[Gnso-epdp-team] 4.4.9 (and 4.4.2)
Alan Greenberg
alan.greenberg at mcgill.ca
Sat Sep 15 21:13:19 UTC 2018
I agree Mark.
Registrars have told us how inventive registrants
have been using the Organization field. Although
it may ultimately be reasonable to use this field
being filled in as a default value for a
Legal/Natural Person field, there is no question
in my mind that we need such a field given the
way privacy regulation/legislation such as GDPR is worded.
Alan
At 15/09/2018 05:04 PM, Mark Svancarek (CELA) wrote:
>I also agree with Laureen.
>
>However, regarding this -
>âThat being said, let it be clear that we are
>not seeking the collection of additional WHOIS data elementsâ
>
>I do note that we have briefly discussed the
>possibility of collecting an âI attest that I
>am a natural person and not a legal personâ
>flag, which would be an additional WhoIs data element.
>Similarly, if we determine that we require
>explicit consent in order to continue using the
>admin or tech fields, that consent would be
>collected at the time that the WhoIs data is
>validated by the registrar, and would also
>constitute additional data element(s).
>
>I have already apologized to Stephanie for
>declaring that âno one is asking for
>additional data elementsâ and then
>subsequently discovering these two potential examples
>
>/marksv
>
>From: Gnso-epdp-team
><gnso-epdp-team-bounces at icann.org> On Behalf Of Alan Greenberg
>Sent: Friday, September 14, 2018 7:56 PM
>To: Kapin, Laureen <LKAPIN at ftc.gov>; Heineman,
>Ashley <AHeineman at ntia.doc.gov>; gnso-epdp-team at icann.org
>Subject: Re: [Gnso-epdp-team] 4.4.9 (and 4.4.2)
>
>Thanks Laureen. Well said. I definitely agree.
>
>Alan
>
>At 13/09/2018 03:24 PM, Kapin, Laureen via Gnso-epdp-team wrote:
>
>
>Dear colleagues:
>
>Following up on Tuesdayâs discussion, I wanted
>to focus on the range of legitimate purposes for
>the ICANN organization. As there continues to
>be confusion and disagreement on the distinction
>between third party interests and ICANN
>purposes, and weâve been asked to weigh on a
>proposed chart that lists legitimate purposes, I
>thought it would be helpful to set out our views
>in more detail. Simply put, ICANNâs Bylaws
>show that ICANNâs legitimate purposes in
>processing gTLD registration data include the following:
>
>· facilitating the resilience, security,
>and/or stability of the DNS (Section 1.1, Mission)
>· preserving and enhancing the
>operational stability, reliability, security,
>global interoperability, resilience, and
>openness of the DNS and the Internet (Section 1.2 (a) Commitments)
>· address issues of competition, consumer
>protection, malicious abuse, sovereignty
>concerns, and rights protection (Section 4.6
>(d), Specific Reviews, Competition, Consumer Trust and Consumer Choice)
>· assess whether registry directory service implementation:
>o meets the legitimate needs of law enforcement
>o promotes consumer trust
>o safeguards registrant data (Section 4.6
>(e), Specific Reviews, Registration Directory Service Review)
>
>As a result, ICANNâs own legitimate purposes
>must include processing registrant data to meet
>ICANNâs mission, mandate, commitments and
>responsibilities set forth in the
>Bylaws. Therefore, while Ashleyâs proposed language for Temp. Spec. 4.4.9 --
>
>Enabling the prevention and detection of
>cybercrime and illegal DNS abuse to promote the
>resilience, security, stability and/or
>reliability of the DNS and the
>Internet. Enabling the prevention of unlawful
>conduct to meet the legitimate needs of law
>enforcement and public authorities promoting
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>
>-- relates to third parties, such as those
>involved in detecting cybercrime, investigating
>DNS abuse and other unlawful conduct, it does
>NOT constitute a third-party purpose. Rather,
>the proposal reflects ICANNâs Bylaw-mandated
>responsibility to (among other tasks) facilitate
>the security and stability of the DNS and the
>Internet which includes processing a defined set
>of RDS information which may under certain
>circumstances, be disclosed to third-parties.
>
>I also note that ICANN commits to duly taking
>into account the public policy advice of
>governments and public authorities (among other
>stakeholders) and that ICANN must act for the
>benefit of the public. (Art. 1.2 (a)
>Commitments). The Bylaw mandated
>responsibilities to protect the security and
>stability of the DNS and the Internet, address
>issues of consumer protection and DNS abuse,
>promote consumer trust, and safeguard registrant
>data go to the heart of the public interest.
>
>Best regards,
>Laureen Kapin
>Counsel for International Consumer Protection
>Office of International Affairs
>Federal Trade Commission
><tel:(202)%20326-3237>(202) 326-3237
><mailto:lkapin at ftc.gov>lkapin at ftc.gov
>
>
>
>
>On: 05 September 2018 16:47,
>"Heineman, Ashley"
><<mailto:AHeineman at ntia.doc.gov>AHeineman at ntia.doc.gov > wrote:
>
>Dear all. Please find below proposed edits to
>4.4.9, which should be considered initial input
>as further discussion is welcomed. Also
>included below are some recommended edits to
>4.4.2, which I realize is being reviewed/modified by someone else.
>
>Regarding 4.4.9, the proposed text is:
>
>Enabling the prevention and detection of
>cybercrime and illegal DNS abuse to promote the
>resilience, security, stability and/or
>reliability of the DNS and the
>Internet. Enabling the prevention of unlawful
>conduct to meet the legitimate needs of law
>enforcement and public authorities promoting
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>
>After a lot of deliberation and thought, we
>decided that this text should remain under
>section 4.4 (not be moved) as this section is a
>list of ICANNâs and the Contracted Partiesâ
>legitimate purposes for processing data and
>accordingly we want a reference to this purpose
>as we believe it influences/touches upon at
>least two stages of their processing (collection and disclosure).
>
>That being said, let it be clear that we are not
>seeking the collection of additional WHOIS data
>elements. However, we do want to ensure that
>the collection of existing WHOIS data fields continue to be maintained.
>
>Further, it is our view that the collection and
>disclosure of information, as it aligns with
>efforts to combat cybercrime and other illegal
>DNS abuse, is fully consistent with ICANN bylaws
>and therefore fits within ICANNâs
>purposes. (see specific bylaw references below).
>
>Lastly, our initial text reflects a concerted
>effort not to conflate ICANNâs purposes with
>that of LEA/government authorities. It is our
>view that the interests and lawful basis of
>third parties (such as LEA/government
>authorities) should be articulated elsewhere as appropriate.
>
>ICANN Bylaws (excerpts)
>Section 1.2. COMMITMENTS AND CORE VALUES
>In performing its Mission, ICANN will act in a
>manner that complies with and reflects ICANNâs
>Commitments and respects ICANNâs Core Values, each as described below.
>
>(a) COMMITMENTS
>***
>(i) Preserve and enhance the administration of
>the DNS and the operational stability,
>reliability, security, global interoperability,
>resilience, and openness of the DNS and the Internet.
>
>Section 4.6. SPECIFIC REVIEWS
>***
> (e) Registration Directory Service Review
>
>(ii) The Board shall cause a periodic review to
>assess the effectiveness of the then current
>gTLD registry directory service and whether its
>implementation meets the legitimate needs of law enforcement,
>promoting consumer trust and safeguarding registrant data.
>
>
>Regarding 4.4.2, we offer the following edits
>for consideration. We believe this provides the
>necessary specificity required under GDPR:
>
>Providing collection and disclosure of accurate,
>reliable, and uniform Registration Data based on
>lawful basis, consistent with GDPR, to ensure
>resilience, security, and/or stability of the
>DNS. In the case of legitimate interest as a
>basis, collection and disclosure must not
>outweigh the fundamental rights of relevant data subjects.
>
>_______________________________________________
>Gnso-epdp-team mailing list
><mailto:Gnso-epdp-team at icann.org>Gnso-epdp-team at icann.org
>https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180915/94115fed/attachment.html>
More information about the Gnso-epdp-team
mailing list