[Gnso-epdp-team] FW: Reminder - input on mind map and questions coming out of ICANN64 meeting

Georgios.TSELENTIS at ec.europa.eu Georgios.TSELENTIS at ec.europa.eu
Mon Apr 8 00:05:07 UTC 2019

Dear EPDP colleagues,

Apologies for the lateness of our response.  The GAC supports what Alex from the IPC articulated in his email from March 29.  We would like to further propose that Work Stream 1 (Standardized Access) be given priority.  Also, the GAC suggests that the EPDP immediately identify the scope of Work Stream 1 and develop a work plan for completing work no later than 12 months from the appointment of the new EPDP Chair.  It should also be the expectation that considerable and demonstrable progress be made by ICANN 66 in Montreal.  Such an approach and timeframe would meet the community feedback from Kobe asking for Phase 2 of the EPDP to move forward quickly given the importance of the issues involved.

Further, we felt it worth noting GAC advice from Kobe specific to this effort:

WHOIS and Data Protection Legislation

a.      The GAC advises the Board to:

i.      Take necessary steps to ensure that the GNSO EPDP on the Temporary Specification for gTLD Registration Data institutes concrete milestones, progress reports and an expeditious timeline, similar to Phase 1, for concluding Phase 2 activities;
ii.       Take necessary steps to ensure that the scope of phase 2 activities is clearly defined with a view to expeditious conclusion and implementation;
iii.      Make available the necessary resources for Phase 2 to expeditiously advance on the complex legal issues deferred from Phase 1;
iv.      Consider instituting additional parallel work efforts on technical implementations, such as that carried out by the Technical Study Group, for purposes of informing and complementing the EPDP’s Phase 2 activities;
v.       Facilitate swift implementation of the new Registration Directory Services policies as they are developed and agreed, including by sending distinct parts to implementation as and when they are agreed, such as the questions deferred from Phase 1;
vi.      Consider re-starting implementation processes for relevant existing policies, such as the Privacy Proxy Services Accreditation Issues Policy.


The GAC has consistently advised on the necessity of finding a swift solution to ensuring timely access to non-public registration data for legitimate third party purposes that complies with the requirements of the GDPR and other data protection and privacy laws, in view of the significant negative impact of the changes in WHOIS accessibility on users with legitimate purposes. The GAC

has previously noted that such legitimate purposes include civil, administrative and criminal law enforcement, cybersecurity, consumer protection and IP rights protection.

The GAC also notes that the European Data Protection Board, in its guidance, has expressly encouraged ICANN and the community to develop a comprehensive model covering the entirety of the data processing cycle, from collection to access. As already highlighted in the GAC’s Puerto Rico Communiqué, the GDPR provides for mechanisms to balance the various legitimate public and private interests at stake, including privacy and accountability. We note that the legitimate interests reflected in ICANN’s Bylaws are consistent with the recitals to the GDPR, which provide examples such as “preventing fraud”; “ensuring network and information security,” including the ability to resist “unlawful or malicious actions” and reporting possible “criminal acts or threats to public security” to authorities (see GDPR Recitals 47, 49 and 50).

The GAC will closely monitor and assess the progress reports prepared by the GNSO EPDP, and reserves the possibility of providing further guidance if the pace of progress so requires.

The GAC notes that the time and resources necessary to complete Phase 2 are considerable and require focused scoping of the activity to ensure the expeditious conclusion of the activity. The GAC would therefore encourage a judicious definition of the scope of the Phase 2 efforts, giving consideration to elements that could be provided by Community efforts in parallel and may not need to be included in the scope, such as accreditation models.

The GAC received a briefing on the work of the Technical Study Group. The GAC considers that the development of options for technical implementation demonstrates how a future system for RDS access could be implemented, also with a view to data security and privacy considerations. The Phase 2 considerations could benefit from further exploration of technical implementation options. In addition, engaging in such considerations in parallel can help ensure that policies - once agreed - are swiftly put into practice.

Kind regards,
Georgios Tselentis

[cid:image001.gif at 01D40705.22489500]
European Commission
Directorate-General for Communication Networks, Content and Technology
E3: Next-Generation Internet
BU31 05/70
B-1049 Brussels/Belgium
Office: +32 229 99923 Mobile: +32 498 999923

From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>> on behalf of Alex Deacon <alex at colevalleyconsulting.com<mailto:alex at colevalleyconsulting.com>>
Sent: Friday, March 29, 2019 1:39 AM
To: Marika Konings
Cc: gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>
Subject: Re: [Gnso-epdp-team] Reminder - input on mind map and questions coming out of ICANN64 meeting

Thanks Marika,

Here are the IPCs thoughts on your questions and how to best proceed with the Phase 2 work.


We believe the Phase 2 work should occur in two separate and concurrent work streams.

·  Work Stream 1 will focus on issues and questions related to the system for standardized access to non-public registration data, as defined in the EPDP charter and the overlapping EPDP Team Recommendation #3.

·  Work Stream 2 will focus on completing Phase 1 issues.

We also believe that the "legal small team" should continue to meet concurrent with the two work streams described above, with the focus of drafting questions to our legal resource specific to our phase 2 work and analyzing responses received (both existing and TBD).

Additional thoughts

·  Each work stream should set and work forward on its own schedule and work plan.  In fact we suggest that a separate report should be generated for each work stream.

·  Each work stream should schedule its own separate weekly 90min meeting.   Access to these meetings is open to all EPDP members (and alternates per the charter).

·  In a lesson learned from phase 1, consensus calls should happen early and often.


Legal Small Group Priorities

·  We suggest the first priority for this team is to answer the controllership and legal basis question for a system for Standardized for Standardized Access to Non-Public Registration Data, assuming a technical framework consistent with the TSG, and in a way that sufficiently addresses issues related to liability and risk mitigation with the goal of decreasing liability risks to Contracted Parties through the adoption of a system for Standardized Access.

Work Stream One Priorities

·  Answer the gating question in Rec #3 - "Whether such a system should be adopted"

·  Identify the various legitimate purposes for third parties to access registration data

·  Move on to answering the charter questions on Access (a), (b) and (c) in the order listed.  (We note that several of these questions have been answered in Phase 1 and also by the TSG work.)

Work Stream Two Priorities

·  Issues related to Legal vs Natural distinction as identified in Rec #17

·  Potential additional purposes to facilitate ICANN's Office of the Chief Technology Officer as identified in Rec #2

·  Retention period issues and data collection as identified in Rec #15

·  The rest.  We note that several issues in this work stream are dependent on legal advice (see below).


Any large project with parallel work streams is subject to dependencies, however we believe it is important that the EPDP team avoid serializing its work and steer clear of (while still  recognizing) potential deadlocks in the process.

Specifically, we appreciate the important legal issues related to controllership, risk and liability and agree that these questions must be addressed in a way that results in a win-win situation whereby risks are diminished for contracted parties and authenticated/accredited users have reliable access to requests for non-public registration data.  As above, we believe that this important discussion happen in parallel with the work outlined in the work streams.
Alex Deacon
Cole Valley Consulting
alex at colevalleyconsulting.com<mailto:alex at colevalleyconsulting.com>

On Tue, Mar 19, 2019 at 12:50 PM Marika Konings <marika.konings at icann.org<mailto:marika.konings at icann.org>> wrote:

Dear EPDP Team,

As a reminder, please share any input you may have on the phase 2 mind map (see attached) by Thursday 28 March. In addition, your input is requested on the following questions:

·  How should the team prioritize going forward?
·  What next steps should be taken in relations to the dependencies identified?
·  What should be the next steps in relation to the legal guidance to date?
·  What is the target date for publication of the Initial Report that the EPDP Team is aiming to work toward?

Please share any feedback you may have with the mailing list.

Best regards,

Caitlin, Berry and Marika

Marika Konings

Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)

Email: marika.konings at icann.org<mailto:marika.konings at icann.org>

Follow the GNSO via Twitter @ICANN_GNSO

Find out more about the GNSO by taking our interactive courses<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__learn.icann.org_courses_gnso%26d%3DDwMGaQ%26c%3DFmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM%26r%3D7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM%26m%3D5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q%26s%3DCg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ%26e%3D&data=02%7C01%7CAHeineman%40ntia.gov%7C5081de1cb83042d4b8f608d6b4090a69%7Cd6cff1bd67dd4ce8945dd07dc775672f%7C0%7C0%7C636894348253983401&sdata=hmNvdrKN8ImLcYASTTzwAoUxH5GvPhFS%2BBetAx%2FW%2F5g%3D&reserved=0> and visiting the GNSO Newcomer pages<https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers%26d%3DDwMGaQ%26c%3DFmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM%26r%3D7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM%26m%3D5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q%26s%3DtT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk%26e%3D&data=02%7C01%7CAHeineman%40ntia.gov%7C5081de1cb83042d4b8f608d6b4090a69%7Cd6cff1bd67dd4ce8945dd07dc775672f%7C0%7C0%7C636894348253993410&sdata=On6b6%2B2QFIrm%2FWQiwl8ggO0Z%2FjU4N3fSJSSus8gmQHw%3D&reserved=0>.

Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>
As of March 18, 2019, all NTIA email addresses will change to username at ntia.gov<mailto:username at ntia.gov>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190408/6dedede7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 3898 bytes
Desc: image001.gif
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190408/6dedede7/image001-0001.gif>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.txt
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190408/6dedede7/ATT00001-0001.txt>

More information about the Gnso-epdp-team mailing list