The distinction between legal and natural persons is useful and necessary for GDPR and some other data protection laws.

o   However, the EPDP Team recognizes that there are challenges in making this distinction in the context of domain name registrations as well as the potential implementation of any new functionality that would apply to pre-existing registrations.

o   Additionally, other jurisdictions may have other categories of protected groups that would need to be factored in.


●        The EPDP Team recommends that GDD staff who will be tasked with the implementation of these policy recommendations commence research by investigating how ccTLDs and contracted parties currently distinguish between natural and legal persons to inform the EPDP Team.


●        Following the receipt of the research, the EPDP Team will explore in a timely manner how this distinction can be made in the context of domain name registrations in a satisfactory way.

o   The EPDP Team should also consider the timeline needed to implement, which could follow a phased approach whereby implementation would start immediately following completion of the further work and agreement on a satisfactory manner to distinguish between legal and natural persons for new registrations while existing registrations would be phased in upon renewal or by other means.

o   The EPDP Team should also consider which data fields (if any) need to be added to accomplish this distinction. This could require further liaising with the IETF if data fields in RDAP need to be added or changed.


●        The EPDP Team recommends that, as a best practice, registries, registrars and ICANN each develop (educational) resources available that help registrants understand the distinction between a domain name that is registered by a natural person vs. legal person / entity. These resources and communications should also encourage legal persons to provide non-personal information for their email address and other contact information.

Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>

Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20181024/5bb3c3e6/attachment-0001.html>


More information about the Gnso-epdp-team mailing list