[Gnso-epdp-team] Section 4.4.8
Hadia Abdelsalam Mokhtar EL miniawi
Hadia at tra.gov.eg
Sun Sep 16 14:43:47 UTC 2018
Hi Amr and All,
I don't think that a final agreement was actually reached on moving items 4.4.2, 4.4.8, 4.4.9 and 4.4.10 from under the header “Purposes for Processing gTLD Registration Data”.
The whole confusion in my opinion comes from two considerations the first is our lack of understanding of the interests which lets us sometimes put some interests that are typically ICANN purposes as third party purposes and the second is that when we talk about data processing we mix collection with disclosure.
Recital 47 of the GDPR states that " The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned" Therefore fraud prevention constitutes a legitimate interest, and recital 49 of the GDPR states that the necessary and proportionate processing for network security also constitutes a legitimate interest. So when we speak about the original text of 4.4.8
"Supporting a framework to address issues involving domain name registrations, including but not limited to: consumer protection, investigation of cybercrime, DNS abuse, and intellectual property protection;" First we should not deduce that the text speaks only about the access, in order to have a framework through which access can be provided you should also have the data itself (that is the collection of the data). Second I would argue that the collection of the data for the above purpose is not only a third party's purpose but it is also an ICANN purpose
As for the difference between a framework and a model, a framework is a guide or some principles that make you implement the model, while the model is the tool itself. I would rather see the actual model than just the principles.
From: Amr Elsadr [mailto:aelsadr at protonmail.ch]
Sent: Thursday, September 13, 2018 2:03 PM
Cc: Hadia Abdelsalam Mokhtar EL miniawi; gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] Section 4.4.8
Hi Hadia and Kavouss,
The volunteer team working on 4.4.8 did so with the understanding that sections 4.4.2, 4.4.8, 4.4.9 and 4.4.10 would be moved out from under the header “Purposes for Processing gTLD Registration Data”. This was following Kurt’s email to the EPDP list on 4 September, titled “Project Plan Adjustments and Policy Organization”.
We did consider an earlier suggestion by Mark; to split the processing purposes to two lists, one to achieve the purposes of controllers and one of third-parties. However, we did not pursue this too aggressively. Speaking for myself, I agree that 4.4.8 in both its original and proposed altered forms do not describe purposes for processing (for any party).
I am not sure why a “model” would be preferable to a “framework”, so if you could elaborate on why you believe it to be more specific, I would be grateful. Within NCSG, we have considered both these terms, as well as others such as “Methodology” and “Mechanism”. We haven’t settled on any one, just yet.
As Alex suggested in his original email, this is still a tentative proposal. We like it, or at least prefer it to other alternatives previously suggested, but we’re not exactly married to it just yet. :-)
On Sep 13, 2018, at 12:49 PM, Arasteh <kavouss.arasteh at gmail.com<mailto:kavouss.arasteh at gmail.com>> wrote:
I agree almost with what Hadia said
Sent from my iPhone
On 13 Sep 2018, at 10:45, Hadia Abdelsalam Mokhtar EL miniawi <Hadia at tra.gov.eg<mailto:Hadia at tra.gov.eg>> wrote:
Dear Alex and Amr,
First off thank you for your effort and time on this proposal. But are you saying that among the purposes of the processing of the data is the " identification of third-parties with legitimate interests". This is surely not one of the purposes for the processing of the data therefore a suggest removing it.
So my suggestion would be.
4.4.8 Supporting a Model that provides access to parties with legitimate interests grounded in legal bases to Registration Data relevant to addressing specific issues involving domain name registrations; such as issues related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
I put model as I think it is more specific but I am fine with using the term framework if you see it more appropriate. I also suggest adding "such as issues related to" which would serve to provide examples of third parties with legitimate interest.
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org] On Behalf Of Alex Deacon
Sent: Tuesday, September 11, 2018 10:34 PM
To: gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>
Subject: [Gnso-epdp-team] Section 4.4.8
As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
Cole Valley Consulting
alex at colevalleyconsulting.com<mailto:alex at colevalleyconsulting.com>
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team