[Gnso-epdp-team] Letter from ICANN Business and Intellectual Property Constituencies to Göran Marby

Amr Elsadr aelsadr at icannpolicy.ninja
Thu Sep 20 13:03:06 UTC 2018


I’m not sure that this does indeed impact our work (or at least, I hope it doesn’t). It is IMO, however, reflective of one of the main issues we’ve been experiencing as an EPDP Team, in terms of why our progress to-date has been slow.

The IPC/BC letter requesting ICANN to “…, publish a much-needed temporary unified access solution for security, law enforcement, consumer protection and intellectual property needs…,” at this point in time is consistent with their and others’ apparent position to prematurely bring issues of third-party access into the forefront of our deliberations. The GNSO Council has chartered this EPDP Team to eventually provide recommendations on an access model, but has also made clear that this should not be pursued until a number of gating questions, identified in the Charter, are answered first. The first set of gating questions in the Charter are those under “Part 1: Purposes for Processing Registration Data”.

Furthermore, in its 5 July letter, the EDPB referenced an 11 April letter from the Article 29 WP that clearly stated that declared purposes listed under section 4.4 of the temp spec are lacking in meeting the purpose limitation principle, and that to comply with article 5(1)b of the GDPR, “…, purposes specified by the controller must be detailed enough to determine what kind of processing is and is not included within the specified purpose…,”. This requirement is meant to be met when answering the second set of gating questions under “Part 2: Required Data Processing Activities”, specifically sections b), c) and f).

Still…, we keep getting back to issues of access at every turn, when we can deliberate on these far more constructively once we dispose of the necessary prerequisites first.

The IPC/BC letter states that, as per the 5 July letter from the EDPB, it is clear that a UAM model should be permissible with appropriate safeguards and assurances. However, the EDPB qualified this by saying that these safeguards need to ensure disclosure is proportionate and limited to what is necessary. How are we, or ICANN, meant to make this determination without first finalizing the gating questions mentioned above?

The GDPR does not prohibit third-party access to Registration Data, but requires that specific conditions and safeguards be put in place beforehand, in order to provide legal bases to allow for this. We need to work together to determine what these are. I find it concerning that colleagues on this team are making this more difficult, and that their constituencies are asking ICANN to take action by means that I find to be reckless, and with potential dangerous repercussions on ICANN, its Contracted Parties as well as domain name holders.



> On Sep 18, 2018, at 12:03 PM, Johan Helsingius <julf at julf.com> wrote:
> Hi all,
> I noticed this letter (on "Next Steps for Access to Non-Public WHOIS",
> and I am wondering what impact (if any) it has on our work?
> https://www.icann.org/en/system/files/correspondence/bc-ipc-to-marby-07sep18-en.pdf
> Julf
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20180920/7a65e8f8/attachment.html>

More information about the Gnso-epdp-team mailing list