[Gnso-epdp-team] Revised Recommendations for (Final) Review - with attachments
icann at ferdeline.com
Tue Feb 5 11:53:34 UTC 2019
I agree with Alex that "?" should be replaced with "and", as that is a typo.
That aside, I think the language that you have presented Kurt represents a fair compromise.
If we are to continue wordsmithing this, I would like to note my objection to the language around response times. I would suggest deleting the text in brackets entirely, as this is something I would prefer be left to the individual contracted party to determine. As a general rule I do not support recommendations which impose externalities on other actors.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, February 4, 2019 7:19 PM, Alex Deacon <alex at colevalleyconsulting.com> wrote:
> Hi Kurt,
> A few comments on the updated Rec 12 language
> - I support the use of the phrase “Reasonable Requests for Lawful Disclosure of Non-Public Registration Data.” instead of "Reasonable Access". It is much more precise.
> - At the end of the 3rd paragraph it states "Contracted parties will consider each request on its merits with regard to GDPR legal basis". This is reasonable, however it is inconstant with the Temp Spec language quoted in paragraph 1 that limits reasonable access to 6(1)(f). (e.g. "Registrar and Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR") If contracted parties will be responding to "reasonable disclosure" requests for any legal basis we need to ensure existing temp spec language is updated (made consistent)in any future policy implementation created to replace it
> - As I mentioned on a past call we have kept the specificity regarding the request but lost specificity regarding the response. Hoping we can find a pragmatic middle ground for the latter here is a suggested solution.
> - Requirements for what information responses should include (for example, auto-acknowlegement of requests and rationale for rejection of request}, e.g. :
> - Responses where disclosure of data (in whole or in part) has been denied should include rationale sufficient for the requestor to understand the reasons for the decision. Including for example analysis and explanation of how the balancing test was applied (if applicable).
> - replace "...may further complement or overwrite these requirements." with "...may further complement or revise these requirements."
> - replace "...and the requirements for an acknowledgement ? response will be..." with ".... and the requirements for an acknowledgement and response will be..."
> Alex Deacon
> Cole Valley Consulting
> alex at colevalleyconsulting.com
> On Thu, Jan 31, 2019 at 8:32 PM Kurt Pritz <kurt at kjpritz.com> wrote:
>> Hello Everyone:
>> Thanks again for your perseverance. And - thank you in advance for your spirit of cooperation and compromise in considering the attached. We have spent the last few days reviewing the transcripts and other records of our recent discussions and then amending the Final Report Recommendations - taking into account the Initial Report Recommendations, the small team work, the conclusions in Toronto and these last several meetings.
>> The Recommendations included here are:
>> Recommendation 5 - Data elements to be transferred from Registrars to Registries
>> Recommendation 10 - Email communication
>> Recommendation 12 - Reasonable Access
>> Recommendation 14 - Responsible Parties
>> [Not included are Rec. 13 (sent earlier) and Rec. 11 and the Research Purpose (to be sent tomorrow.]
>> Each of these documents has a brief forward containing a description of the pertinent discussion and an explanation for choosing the wording in the Recommendations. They each then contain the Recommendation as originally written and a redline of the proposed recommendation based on the most recent discussions. Please read the entire documents (they are not long), and not just the recommendation itself.
>> I am certainly not asking for you to stand silently by if you disagree with these Recommendations because they would negatively impact GDPR compliance. I am asking that you study the balancing that went into this and be ready to accept wording in cases where it does not match your own choice.
>> Please review with your groups and return to us by Monday so that we can put any of these on the Tues/Wed/Thur agendas.
>> Gnso-epdp-team mailing list
>> Gnso-epdp-team at icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team