[Gnso-epdp-team] Notes and action items - EPDP Phase 2 Meeting #14 - 15 August 2019
Caitlin Tubergen
caitlin.tubergen at icann.org
Thu Aug 15 18:06:26 UTC 2019
Dear EPDP Team,
Please find the notes and action items from today’s Phase 2 EPDP Team meeting below.
As a reminder, the Phase 2 Legal Committee will meet on Tuesday, 20 August at 14:00 UTC, and the Phase 2 EPDP Team will meet on Thursday, 22 August at 14:00 UTC.
Thank you.
Best regards,
Marika, Berry, and Caitlin
--
EPDP Phase 2 - Meeting #14Thursday, 15 August 2019 at 14.00 UTCAction Items
Groups are welcome to provide additional comments in response to early input in the Early Input Google Doc over the next two weeks (by 29 August). Support Staff will consider input received when compiling the Zero Draft document.
EPDP Team members to provide feedback on the IP-5 use case via the IP-5 Use Case Google doc by Friday, 16 August.
IPC EPDP Team members to review comments and distribute updated use case by Tuesday 20 August in preparation for a final reading on Thursday, 22 August.
SSAC EPDP Team members to review comments received for SSAC 3 (Investigation of criminal activity where domain names are used. Typical specific example: PHISHING ATTACK) and distribute updated version of use case to EPDP Team by Tuesday 20 August in preparation for a final reading on Thursday, 22 August.
SSAC EPDP Team members to distribute use case for SSAC 1 (When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.)) by Tuesday 20 August in preparation for a final reading on Thursday, 22 August.
ALAC EPDP Team members to review comments received on ALAC 1 (Online buyers identifying and validating the source of goods or services/ Internet users validating the legitimacy of an email or a website to protect themselves) and distribute updated version of the use case by Tuesday, 27 August in preparation for final reading on Thursday, 29 August.
Notes These high-level notes are designed to help the EPDP Team navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/ZwPVBQ.EPDP Phase 2 - Meeting #14Proposed AgendaThursday, 15 August 2019 at 14.00 UTC1. Roll Call & SOI Updates (5 minutes)
Attendance will be taken from Zoom
Remember to mute your microphones upon entry to Zoom.
Please state your name before speaking for transcription purposes.
Please remember to review your SOIs on a regular basis and update as needed. Updates are required to be shared with the EPDP Team.
2. Confirmation of agenda (Chair)3. Welcome and housekeeping issues (Chair) (5 minutes)a. Travel support for ICANN66 – update on applications received
Please refer to this link to view the EPDP Members who have applied for travel support: https://community.icann.org/display/EOTSFGRD/EPDP+Travel+Support+-+Phase+2
b. Reminder to book travel for September F2F in Los Angeles 4. Review of SO/AC/SG/C Early Input (45 minutes)a. Issues / clarifying questions identified (see https://docs.google.com/document/d/13ynT-XM5CDDyTDW0rsZdpt91ym7QrjUD/edib. Consider how to factor early input into drafting of Initial Report
The Google Doc link shows all early input received. The input is organized by the category/charter question.
Rather than go comment by comment, the groups were invited to review the input and provide clarifying questions.
Input was provided by the BC and the RrSG.
How would the group like to review this input?
Support Staff has factored in this input in preparing the Zero Draft
Possible path forward: opposition comments can be responded to in writing
Those groups who provided initial input and whose initial input has been contested or objected to in the Google Doc, can respond in the Google doc
Once substantive issues are discussed, the early inputs will be pulled and see where there is agreement and disagreement
The Zero Draft will contain all substantive issues
Skepticism on this approach - reviewing this on Google docs would require off-line discussions on every topic online
Only groups directly participating in the EPDP provided comments. The Team has little time to get its work done, so as an alternative, proposal to do nothing with it. It provides good reference to everyone to explore each other’s viewpoints. However, since all early input submitters are represented on the Team, these views can be represented in the substantive calls themselves.
There may be some items that do not correspond to Charter questions and the assumption was that the Team will review the items that do not correspond to the Charter questions. The Charter question feedback would discussed during the substantive discussion.
Recommend getting clarity on the legal questions so that the Team has more clarity when reviewing the Zero draft.
Bird & Bird is not planning to attend the F2F in Los Angeles.
Nothing in the Zero Draft is carved in stone; it is easier to start working on something already written rather than drafting by committee
c. Confirm next steps, if any
Encourage those who would like to engage in online comments about early input to continue editing the Google Doc. All feedback will be taken into account in the writing of the Zero draft.
5. Use case – first reading: Providers requesting access required to facilitate due process in the UDRP and URS (IP 5) (45 minutesa. Introduction to use case (IPC)
This use case is for participants in the UDRP/URS process
Data is needed to know against whom the UDRP will be filed - whether multiple domain names can be included in a single complaint
Data is also used to see if the alleged infringer acted in bad faith
Based on who the registrant is, the issue may be resolved without filing a UDRP
Lawful basis of entity disclosing the data - mostly 6(1)(b) and 6(1)(c)
If the UDRP decision is appealed in court and data needs to be provided based on a subpoena, data may be processed in this context.
Accreditation could be useful in some cases, e.g., WIPO, NAF, but the Team needs to think about what benefit that would provide
b. Feedback from EPDP Team
Safeguards are where the policy comes from - what are the steps the Team needs to go through to test this use case. What does the CP do to actually process this use case
Important to note that the UDRP was designed in a way that does not take data protection into account at all - not everything in the UDRP’s existing procedures would be considered compliant with data protection law
The UDRP was not drafted with GDPR in mind, but the core of the UDRP - proving that an entity has rights in a name and one entity who, in bad faith, registered a name it had no rights in. It may be helpful to have a legal look at required notices sent to a registrant when it registers a name and whether that is sufficient
The RrSG will provide more comprehensive comments following this call. A URS and UDRP can be submitted without knowing who the respondent is. Perhaps disclosure could be to the UDRP Provider, and not the Complainant. Also, the Complainant can contact the Respondent, using the required contactability mechanisms.
Trademark owners are being asked to prove a registrant has no rights and acted in bad faith - this is very difficult to do if you do not know who the registrant is
Regarding specificity, instead of giving blanket criticism, it would be helpful to give an example of a safeguard you would propose adding.
Issues with contractual basis as a lawful basis - this does not entail the contact b/w the registrant and the disclosing party. The relevant contractual relationship is b/w the data subject and the recipient of the data - as this does not exist in this use case, it may not be applicable here. If the recipient of the data decides not to file a UDRP/URS, is that a violation?
The 6(1)(b) is vis-a-vis the data subject and not the entity who processes the data. This use case is in the context of a UDRP or URS that has been filed, not a “we might file”.
Please refer to the Bird & Bird memo from Phase 1 regarding lawful basis. It is not acceptable to receive data after a UDRP has been filed.
This Team is not here to test whether this is a valid use case - this is raw material to feed into the policy recommendations.
This debate boils down to the question of legal basis. This use case is based on the legitimate interest of a third party - it is 6(1)(f). There shouldn’t be an artificial incentive to file UDRP cases. It is legitimate to request disclosure, to get the disclosure and then decide not to file a UDRP case - there should be no penalty for not filing. For third parties, it is a 6(1)(f).
Disagree that this is a 6(1)(f) - believe this is a 6(1)(b)
The Alan W. document describes how 6(1)(f) works - this is valuable if Team members do not have an understanding of 6(1)(f). In this particular use case, safeguards may be different if this is a 6(1)(b).
How can every possible life situation be reflected in a policy? Is it possible to draw more general conclusions?
Following the policy, a lot of work will have to be done on best practices, but this may not be part of the policy.
c. Confirm next steps
Brian to send updated use case to the Team following this call
Staff to put updated version in Google Docs
Team to provide input on updated version by tomorrow, Friday, 16 August
Brian and IPC colleagues to distribute updated use case, factoring in comments received by Tuesday, 20 August
6. Any other business (5 minutes)
Zero draft will be used as a tool for discussion in LA F2F, and will contain both draft policy principles and building blocks gleaned from EPDP Team’s discussions to date to assist Team in arriving at policy recommendations
Next week, goal to try to close SSAC case, IP case
Initial reading of SSAC 1 (When a network is undergoing an attack involving a domain name, and the operator(s) of that network need to contact the domain owner to remediate the security issue (DDOS, Botnet, etc.)) will be next Thursday, 22 August
ALAC case will be discussed the following week (Thursday, August 29)
7. Wrap and confirm next EPDP Team meeting (5 minutes):
Thursday 22 August 2019 at 14.00 UTC (5 minutes)
Confirm action items
Confirm questions for ICANN Org, if any
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190815/87c5ecbe/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190815/87c5ecbe/smime-0001.p7s>
More information about the Gnso-epdp-team
mailing list