[Gnso-epdp-team] Proposed Course of Action on 4.4.2

Amr Elsadr aelsadr at icannpolicy.ninja
Wed Sep 5 22:14:44 UTC 2018


Following up on the action item from Thursday 30 August on a proposed rewrite of section 4.4.2 of the Temp Spec, which in its current form goes as follows:

4.4.2Providing access to accurate, reliable, and uniform Registration Data based on legitimate interests not outweighed by the fundamental rights of relevant data subjects, consistent with GDPR

My proposed course of action on section 4.4.2 is to delete it altogether. My rationale is as follows:

1. Reading through Kurt’s email titled "Project Plan Adjustments and Policy Organization”, sent on 4 September, I found myself in agreement that sections 4.4.2, 4.4.8, 4.4.9 and 4.4.10 are better placed under a different heading than “Lawfulness and Purposes of Processing gTLD Registration Data”. These 4 sections are not really purposes, and would likely be better placed under a different heading altogether, so I proceeded with that in mind.

2. Feedback submitted by different groups in response to the survey on this section indicated a view that it was too vague, to broad, and not sufficiently specific to serve as a purpose for lawful processing of gTLD Registration Data. Subsequent discussions supported this, both of which I presume contributed to the rationale of moving 4.4.2 out from under the Section 4 header.

3. If 4.4.2 does not actually serve to clarify a lawful purpose for processing gTLD Registration Data, it made sense to me to attempt to identify what purpose it does serve:

- 4.4.2 is a statement that creates an obligation to provide access to gTLD Registration Data
- 4.4.2 describes conditions that need to be fulfilled before access to gTLD Registration Data may be provided; that they be “based on legitimate interests not outweighed by the fundamental rights of relevant data subjects, consistent with GDPR”
- 4.4.2 describes obligatory characteristics of the gTLD Registration Data to which access shall be provided; that the data will be “accurate, reliable, and uniform”

4.4.2, to me, appears to serve as a guiding principle under which access may be provided to certain third-parties, which will need to be deliberated upon. 4.4.8, 4.4.9 and 4.4.10 may indeed serve the same purpose. However, these principles describe already existing requirements. The need to process (including disclose to third-parties) gTLD Registration Data based on legitimate interests not overridden by the fundamental rights and freedoms on the data subject, and in compliance with GDPR already exists in the section 4 heading. My understanding is that Thomas and Kurt will be proposing modifications/improvements to this header as well.

Furthermore, it seems to me that the characteristics of gTLD Registration Data being being accurate, reliable and uniform are already existing requirements that are better detailed in the 2013 RAA’s WHOIS Accuracy Program Specification, and the Consensus Policy of “thick” WHOIS under consistent labelling and display.

My conclusion is that not only is 4.4.2 unhelpful and vaguely drafted, but is also very redundant. If there are reasons why other EPDP Team members believe it should be retained, and what modifications might make this provision more useful, I’m happy to discuss.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180905/dae322f4/attachment-0001.html>

More information about the Gnso-epdp-team mailing list