[Gnso-epdp-team] 4.4.9 (and 4.4.2)

Alan Greenberg alan.greenberg at mcgill.ca
Thu Sep 6 03:41:28 UTC 2018

Thanks Ashley, I strongly support your edits and explicitly support 
keeping a reference to these issues in 4.4. GDPR Article 6.1(f) 
explicitly allows reference to the needs of third parties and this 
certainly qualifies.

To the extent necessary, I believe that we need to put language 
somewhere that explains why this is driven by our Bylaw requirement 
to provide a stable and resilient DNS which I believe has to map to a 
trusted DNS.


At 05/09/2018 04:46 PM, Heineman, Ashley wrote:

>Dear all.  Please find below proposed edits to 4.4.9, which should 
>be considered initial input as further discussion is welcomed.  Also 
>included below are some recommended edits to 4.4.2, which I realize 
>is being reviewed/modified by someone else.
>Regarding 4.4.9, the proposed text is:
>Enabling the prevention and detection of cybercrime and illegal DNS 
>abuse to promote the resilience, security, stability and/or 
>reliability of the DNS and the Internet.  Enabling the prevention of 
>unlawful conduct to meet the legitimate needs of law enforcement and 
>public authorities promoting consumer trust in the DNS and the 
>Internet and safeguarding registrant data.
>After a lot of deliberation and thought, we decided that this text 
>should remain under section 4.4 (not be moved) as this section is a 
>list of ICANN's and the Contracted Parties' legitimate purposes for 
>processing data and accordingly we want a reference to this purpose 
>as we believe it influences/touches upon at least two stages of 
>their processing (collection and disclosure).
>That being said, let it be clear that we are not seeking the 
>collection of additional WHOIS data elements.  However, we do want 
>to ensure that the collection of existing WHOIS data fields continue 
>to be maintained.
>Further, it is our view that the collection and disclosure of 
>information, as it aligns with efforts to combat cybercrime and 
>other illegal DNS abuse, is fully consistent with ICANN bylaws and 
>therefore fits within ICANN's purposes.  (see specific bylaw references below).
>Lastly, our initial text reflects a concerted effort not to conflate 
>ICANN's purposes with that of LEA/government authorities.  It is our 
>view that the interests and lawful basis of third parties (such as 
>LEA/government authorities) should be articulated elsewhere as appropriate.
>ICANN Bylaws (excerpts)
>In performing its Mission, ICANN will act in a manner that complies 
>with and reflects ICANN's Commitments and respects ICANN's Core 
>Values, each as described below.
>(i) Preserve and enhance the administration of the DNS and the 
>operational stability, reliability, security, global 
>interoperability, resilience, and openness of the DNS and the Internet.
>      (e) Registration Directory Service Review
>(ii) The Board shall cause a periodic review to assess the 
>effectiveness of the then current gTLD registry directory service 
>and whether its implementation meets the legitimate needs of law enforcement,
>promoting consumer trust and safeguarding registrant data.
>Regarding 4.4.2, we offer the following edits for consideration.  We 
>believe this provides the necessary specificity required under GDPR:
>Providing collection and disclosure of accurate, reliable, and 
>uniform Registration Data based on lawful basis, consistent with 
>GDPR, to ensure resilience, security, and/or stability of the 
>DNS.  In the case of legitimate interest as a basis, collection and 
>disclosure must not outweigh the fundamental rights of relevant data subjects.
>Gnso-epdp-team mailing list
>Gnso-epdp-team at icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180905/bff75ad0/attachment-0001.html>

More information about the Gnso-epdp-team mailing list