[Gnso-epdp-team] Recommendation 12 - Reasonable Access

Hadia Abdelsalam Mokhtar EL miniawi Hadia at tra.gov.eg
Wed Feb 6 19:35:47 UTC 2019


Hi Alan,


I am sorry that this is how you feel about our suggestion with regard to compliance, certainly there was no intention to having a stick to beat the contracted parties. Usually auditing is something that both parties benefit from. In what sense does our suggestion put new obligations on the contracted parties? It is just a means of verifying the process and this is good for the CPs as well because it ascertains the functionality of their system.  Moreover how does the suggestion of having some kind of auditing contradict with the fact that every single request received must be considered individually? Additionally, we never said that existing complaints' processes can not be used we only said that you need to agree on the auditing mechanisms/means or whatever you want to call it. This is merely a suggestion to implement a sense of trust into the system, rather than having that trust something as intangible as good faith between the parties involved.​

Finally I invite you to put  a few lines that speak about using existing complaints processes in this regard.


Hadia


________________________________
From: Alan Woods <alan at donuts.email>
Sent: 06 February 2019 19:01
To: Hadia Abdelsalam Mokhtar EL miniawi
Cc: Marika Konings; Sarah Wyld; gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] Recommendation 12 - Reasonable Access

To be perfectly honest, I think that Hadia & Alan's suggestions, are perilously close to going against the the very nature of the tentative agreements we have on Recommendation 12. If their point of view is that ICANN compliance must be used as a stick to beat the Contracted parties into submission/compliance, I find that exceptionally unhelpful. It is not the role of the ePDP to create new obligations for CPs outside of that which is necessary for GDPR compliance!

The repeated issue of the parties is that it is nigh on impossible to set this in stone; every single request received must be considered individually, on its own merits (as the GDPR, which supersedes all our machinations, requires). The CPs are coming to the table in goodwill noting that we understand the need for predictability for 3rd party requests. We have discussed at length the impossibility of setting a strict timeline on such requests, I simply think this squanders the goodwill in this agreement in now suggesting a frankly unimplementable, or more likely a utterly ad hoc and random audit system, rather than accepting that the contracted parties are acting in good faith, and will continue to do so. For those CPs who do not act in good faith, I have a feeling that a poor audit result regarding response to disclosure requests will be the least of the issues.

There are elements that are tangible and capable of ICANN review upon complaints regarding same, using existing complaints processes. Let's not reinvent the wheel here!

So to be clear. The RYSG strongly opposes the ALAC addition.

Alan







[Donuts Inc.]<http://donuts.domains>
Alan Woods
Senior Compliance & Policy Manager, Donuts Inc.
________________________________
The Victorians,
15-18 Earlsfort Terrace
Dublin 2, County Dublin
Ireland

[http://storage.googleapis.com/signaturesatori/icons/facebook.png]<https://www.facebook.com/donutstlds>  [http://storage.googleapis.com/signaturesatori/icons/twitter.png] <https://twitter.com/DonutsInc>   [http://storage.googleapis.com/signaturesatori/icons/linkedin.png] <https://www.linkedin.com/company/donuts-inc>


Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful.  If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.


On Wed, Feb 6, 2019 at 12:10 PM Hadia Abdelsalam Mokhtar EL miniawi <Hadia at tra.gov.eg<mailto:Hadia at tra.gov.eg>> wrote:
Hi all , I have added a few words about compliance and the implantation of the policy and hence propose the following minor edits to recommendation number 12

"
The EPDP Team recommends that ICANN org and the contracted parties develop a mechanism that allows ICANN Contractual Compliance to audit response times to the requests.
The EPDP recommends that the implementation of this policy includes requirements of acknowledgement of recipient of requests and the response to such requests, criteria for a " Reasonable Request for lawful Disclosure" and a mechanism that allows ICANN Contractual Compliance to audit response time to the requests.

The implementation of this policy will include at a minimum "


The above is to replace



"The EPDP Team recommends that criteria for a “Reasonable Request for Lawful Disclosure” and the requirements for acknowledging receipt of a request  and response to such request will be defined as part of the implementation[Kristina 1]  of these policy recommendations but will include at a minimum: "







Hadia

From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>] On Behalf Of Hadia Abdelsalam Mokhtar EL miniawi
Sent: Wednesday, February 06, 2019 12:32 PM
To: Marika Konings; Sarah Wyld; gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>
Subject: Re: [Gnso-epdp-team] Recommendation 12 - Reasonable Access

Hi all, the below comments are on behalf of Alan G

the proposal.

1. still does not set an expectation that although SOME requests may take the specified limit, not all should. Nor does it seem to imply that the Contractual Compliance has any ability to audit response times.

2. I find the reference to "GDPR legal bases" problematic. For example, under the current proposals, a registrar who is operating full outside of the EU mat redact information for legal persons and for natural persons not subject to the GDPR. What is the GDPR legal basis for requesting information on such registrations. According to GDPR there was no need for redaction to begin with, so a registrar can refuse to provide any results with full impunity.

From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>] On Behalf Of Marika Konings
Sent: Tuesday, February 05, 2019 11:43 PM
To: Sarah Wyld; gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>
Subject: Re: [Gnso-epdp-team] Recommendation 12 - Reasonable Access

Thanks, Sarah.

EPDP Team members, as this topic is included in the agenda for tomorrow’s meeting, please share any issues or concerns your group may have with the modified language prior to the meeting, if possible. Staff has taken the liberty to fix some formatting issues in the attached version (some of the sub-bullets did not appear properly).

Best regards,

Caitlin, Berry and Marika

From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>> on behalf of Sarah Wyld <swyld at tucows.com<mailto:swyld at tucows.com>>
Organization: Tucows
Date: Tuesday, February 5, 2019 at 12:31
To: "gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>" <gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>>
Subject: [Gnso-epdp-team] Recommendation 12 - Reasonable Access


Hello All,

As discussed on today's call, here is the proposed revised Rec. 12 from RySG/RrSG. Thank you.

--

Sarah Wyld

Domains Product Team

Tucows

+1.416 535 0123 Ext. 1392




On 1/31/2019 11:31 PM, Kurt Pritz wrote:

Hello Everyone:



Thanks again for your perseverance. And - thank you in advance for your spirit of cooperation and compromise in considering the attached. We have spent the last few days reviewing the transcripts and other records of our recent discussions and then amending the Final Report Recommendations - taking into account the Initial Report Recommendations, the small team work, the conclusions in Toronto and these last several meetings.



The Recommendations included here are:



Recommendation 5 - Data elements to be transferred from Registrars to Registries

Recommendation 10 - Email communication

Recommendation 12 - Reasonable Access

Recommendation 14 - Responsible Parties



[Not included are Rec. 13 (sent earlier) and Rec. 11 and the Research Purpose (to be sent tomorrow.]



Each of these documents has a brief forward containing a description of the pertinent discussion and an explanation for choosing the wording in the Recommendations. They each then contain the Recommendation as originally written and a redline of the proposed recommendation based on the most recent discussions.  Please read the entire documents (they are not long), and not just the recommendation itself.



I am certainly not asking for you to stand silently by if you disagree with these Recommendations because they would negatively impact GDPR compliance. I am asking that you study the balancing that went into this and be ready to accept wording in cases where it does not match your own choice.



Please review with your groups and return to us by Monday so that we can put any of these on the Tues/Wed/Thur agendas.



Sincerely,



Kurt























_______________________________________________

Gnso-epdp-team mailing list

Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-epdp-team

________________________________
 [Kristina 1]see previous comment about IRT/actor
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-epdp-team


More information about the Gnso-epdp-team mailing list