[Gnso-epdp-team] Notes and action items from today's EPDP Team Meeting - 4 September 2018

Marika Konings marika.konings at icann.org
Tue Sep 4 15:37:24 UTC 2018


Dear All,

Below, please find notes and action items from today’s EPDP Team Call.

As a reminder, our next meeting will be Thursday, 6 September, 13:00 UTC.

Best regards,

Caitlin, Berry, and Marika

===============

EPDP Team Meeting #10

Tuesday, 4 September 2018

Notes and Action Items


High-level Notes/Actions:



Action item #1: EPDP Team to review the latest version of the triage report as circulated by Kurt to the mailing list and provide input before Thursday 6 September with the goal to send the report the following day.


Action item #2: Leadership team to circulate guidelines for members to be able to apply for travel support for ICANN63 shortly after this meeting.


Action item #3: Registrar team to circulate proposed modifications for § § 4.4.1; 4.4.3-4.4.7; 4.4.11-4.4.13 Registrar/Registry/ICANN Processing data to the mailing list by the end of today


Action item #4: Alex and Thomas to collaborate on redrafting §4.4 (introductory paragraph), Appendix A.4. and Appendix C2.


Action item #5: Proposed revisions for § §4.4.2, 4.4.8, 4.4.9 due by Wednesday 5 September at 22.00 UTC


Action item #6: Thomas provide an illustrative joint controller agreement so that the team can differentiate between the operational elements and the policy-related elements.


Action item #7: Margie to review appendix C and indicate what aspects may need a specific mention in the policy recommendations regarding disclosure of data to third parties. .


Action item #8: Kurt to confer with Thomas to prepare the discussion for Thursday’s meeting on data elements - anyone else interested in this prep conversation to reach out to Kurt.


Action item #9: The group to comment on Kurt’s email with proposals for relocating § §4.4.2, 4.4.8, 4.4.9 to a different section of the Temporary Specification.


Questions for ICANN Org from the EPDP Team:

None



Notes & Action items


These high-level notes are designed to help the EPDP Team navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/2IpHBQ.


1. Roll Call & SOI Updates


  *   Attendance will be taken from Adobe Connect
  *   Remember to mute your microphones when not speaking and state your name before speaking for transcription purposes.
  *   Please remember to review your SOIs on a regular basis and update as needed. Updates are required to be shared with the EPDP Team.


2. Welcome and Updates from EPDP Team Chair


  *   Update on status of triage report and expected next steps
  *   See email circulated by Kurt


Action item #1: EPDP Team to review the latest version of the triage report as circulated by Kurt to the mailing list and provide input before Friday 7 September.


  *   Update on status of early input received and proposed approach for considering early input
  *   Early input received from ALAC, BC, NCSG and SSAC
  *   Input largely in line with input received in response to triage surveys
  *   Support team to integrate input into related DSIs
  *   RySG and IPC input is forthcoming
  *   Other updates, if applicable
  *   Guidelines for applications for support to attend BCN meeting will be circulated shortly after the meeting. Support should be as a last resort.


Action item #2: Leadership team to circulate guidelines for members to be able to apply for travel support for ICANN63 shortly after this meeting.


3. Proposed modifications to section 4.4 - Registrar / Registry / ICANN processing of data a) Review proposed modifications put forward by the Registrar Team b) Consider input from EPDP Team members on proposed modifications) Agree on next steps

  *   Registrars are working on the proposed modifications. Apologies for the delay.


Action item #3: Registrar team to circulate proposed modifications for 4.4. Registrar/Registry/ICANN Processing data to the mailing list by the end of today


  *   4. Proposed modifications to section 4.4 – introductory par agrapha) Review proposed modification put forward by Alex Deacon b) Consider input from EPDP Team members on proposed modifications c) Agree on next steps
  *   See edits put forward by Alex Deacon for section 4.4., appendix A.4.1., Appendix C.2 - broaden the purpose for processing.
  *   Cross-referencing may be problematic - terms that could be ambiguous or referring to other directives. Should specific language be called out instead? Future policy needs to be future proof and be able to accommodate potential modifications. May make more sense to define what is being referred to instead of referring to GDPR. Several pointed out that specific references to GDPR may be problematic. GDPR should be viewed as the lowest common denominator -  as such the baseline, but need to describe it in a more general manner (and test it against GDPR) so it is also broadly applicable.
  *   The addition of "at least" to the preamble paragraph may not be GDPR compliant?
  *   Why is there a reference to Art. 2?  Is it being suggested that the contracted parties must check in every instance whether the data sets concerned fall under GDPR? That is easy for EU-based contracted parties, not so much for non-EU contracted parties. Reference to article 2 was to point out the boundaries of GDPR, where it applies and where it doesn't. Leaving this reference in would mean that contracted parties can no longer consider their client base on a global basis, would be problematic.
  *   Concerns about proposed deletion of reference of fundamental rights and freedoms.
  *   Should other legal basis be referenced as well?
  *   Need parking lot for issues that require much further discussion and deliberation such as how different laws have dealt with processing on a legal basis.
  *   Would it be sufficient to just state that the requirements need to be GDPR compliant?
  *   Consider first what data can be legitimately collected by registrars and passed on to registries, only then should disclosure be discussed. Need to prioritize the sequence.
  *   The way it is currently written in the Temporary Specification needs to be fixed whether it is now or at a later stage.
  *   Lack of clarity may be related to earlier sections such as 4.1 and 4.2 - maybe once that gets addressed it would also fix the other parts?


Action item #4: Alex and Thomas to collaborate on redrafting 4.4 (introductory paragraph and Appendix C2.

Action item #5: Kurt to provide guidance on how to deal with 4.2. and 4.3.


5. Status update on modifications to section 4 – Third Party Legitimate Interests revised language for §4.4.2 (Amr Elsadr) revised language for §4.4.8 (Alex Deacon & Amr Elsadr)revised language for §4.4.9 (Ashley Heineman)

  *   See Kurt's email
  *   Previously agreed to move third party legitimate interests into a separate section or appendix
  *   4.4.2 looks more like a high-level principle, may not fit here.
  *   4.4.8 is being worked on.
  *   4.4.9 is also being worked on. Need to consider lawfulness. Not expected to require additional data elements beyond what is collected, it is just about access to data already collected.
  *   No one is currently proposing the collection of additional data elements beyond what is already required to be collected.
  *   How to deal with technical contact? Not a necessity for ICANN contract but it is data that may be necessary for third party legitimate interests. Could this be made optionally available?
  *   Proposed revisions due by Wednesday 5 September at 22.00 UTC


Action item #6: proposed revisions for 4.4.2, 4.4.8, 4.4.9 due by Wednesday 5 September at 22.00 UTC


6. Proposed modifications to Appendix Ca) Review draft recommendation to ICANN that the subject matter be taken out from consideration by this group and folded into current CPH-ICANN negotiations regarding registration data elements of the RAA and RA. (Alan Woods) b) Review proposed amendments to Appendix C, section 2, Lawfulness of Processing, that includes all GDPR mechanisms that allow processing of data (Alex Deacon)c) Agree on next steps

  *   See recommendation put forward by Alan to the mailing list.
  *   Recommendations are twofold:
  *   Removal of Appendix C
  *   EPDP recommendation that ICANN must engage with the Contracted Parties to put in place the legally required instruments (such as Art 26 or 28, as appropriate) without further delay that would enshrine the GDPR concepts found in Appendix C.
  *   2A) the EPDP should also further recommend that such a review of contracts (for the purposes of data processing arrangements), must extend to those other service providers, which are equally essential to the DNS ecosystem, including, but not necessarily limited to EBERO providers, Data Escrow agents and the RPM agents.
  *   Just because it goes into policy recommendations doesn't mean it cannot be part of contract negotiations. Basic principles may need to be called out here so these serve as input to any subsequent negotiations. Should this group specify the core contents. How data is handled is part of Appendix C also in the context of third party disclosures - should set a standard for what goes into the contract. Need to review what principles in Appendix C should be retained.
  *   What is for this group to do and what isn't? A data processing agreement needs to be done in writing. Need to put in a request in the report that ICANN should enter into agreement with EBERO and Escrow agents, but not necessarily for this group to write these agreements. Idem for the data controller agreements. Consider making that the recommendation but remove appendix C.
  *   Consider putting in language which states that DPAs should be entered into as needed, but Appendix C does the needed job of laying out the bases and roles.
  *   EPDP Team will need to determine who is controller, what are the purposes, etc, but appendix C does not add anything in that regard. Elements that will shape the agreements will be part of the policy recommendations and teased out in the other sections, not Appendix C.
  *   Consider moving this to a parking lot item.


Action item #6: Thomas to illustrate for the group what needs to go into a joint controller agreement

Action item #7: Margie to review appendix C and indicate what aspects may need a specific mention in the policy recommendations.


7. (Tentative) Data matrix formed from RDS work and Thomas’s chart

  *   Deferred to Thursday's meeting


Action item #8: Kurt to confer with Thomas to prepare data elements discussion - anyone else interested in this prep conversation to reach out to Kurt.


8. (Tentative) Introduction to Appendix A

  *   Deferred to the next meeting


9. Confirm action items and questions for ICANN Org, if any


10. Wrap and confirm next meeting to be scheduled for Thursday 6 September at 13.00 UTC.

Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>

Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-efforts.htm#newcomers>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180904/8edf3905/attachment-0001.html>


More information about the Gnso-epdp-team mailing list