[Gnso-epdp-team] Discussion of Temporary Specification §§4.1-4.3
kurt at kjpritz.com
Thu Sep 6 06:31:04 UTC 2018
Hello Amr (and everyone):
I am writing in response to your proposal that the team considers Temporary Specification §§4.1-4.3 (with reference to the ICANN Bylaws and mission) prior to our discussion of data elements.
I think understand the reasoning behind your request but still believe we should finish the “purposes” and “data elements” discussion before going into the reach of ICANN’s mission and Bylaws. Let me test out my reasons for this:
With regard to the ICANN mission and Bylaws I believe there is a range of opinions among the stakeholder groups on our team as to the extent that the ICANN mission and Bylaws enable the collection, use and disclosure of personal data,
In the best case, which I view as unlikely, we would develop a consensus opinion on this issue. Thus would be a helpful but not dispositive guide for identifying which data elements are collected and how they are used / disclosed. We’d still have to undertake that.
More likely, I believe there would be a discussion without a consensus result. Even in that case, we would next take up the task of identifying data elements to be collected by registrars and their subsequent processing.
Given that we have existing data collection and processing practices that were adequate pre-GDPR, it seems better to weigh those practices against GDPR and see what remains. Given the discussion at the end of the last meeting, it appears that the currently collected set of data is adequate for the currently identified needs of those seeking personal data disclosure. I can anticipate where there might be differences (we will see) but if an agreement is struck regarding the collection and disclosure od data elements, it seems accommodation on policy statements is more likely.
Taking a slightly different approach to the same point: I think we should be discussing the section 4.4 elements, legitimate reasons for disclosure, and Appendix A against the GDPR and not against the ICANN Bylaws and mission.
I understand that §§4.1 and 4.2 are elements in the Temporary Specification and must be discussed (I am not sticking my head in the ground here - I don’t think), but it is more efficient to discuss these paragraphs later — and especially if we don’t agree on data elements collected and processed.
I think Alan G. was on to something in his earlier email where he said we should focus on what’s needed for our policy. Our goal is to identify (as a matter of policy):
The legitimate purposes for processing registrant data
the set of data to be collected by registrars and
identifying the legitimate reasons (i.e., reasons with a legal basis) for disclosing that data to third parties.
This, of course is an oversimplification but it is where we should focus. (I know others have made these comments before. I think Amr’s inquiry is a good time to restate what some others have said.)
I hope this was clear and helpful to the discussion.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team