[Gnso-epdp-team] Recommendation 5 - Questions and Proposed Edits (Joint RySG-RrSG)
rosettek at amazon.com
Tue Feb 5 15:56:25 UTC 2019
Dear EPDP Team Members,
The Registries and Registrars have several questions and concerns regarding the proposed text and edits to Recommendation 5. Both the genesis of the edits and language of Recommendation 5 are unclear. As it stands the language and intent of the Recommendation are ambiguous and could have unintended impacts on the interpretation and application of Purposes 1a and 1b, which are foundational to the EPDP’s outcomes.
Overall, the questions are- 1) what is the desired outcome of this Recommendation, 2) how does the Recommendation text reflect the Proposed Report language, 3) is this Recommendation redundant of Recommendation 22?
Attached are a redline of our proposed changes.
Specifically, the RySG and RrSG note that:
● It’s unclear where the extensive redline of Proposed Final Report language in the “Charter Question c) Transfer of data from registrar to registry” originated. Are they sourced from comments to the Initial Report?
● The Report Language also appears to be much broader and somewhat at odds with the actual text of the Recommendation at the end of the document.
● The EPDP is currently defining the minimum data set. The impacts of that data set on existing policies will be determined during the implementation phase per the group’s existing Recommendation 22 requiring review and update of existing policies and processes. Singling out and recommending direct amendment of the Thick WHOIS policy is redundant as a separate recommendation (though again, the Recommendation language is far more targeted than the “Proposed Final Report Language”). Why we would treat analysis and review of the Thick WHOIS policy differently than other policy review under Recommendation 22 is unclear. We recommend removing references to the Thick WHOIS policy from the language accompanying Recommendation 5.
● This text, “The recent discussion also highlighted that some registries wish to not receive data for which they have no GDPR-compliant purpose for processing.” highlights an issue we believe to be separate from the concept of a minimum data set. If the goal of this EPDP is to establish GDPR compliant purposes for processing and we find that our work is not able to resolve possible differences in application due to existing policies or practices that are outside of the EPDP remit, we clearly flag those issues for follow up in previously mentioned Recommendation to review existing policies and practices. The apparent “out” created by this language, allowing ROs to choose not to receive the full minimum data set was originally discussed as an option for those ROs that will encounter issues with their jurisdictional requirements, not as a way to deal with the “thick/thin” issue or policy.
● Finally, if the language in Recommendation 5 remains broad and could have unintended impacts on Purpose 1a/b. Currently, 1a/b define the roles, responsibilities, and data elements associated with the core function of effecting a domain name registration and establishing the rights of the registrant in that name. It also identifies the Controller/Processor role of the RO. If Purpose 1a/b defines the transfer of the defined minimum data set as a requirement, a choice made by the RO under Rec 5 could change the role of that RO. This creates an inconsistent application of the Recommendations and Purposes of the EPDP. As the EPDP is meant to establish a minimum baseline for CPs Recommendation 5 as written could impact that.
Please let us know if you have any questions.
Senior Corporate Counsel, IP - Domains
rosettek at amazon.com<mailto:rosettek at amazon.com> | 703.407.1354
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Recommendation 5_Response FINAL2.docx
Size: 17088 bytes
Desc: Recommendation 5_Response FINAL2.docx
More information about the Gnso-epdp-team