[Gnso-epdp-team] questions/answers from ICANN org

Wed Sep 12 22:18:28 UTC 2018

Dear All,

Below, please find questions and answers from recent EPDP questions to ICANN org. Please note the questions and answers can be also be found on the wiki page here: https://community.icann.org/display/EOTSFGRD/Input+from+ICANN+Org.

Kind regards,

Marika, Berry and Caitlin

QUESTION: Language in the preamble of Appendix C is similar but different from the GDPR.  What was the thinking in writing it this way?

RESPONSE: The text in the preamble of Appendix C is simply an overview of the processing requirements that follows. The preamble does reference the GDPR, and it states that generally “terms with initial capital letters have the meaning given under the GDPR.” But we would need more clarity around what specific language in the preamble is seen to be similar to what specific language in the GDPR to be able to comment further on this question.

QUESTION: Why did ICANN include the term content in 4.4.5?

RESPONSE: To be clear, ICANN does not regulate content.

Section 4.4 lists purposes for processing personal data in registration data*. The processing activities in this section are not limited to ICANN's, they include the processing activities by Registrars and Registries and other third-parties. Section 4.4.5 says one of those purposes is “Enabling a mechanism for the communication or notification to the Registered Name Holder of technical issues and/or errors with a Registered Name or any content or resources associated with such a Registered Name.” For example, a law enforcement agent investigating potentially illegal content might use the registration data to identify and contact the registered name holder as part of the investigation. As a point of reference regarding processing by third parties, on 25 May 2018 the EDPB endorsed a statement of the WP29, which stated that the “WP29 expects ICANN to develop and implement a WHOIS model which will enable legitimate uses by relevant stakeholders, such as law enforcement, of personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those data.” <https://www.icann.org/en/system/files/files/statement-edpb-whois-27may18-en.pdf>  

(*Note that Registration Data is defined in the Temporary Specification as “data collected from a natural and legal person in connection with a domain name registration.” This is broader than just data displayed in RDDS and includes all data collected in connection with the domain name registration.)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180912/a851b8b4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4621 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180912/a851b8b4/smime.p7s>