[Gnso-epdp-team] 4.4.9 (and 4.4.2)

Alan Greenberg alan.greenberg at mcgill.ca
Sat Sep 15 21:13:19 UTC 2018

I agree Mark.

Registrars have told us how inventive registrants 
have been using the Organization field. Although 
it may ultimately be reasonable to use this field 
being filled in as a default value for a 
Legal/Natural Person field, there is no question 
in my mind that we need such a field given the 
way privacy regulation/legislation such as GDPR is worded.


At 15/09/2018 05:04 PM, Mark Svancarek (CELA) wrote:
>I also agree with Laureen.
>However, regarding this -
>“That being said, let it be clear that we are 
>not seeking the collection of additional WHOIS data elements”
>I do note that we have briefly discussed the 
>possibility of collecting an “I attest that I 
>am a natural person and not a legal person” 
>flag, which would be an additional WhoIs data element.
>Similarly, if we determine that we require 
>explicit consent in order to continue using the 
>admin or tech fields, that consent would be 
>collected at the time that the WhoIs data is 
>validated by the registrar, and would also 
>constitute additional data element(s).
>I have already apologized to Stephanie for 
>declaring that “no one is asking for 
>additional data elements” and then 
>subsequently discovering these two potential examples
>From: Gnso-epdp-team 
><gnso-epdp-team-bounces at icann.org> On Behalf Of Alan Greenberg
>Sent: Friday, September 14, 2018 7:56 PM
>To: Kapin, Laureen <LKAPIN at ftc.gov>; Heineman, 
>Ashley <AHeineman at ntia.doc.gov>; gnso-epdp-team at icann.org
>Subject: Re: [Gnso-epdp-team] 4.4.9 (and 4.4.2)
>Thanks Laureen. Well said. I definitely agree.
>At 13/09/2018 03:24 PM, Kapin, Laureen via Gnso-epdp-team wrote:
>Dear colleagues:
>Following up on Tuesday’s discussion, I wanted 
>to focus on the range of legitimate purposes for 
>the ICANN organization.  As there continues to 
>be confusion and disagreement on the distinction 
>between third party interests and ICANN 
>purposes, and we’ve been asked to weigh on a 
>proposed chart that lists legitimate purposes, I 
>thought it would be helpful to set out our views 
>in more detail.  Simply put, ICANN’s Bylaws 
>show that ICANN’s legitimate purposes in 
>processing gTLD registration data include the following:
>·       facilitating the resilience, security, 
>and/or stability of the DNS (Section 1.1, Mission)
>·       preserving and enhancing the 
>operational stability, reliability, security, 
>global interoperability, resilience, and 
>openness of the DNS and the Internet (Section 1.2 (a) Commitments)
>·       address issues of competition, consumer 
>protection, malicious abuse, sovereignty 
>concerns, and rights protection (Section 4.6 
>(d), Specific Reviews, Competition, Consumer Trust and Consumer Choice)
>·       assess whether registry directory service implementation:
>o   meets the legitimate needs of law enforcement
>o   promotes consumer trust
>o   safeguards registrant data  (Section 4.6 
>(e), Specific Reviews, Registration Directory Service Review)
>As a result, ICANN’s own legitimate purposes 
>must include processing registrant data to meet 
>ICANN’s mission, mandate, commitments and 
>responsibilities set forth in the 
>Bylaws.  Therefore, while Ashley’s proposed language for Temp. Spec. 4.4.9 --
>Enabling the prevention and detection of 
>cybercrime and illegal DNS abuse to promote the 
>resilience, security, stability and/or 
>reliability of the DNS and the 
>Internet.  Enabling the prevention of unlawful 
>conduct to meet the legitimate needs of law 
>enforcement and public authorities promoting 
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>-- relates to third parties, such as those 
>involved in detecting cybercrime, investigating 
>DNS abuse and other unlawful conduct, it does 
>NOT constitute a third-party purpose.  Rather, 
>the proposal reflects ICANN’s Bylaw-mandated 
>responsibility to (among other tasks) facilitate 
>the security and stability of the DNS and the 
>Internet which includes processing a defined set 
>of RDS information which may under certain 
>circumstances, be disclosed to third-parties.
>I also note that ICANN commits to duly taking 
>into account the public policy advice of 
>governments and public authorities (among other 
>stakeholders) and that ICANN must act for the 
>benefit of the public. (Art. 1.2 (a) 
>Commitments).  The Bylaw mandated 
>responsibilities to protect the security and 
>stability of the DNS and the Internet, address 
>issues of consumer protection and DNS abuse, 
>promote consumer trust, and safeguard registrant 
>data go to the heart of the public interest.
>Best regards,
>Laureen Kapin
>Counsel for International Consumer Protection
>Office of International Affairs
>Federal Trade Commission
><tel:(202)%20326-3237>(202) 326-3237
><mailto:lkapin at ftc.gov>lkapin at ftc.gov
>On: 05 September 2018 16:47,
>"Heineman, Ashley" 
><<mailto:AHeineman at ntia.doc.gov>AHeineman at ntia.doc.gov > wrote:
>Dear all.  Please find below proposed edits to 
>4.4.9, which should be considered initial input 
>as further discussion is welcomed.  Also 
>included below are some recommended edits to 
>4.4.2, which I realize is being reviewed/modified by someone else.
>Regarding 4.4.9, the proposed text is:
>Enabling the prevention and detection of 
>cybercrime and illegal DNS abuse to promote the 
>resilience, security, stability and/or 
>reliability of the DNS and the 
>Internet.  Enabling the prevention of unlawful 
>conduct to meet the legitimate needs of law 
>enforcement and public authorities promoting 
>consumer trust in the DNS and the Internet and safeguarding registrant data.
>After a lot of deliberation and thought, we 
>decided that this text should remain under 
>section 4.4 (not be moved) as this section is a 
>list of ICANN’s and the Contracted Parties’ 
>legitimate purposes for processing data and 
>accordingly we want a reference to this purpose 
>as we believe it influences/touches upon at 
>least two stages of their processing (collection and disclosure).
>That being said, let it be clear that we are not 
>seeking the collection of additional WHOIS data 
>elements.  However, we do want to ensure that 
>the collection of existing WHOIS data fields continue to be maintained.
>Further, it is our view that the collection and 
>disclosure of information, as it aligns with 
>efforts to combat cybercrime and other illegal 
>DNS abuse, is fully consistent with ICANN bylaws 
>and therefore fits within ICANN’s 
>purposes.  (see specific bylaw references below).
>Lastly, our initial text reflects a concerted 
>effort not to conflate ICANN’s purposes with 
>that of LEA/government authorities.  It is our 
>view that the interests and lawful basis of 
>third parties (such as LEA/government 
>authorities) should be articulated elsewhere as appropriate.
>ICANN Bylaws (excerpts)
>In performing its Mission, ICANN will act in a 
>manner that complies with and reflects ICANN’s 
>Commitments and respects ICANN’s Core Values, each as described below.
>(i) Preserve and enhance the administration of 
>the DNS and the operational stability, 
>reliability, security, global interoperability, 
>resilience, and openness of the DNS and the Internet.
>      (e) Registration Directory Service Review
>(ii) The Board shall cause a periodic review to 
>assess the effectiveness of the then current 
>gTLD registry directory service and whether its 
>implementation meets the legitimate needs of law enforcement,
>promoting consumer trust and safeguarding registrant data.
>Regarding 4.4.2, we offer the following edits 
>for consideration.  We believe this provides the 
>necessary specificity required under GDPR:
>Providing collection and disclosure of accurate, 
>reliable, and uniform Registration Data based on 
>lawful basis, consistent with GDPR, to ensure 
>resilience, security, and/or stability of the 
>DNS.  In the case of legitimate interest as a 
>basis, collection and disclosure must not 
>outweigh the fundamental rights of relevant data subjects.
>Gnso-epdp-team mailing list
><mailto:Gnso-epdp-team at icann.org>Gnso-epdp-team at icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180915/94115fed/attachment.html>

More information about the Gnso-epdp-team mailing list