[Gnso-epdp-team] Revised Recommendations for (Final) Review - Research Purpose

farzaneh badii farzaneh.badii at gmail.com
Sun Feb 3 05:24:51 UTC 2019

Thank you Kurt.

I have a couple of points to make about the research purpose, in the report
you mention that:

"The team continued to discuss the so-called purpose O. The Team agreed
that, to include such a
purpose, we would require:
 some expression from ICANN (and OCTO in particular), that personal data
was necessary to
carry out OCTO’s mission, and"

*FB: *OCTO has said it does not need personal data for its research for
now. While OCTO clearly said it does not need personal information to carry
out its mission, how did we come to the conclusion that we need some
expression from ICANN (and OCTO) in particular that personal data is
necessary? Are we going to ask OCTO again? I have copy pasted their
response at the end of this email.


The discussion led to the preliminary conclusions that, *it was unclear*:
 whether OCTO required the use of personal data in its work

*FB:* There is nothing unclear for now. OCTO has clearly said (as I cited
them in various shape and form) that at the present they do not need
personal information. In fact, as Benedict has been saying they will never
need personal information for research. What they might need (in the future
but *not now*)  is hashed personal data. To process that, some argue that,
research should be an ICANN purpose. But there were objections to the
speculative nature of this purpose. As some said during the meeting we
cannot speculate what might be needed in the future for research. This
observation needs to be recorded.

*Solution? *I think what should be discussed if the team wants to discuss
in phase 2 is: is it legal to have purposes for processing data for *future
"research"* that might need disclosure of *hashed* data
(pseudonymized data)? can  the group reach  consensus over having a purpose
of speculative nature?

Link: https://community.icann.org/display/EOTSFGRD/Input+from+ICANN+Org
OCTO's response:
Also, in discussions that the EPDP Team has had regarding purposes, ICANN
Office of the CTO (OCTO) has been mentioned. To inform the EPDP Team’s
continued discussion on this topic, ICANN Org would like to *clarify that
ICANN OCTO does not require personal data in domain name registration data
for its work.* For example, OCTO’s Domain Abuse Activity Reporting (DAAR)
project <https://www.icann.org/octo-ssr/daar> uses only the registrar and
nameserver information.


On Fri, Feb 1, 2019 at 5:32 PM Kurt Pritz <kurt at kjpritz.com> wrote:

> Hi again everyone:
> In a followup to yesterday’s email that proposed conclusions to four
> Recommendations, I am writing to provide one more. This Recommendation
> incorporates the Team’s latest verbally developed conclusions on the
> “Research Purpose.
> As with the memoranda furnished yesterday, this one provides a brief
> summary of the latest discussion and then follows with proposed Final
> Report language: (1) a narrative describing the group discussion, and (2)
> an amended Recommendation - i.e., amended from the Initial Report version
> of the Recommendation.
> As mentioned in the earlier emails, please review this revised wording
> with your groups and return to us by Monday 4 Feb if you believe a region
> or additional discussion is require -  so that we can put any this topic on
> the Tues/Wed/Thur agendas. Let me know if you have any questions,
> procedural or substantive.
> I have one more paper to deliver to you - Recommendation 11 Data
> Retention.
> Thanks again and best regards,
> Kurt
> Begin forwarded message:
> *From: *Kurt Pritz <kurt at kjpritz.com>
> *Subject: **Revised Recommendations for (Final) Review - with attachments*
> *Date: *January 31, 2019 at 8:31:45 PM PST
> *To: *EPDP <gnso-epdp-team at icann.org>
> Hello Everyone:
> Thanks again for your perseverance. And - thank you in advance for your
> spirit of cooperation and compromise in considering the attached. We have
> spent the last few days reviewing the transcripts and other records of our
> recent discussions and then amending the Final Report Recommendations -
> taking into account the Initial Report Recommendations, the small team
> work, the conclusions in Toronto and these last several meetings.
> The Recommendations included here are:
> Recommendation 5 - Data elements to be transferred from Registrars to
> Registries
> Recommendation 10 - Email communication
> Recommendation 12 - Reasonable Access
> Recommendation 14 - Responsible Parties
> [Not included are Rec. 13 (sent earlier) and Rec. 11 and the Research
> Purpose (to be sent tomorrow.]
> Each of these documents has a brief forward containing a description of
> the pertinent discussion and an explanation for choosing the wording in the
> Recommendations. They each then contain the Recommendation as originally
> written and a redline of the proposed recommendation based on the most
> recent discussions.  Please read the entire documents (they are not long),
> and not just the recommendation itself.
> I am certainly not asking for you to stand silently by if you disagree
> with these Recommendations because they would negatively impact GDPR
> compliance. I am asking that you study the balancing that went into this
> and be ready to accept wording in cases where it does not match your own
> choice.
> Please review with your groups and return to us by Monday so that we can
> put any of these on the Tues/Wed/Thur agendas.
> Sincerely,
> Kurt
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190203/96998042/attachment.html>

More information about the Gnso-epdp-team mailing list