[Gnso-epdp-team] For your review: updated recommendations 10, 11, 12

Thomas Rickert epdp at gdpr.ninja
Sun Feb 10 20:56:42 UTC 2019 

Hi Kurt, Ashley, all,
thanks in particular to Kurt and Ashley for their analysis and suggestions. 

To be clear, It was not my intention to rule out LEA disclosures or establish hurdles for those. The opposite is true: We should not give the impression that contracted parties would only honor disclosure requests if the requirements in our recommendation 12 are met even if LEA requirements for requesting data would be lower. It would be inappropriate for us even to give the impression that we would ask LEAs to give more or other data than they are required to by law for their disclosure requests. 

Let me suggest language that I hope meets Ashley’s requirements while not going into too much details on the legal rationales that I have offered during our call.

"Whilst the EPDP Team is confident that the criteria enumerated in this recommendation work for data disclosure requests relating to civil claims, the EPDP Team did not yet have an opportunity work on policy for LEA disclosure requests. It may well be that LEA disclosure requests can be honored following the criteria in this recommendation, but there may be different criteria or processes that need to be followed depending on the jurisdiction of the requesting LEA, the alleged crimes involved and the location of the contracted party as a condition for the contracted party to be entitled to or be required to disclose data."

We could either put this into the text of the recommendation or make it a footnote, but I think that a disclaimer of some sort is warranted for the sake of transparency with respect to the status of our recommendation and our work.

I hope you find this helpful,
Thomas


> Am 08.02.2019 um 17:04 schrieb Kurt Pritz <kurt at kjpritz.com>:
> 
> Thanks for this additional input on Recommendation 13.  Please forgive these observations and consider this recommendation for closing off this remaining issue. 
> 
> During our meeting Thomas was given the floor to explain his edits. During that, there was the usual chat going on: first some non-substantive commentary, then a different discussion. Partially through Thomas’ intervention, I shook myself out of watching the chat to listen to Thomas, who was making a careful, studied explanation of his addition. I kicked myself (figuratively) for missing part his explanation when, in a few months, any of us would probably give a lot to have Thomas available to answer questions such as these. It made we wonder how many of us were watching the chat instead of listening. 
> 
> Understanding Thomas point, I made the suggestion to the group that we retain it in some form (a more complete explanation of the issue) but move it down into the body of the recommendation as an item to be considered. At that point, my sense was that the team wanted to leave it first and foremost and I withdrew my suggestion to move it. 
> 
> Having said that, I understand Ashley’s comment that we don’t have a full handle on the effect of the GDPR sections Thomas cited on out recommendations. 
> 
> I recommend that we: 
> respectfully ask Thomas to augment the issue somewhat with a couple / few sentences. 
> move that issue to the annotation describing the recommendation with a notation that this issue be sorted out during the implementation discussion. 
> 
> Let me know what you think. 
> 
> Best regards,
> 
> Kurt
> 
> 
>> 
>> 
>> At 07/02/2019 03:52 PM, Heineman, Ashley wrote:
>> 
>>> Thanks for this and hello colleagues,
>>>  
>>> After further reflection on today’s discussion of Recommendation 12 and the new text proposed by Thomas, I believe this language should be deleted.   Specifically –“ “These criteria are applicable to disclosure requests relating to civil claims. LEA requests will be handled according to applicable laws.”  
>>>  
>>> While I am extremely pleased with the state of the Recommendation overall, this new insertion has not been fully considered and I believe is misplaced.  
>>>  
>>> I understand and am sympathetic to Thomas’ concerns, but that being said, I believe those concerns are best addressed elsewhere. The singular intent of Recommendation 12 is to provide clarity around the process and expectations of reasonable lawful disclosure in terms of making requests.  The recommendation attempts to ensure that expectations are set for how to submit requests and in what fashion those requests will be handled once received.  The Recommendation does NOT assume that disclosure will be made and, further, it isn’t even contemplated how and on what basis a decision for disclosing (or not) will be made. Those issues are to be dealt with in Phase 2 and/or otherwise in a specific access discussion.
>>>  
>>> I’m thus concerned that by explicitly limiting this recommendation to civil requests will unfairly and unnecessarily remove the benefits of process clarity for LEA.   
>>>  
>>> In light of these concerns, I strongly recommend the deletion of this text.  Thomas’ legitimate concerns should then be taken up and addressed in our Phase 2 work.
>>>  
>>> Thanks!
>>>  
>>> Ashley
>>> 202 482 0298
>>>  
>>> From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org <mailto:gnso-epdp-team-bounces at icann.org>> On Behalf Of Caitlin Tubergen
>>> Sent: Thursday, February 7, 2019 3:26 PM
>>> To: gnso-epdp-team at icann.org <mailto:gnso-epdp-team at icann.org>
>>> Subject: [Gnso-epdp-team] For your review: updated recommendations 10, 11, 12
>>>  
>>> Dear EPDP Team:
>>>  
>>> Attached, please find the updated recommendations. The updates are the result of today’s EPDP Team discussion
>>>  
>>> As always, please feel free to flag any text that you believe does not represent what the Team agreed to.
>>>  
>>> Best regards,
>>>  
>>> Marika, Berry, and Caitlin
>>>  
>>>  
>>>  
>>> _______________________________________________
>>> Gnso-epdp-team mailing list
>>> Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org>
>>> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team>_______________________________________________
>> Gnso-epdp-team mailing list
>> Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
> 
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190210/201e676f/attachment.html>

More information about the Gnso-epdp-team mailing list