[Gnso-epdp-team] Proposed redline on the lawfulness of processing

Kavouss Arasteh kavouss.arasteh at gmail.com
Tue Sep 4 06:54:11 UTC 2018 

DeAr Alex,
Dear All,
Below is Article 2

*"Art. 2 GDPR Material scope*

*1.     This Regulation applies to the processing of personal data wholly
or partly by automated means ?and to the processing other than by automated
means? of personal data which form part of a filing system or are intended
to form part of a filing system.?*

*2.     This Regulation does not apply to the processing of personal data: *

*1.     in the course of an activity which falls outside the scope of Union
law;*

*2.     by the Member States when carrying out activities which fall within
the scope of Chapter 2 of Title V of the TEU
<http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:12012M/TXT>;*

*3.     by a natural person in the course of a purely personal or household
activity;*

*4.     by competent authorities for the purposes of the prevention,
investigation, detection or prosecution of criminal offences or the
execution of criminal penalties, including the safeguarding against and the
prevention of threats to public security.*

*3.     1For the processing of personal data by the Union institutions,
bodies, offices and agencies, Regulation (EC) No 45/2001
<http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32001R0045>
applies. 2Regulation (EC) No 45/2001 and other Union legal acts applicable
to such processing of personal data shall be adapted to the principles and
rules of this Regulation in accordance with Article 98
<https://gdpr-info.eu/art-98-gdpr/>.*

*4.     This Regulation shall be without prejudice to the application of
Directive 2000/31/EC
<http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32000L0031>,
in particular of the liability rules of intermediary service providers in
Articles 12 to 15 of that Directive."*

As I mentioned such refrence, is made  it would  make the reading of  the
Temp Spec.more difficult due to the fact that There are other cross
refernces ,some of which are merely " Directives for EU" and thus are not
to be applied outside EU. It may not be appropriate to make jurisdictions
of other countries subordinate to the Directives of EU.Consequenly, it is
preferable to have plain language to be included in the final draft of
Temp. Spec.

Regards

Kavouss

On Mon, Sep 3, 2018 at 11:21 PM Kavouss Arasteh <kavouss.arasteh at gmail.com>
wrote:

> Suggested Redlines to ensure lawfulness of processing is not limited to
> Article 6.1.f and thus subject to a balancing test.
>
>
>
>
> Section 4.4
>
>
>
> However, such Processing must be in a manner that complies with the GDPR,
> including on the basis of a specific identified purpose for such
> Processing. Accordingly, Personal Data included in Registration Data may be
> Processed on the lawful bases as scoped in GDPR Article 2 or as enumerated
> in GDPR  Article 6.1, and for at least the following legitimate purposes:
>
> Comments from Kavouss
>
> In order to enable the reader to agree with the proposed changes, the
> referred Articles of GPDR should be hyperlinked.However, therte are two
> WAYS:
>
> One WAY would be that the Text of Temp .Specification, which at later date
> become definitive specification should be self contained and self
> sufficient in order to avois D the readers to refer to other sources as
> well as to avoid misinterpretation of several terms and associated
> qulaifiers mentioned in those Articles.
>
> The Second way would be to make the text as concise and short as possible
> but cross reference to othe Articles of GPDR with the risk of unintended
> misiterpretations and lack of definitions of terms and qualifiers used in
> those Articles
>
> Appendix A.4.1
>
>
>
> *4. Access to Non-Public Registration Data *
>
>
>
> 4.1. Registrar and Registry Operator MUST provide reasonable access to
> Personal Data in Registration Data to third parties on the lawful bases as
> scoped in GDPR Article 2 and as enumerated in GDPR Article 6.1.
>
> See above comments
>
>
>
>
> Appendix C.2
>
>
>
> *2. Lawfulness of Processing *
>
>
>
> For Personal Data Processed in connection with the Registration Data
> Directory Services, such Processing will take place on the lawful bases as
> scoped in GDPR Article 2 and as enumerated in GDPR Article 6.1, For other
> Personal Data collected for other purposes, such Personal Data SHALL NOT be
> Processed unless a legal basis specified under Article 6(1) GDPR applies.
>
> See above comments
>
> On Mon, Sep 3, 2018 at 10:10 PM Alex Deacon <alex at colevalleyconsulting.com>
> wrote:
>
>> All,
>>
>> On Thursday I took an action to propose updates that ensures lawfulness
>> of processing is not limited to Article 6.1.f (and thus subject to a
>> balancing test).
>>
>> I've attached a proposed redline for discussion.   You will note it
>> addresses Section 4.4 and Appendix C.2 (per my action) and for completeness
>> I also updated Appendix  A.4.1 for consistency.
>>
>> Regards,
>> Alex
>>
>>
>>
>>
>> --
>> ___________
>> *Alex Deacon*
>> Cole Valley Consulting
>> alex at colevalleyconsulting.com
>> +1.415.488.6009
>>
>> _______________________________________________
>> Gnso-epdp-team mailing list
>> Gnso-epdp-team at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180904/de47ba82/attachment-0001.html>

More information about the Gnso-epdp-team mailing list