[Gnso-epdp-team] Notes and action items from today's EPDP Team Meeting - 11 September 2018
Kavouss Arasteh
kavouss.arasteh at gmail.com
Tue Sep 11 18:21:23 UTC 2018
Dear Thomas,
In discussing D
On Tue, Sep 11, 2018 at 5:45 PM Marika Konings <marika.konings at icann.org>
wrote:
> Dear All,
>
>
> Below, please find notes and action items from today’s EPDP Team Call.
>
>
>
> As a reminder, our next meeting will be *Thursday, **13 September, 13:00
> UTC*.
>
>
>
> Best regards,
>
>
>
> Caitlin, Berry, and Marika
>
>
>
> ===============
>
>
>
> EPDP Team Meeting #12
>
> Tuesday, 11 September 2018
>
> Notes and Action Items
>
>
>
> *High-level Notes/Actions:*
>
>
>
> *Action item #1*: EPDP Team to review slides in relation to the updates
> (especially with regard to scheduling of topics going forward) from the
> EPDP Team Chair and share any comments / questions with the mailing list.
>
>
>
> *Action item #2*: All members, alternates and liaisons to complete the
> GDPR training as soon as possible but no later than 17 September.
>
>
>
> *Action item* *#3*: GDPR session with Becky Burr scheduled for 18
> September. EPDP Team members to submit questions in advance to allow for
> adequate preparation. The session time will be posted as soon as it is
> available.
>
>
>
> *Action item #4*: EPDP Leadership team to submit triage report to GNSO
> Council.
>
>
>
> *Action item #5*: EPDP Team to review outstanding action items - see
> https://community.icann.org/x/NwSNBQ
>
>
>
> *Action item #6: *EPDP Team to review email from Kurt re. Registrar
> purposes (see
> https://mm.icann.org/pipermail/gnso-epdp-team/2018-September/000337.html)
> and provide input by Friday 14 September at 19.00 UTC at the latest.
>
>
>
> *Action item #7*: EPDP Team to review overview of purposes table and
> provide input on whether this provides an accurate picture. Focus should be
> on the purposes for collection and other processing (Registrar, Registry
> and ICANN), but not access (Third party interests) as these will be
> considered in further detail in the context of the standardized access
> discussion. Also consider whether purposes are sufficiently specific? Team
> input to commence now and will finishby 19.00 UTC on Friday 14 September.
> Thomas and Benedict will take that input to create an agenda for the
> Tuesday meeting.
>
>
>
> *Action item #8*: Support team to put overview of purposes table into
> google doc to facilitate input from EPDP Team.
>
>
>
> *Action item #9*: Support team to collate RySG proposal and Margie's
> proposal into one document.
>
>
>
> *Action item #10*: EPDP Team to provide input at the latest by Friday 14
> September 19.00 UTC on Margie's proposal as well as RySG proposal in
> relation to Appendix C in view of wrapping up this discussion during next
> Tuesday's meeting.
>
>
>
> *Questions for ICANN Org from the EPDP Team:*
>
> None
>
>
>
> *All Action items: *
>
>
>
> *Notes & Action items*
>
>
>
> *These high-level notes are designed to help the EPDP Team navigate
> through the content of the call and are not meant as a substitute for the
> transcript and/or recording. The MP3, transcript, and chat are provided
> separately and are posted on the wiki at: *
> *https://community.icann.org/x/2IpHBQ*
> <https://community.icann.org/x/2IpHBQ>*.*
>
>
>
> 1. Roll Call & SOI Updates
>
> - Attendance will be taken from Adobe Connect
> - Please remember to mute your microphones when not speaking, and
> state your name before speaking for transcription purposes.
> - Please remember to review your SOIs on a regular basis and update as
> needed. Updates are required to be shared with the EPDP Team.
>
>
>
> 2. Welcome and Updates from EPDP Team Chair
>
>
>
> *Action item #1*: EPDP Team to review slides in relation to the updates
> from the EPDP Team Chair and share any comments / questions with the
> mailing list.
>
>
>
> *Enhanced working methods*
>
>
>
> - Received many comments about diving into substance and deal with
> administrative matters over email.
> - See proposed enhancements outlined in the slides. It may feel like
> hopping around, but the objective is to create more time for review and
> discussion.
>
>
>
> *Update on status of GDPR training*
>
>
>
> *Action item #2*: All members, alternates and liaisons to complete the
> GDPR training as soon as possible but no later than 17 September.
>
>
>
> *Action item* *#3*: GDPR session with Becky Burr scheduled for 18
> September. EPDP Team members to submit questions in advance to allow for
> adequate preparation.
>
>
>
> *Triage report *
>
> - completed and will be submitted to GNSO Council.
>
>
>
> *Action item #4*: EPDP Leadership team to submit triage report to GNSO
> Council.
>
>
>
> *Action item #5*: EPDP Team to review outstanding action items - see
> https://community.icann.org/x/NwSNBQ
>
>
>
> *Other updates, if applicable*
>
> - EPDP Timeline - note there are 10 meetings remaining to ICANN63.
> Little time remaining to come to agreement on recommendations for Initial
> Report.
> - Any ideas / suggestions on how to expedite progress are welcome.
>
>
>
> 3. Next steps: Section 4, Appendix C
>
> - Work done by Benedict and Thomas - section 4.4 to be subdivided into
> parts:
> - Registrar purposes for processing data
> - Registry purposes for processing data
> - ICANN purposes for processing data
> - Third-party purposes for processing data
> - See also email circulated by Kurt in relation to registrar purposes.
> Idea is to put these into google doc so further input can be provided and
> hopefully can be finalized shortly.
> - Document prepared by Benedict and Thomas: none should be taken as
> carved in stone. Should be able to revisit language in the matrix. Other
> teams are working on some of the sections on this list. Objective is to
> obtain more clarity about the purposes and whose purposes those are - who
> is the group / entity pursuing a certain purpose. Some may need to be
> further clarified and/or regrouped. This should be taken as a first step.
> - EPDP Team encouraged to speak up where they disagree so that those
> issues can be addressed.
> - Is a registrant column needed? Shouldn't registrant at a minimum be
> able to verify independent of their own registrar what information is
> stored about them? The information right is enshrined in the GDPR so that
> is already a legal right. Purposes are for controllers as such, Registered
> Name Holder may not need to be added.
> - Aiming to group certain purposes together.
> - Being able to identify patterns of abusive registrations is a
> technique not a purpose, similar to the supporting a framework for research
> access. Consider removing it.
> - Helpful starting point.
> - Concern about enabling the prevention and detection of cybercrime -
> revised draft language is not an ICANN purpose but a third party one. Could
> open the door to collect additional data which may not be supported by
> ICANN's mission.
> - ICANN purposes broadly define the reasons for collection. Rather
> than to exhaustively try to list third party interests, acknowledge that
> those exists and ask third parties to act as controllers for the data that
> they access / process. In that way, they are legally responsible - probably
> better suited for the access model discussion.
> - Reflecting the rights of a Registered Name Holder - any objection to
> accepting this as a purpose pursued by Registrar, Registry and ICANN
> purpose? Isn't this also a purpose of the registered name holder? Consider
> adding an additional column. To be updated in next iteration. Agreement
> that this is a purpose that is pursued by Registry, Registrar, ICANN as
> well as Registered Name Holder.
> - Providing access to accurate, reliable and uniform Registration Data
> consistent with GDPR - proposed to be parked until the group discusses
> disclosure / access.
> - Need to understand what the definitive purposes / legitimate
> interests are. May need further guidance on the legitimate interests as
> otherwise it will not be possible to get clarity around this.
> - Consider using a more generic term instead of referring directly to
> GDPR.
> - Enabling a reliable mechanism for contacting the Registered Name
> Holder
> - Enabling a reliable mechanism for identifying the Registered Name
> Holder
> - Interests vs purposes - need to clarify what this means. When we
> talk of 'third party interests' (note the plural) that is a generic
> recognition that third parties have an interest in the data
> - Are there situations in which RNH has contacted the Registry, for
> example in the case of cybersecurity, malware situation? LE and security
> researchers may prefer to work with registries in certain circumstances.
> - Consider whether table should be in google doc or word to facilitate
> input and collection of comments. Support team to put table in google doc
> to facilitate input.
>
>
>
> *Action item #6*: EPDP Team to review overview of purposes table and
> provide input on whether this provides an accurate picture. Focus should be
> on the purposes for collection and other processing (Registrar, Registry
> and ICANN), but not access (Third party interests) as these will be
> considered in further detail in the context of the standardized access
> discussion. Also consider whether purposes are specific enough? Input to be
> circulated by 19.00 UTC on Friday 14 September.
>
>
>
> *Action item #7*: Support team to put overview of purposes table into
> google doc to facilitate input from EPDP Team.
>
>
>
> *Appendix C*
>
>
>
> - See email circulated by Margie proposing retention of certain
> aspects of Appendix C. Benefit to the community that certain principles are
> addressed, especially where those specifically apply to WHOIS. For example,
> principles for disclosure. Maintain transparency and accountability in
> relation to certain sections. Need to add on standard terms in relation to
> third party access.
> - Summarizing existing legislation but not using exact references is
> problematic. Similarly, if further updates are made in the future. This
> creates uncertainty and difficulties.
> - Published guidance will be helpful, but this may not need to go into
> the agreements? This guidance could help inform implementation where
> details would be fleshed out.
> - Need additional time to review proposed retention of certain aspects
> - provide further input on the list or either on a future call.
> - Are terms/principles to third parties who access non-public data for
> consideration now or during standardized access model? Are part of Appendix
> C now so should be considered here. Does that mean that access is discussed
> prior to gating questions being answered? How to memorialize that there
> will be third party access without necessarily going into the details and
> run ahead of the standardized access model conversation. Objective here is
> that it confirms that there will be an access process and that contracted
> parties are required to adhere to it. "Requiring" contracting parties to
> adhere to an access model presumes that the model itself complies with the
> law(s).
> - Should chart, in updated form, be retained? Is it helpful to have
> there? Mixed responses. May not be appropriate for inclusion in a contract.
> Could serve as an illustrative document. EPDP Team is tasked to develop a
> policy so its recommendations may not necessarily translate directly into
> contractual requirements, there may be other ways in which implementation
> is carried out.
> - No agreement yet on a framework for access, only agreement for now
> for Rr and Ry to provide access as outlined in temporary specification.
>
>
>
> *Action item #8*: Support team to collate RySG proposal and Margie's
> proposal into one document.
>
>
>
> *Action item #9*: EPDP Team to provide input at the latest by Friday 14
> September 19.00 UTC on Margie's proposal as well as RySG proposal in
> relation to Appendix C in view of wrapping up this discussion during next
> Tuesday's meeting.
>
>
>
> 4. Review data matrix formed from RDS work and Thomas’s chart
>
> High-level overview of chart
>
> Discuss proposed amendments to Chart
>
> Agree on next steps
>
>
>
> - Deferred to next meeting
>
>
>
> 5. Introduction to Appendix A
>
>
>
> - Deferred to next meeting
>
>
>
> 6. Confirm action items and questions for ICANN Org, if any
>
>
>
> 7. Wrap and confirm next meeting to be scheduled for Thursday 13 September
> at 13.00 UTC.
>
>
>
> *Marika Konings*
>
> *Vice President, Policy Development Support – GNSO, Internet Corporation
> for Assigned Names and Numbers (ICANN) *
>
> *Email: marika.konings at icann.org <marika.konings at icann.org> *
>
>
>
> *Follow the GNSO via Twitter @ICANN_GNSO*
>
> *Find out more about the GNSO by taking our interactive courses
> <http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages
> <http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-efforts.htm#newcomers>. *
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180911/ad301ec1/attachment-0001.html>
More information about the Gnso-epdp-team
mailing list