[Gnso-epdp-team] RrSG proposed Recommendation #11
Kavouss Arasteh
kavouss.arasteh at gmail.com
Fri Jan 25 22:54:57 UTC 2019
Dear Sara
Tks for comments
Amended Text
*"1) The EPDP team recommends that ICANN, as soon as is practicable to be
replaced by ,as a matter of urgency,, undertakes a review of all its active
processes and procedures so as to identify and document the instances in
which personal data are requested from a registrar beyond the period of the
'life of the registration'. Retention periods for specific data elements
should then be identified and documented, and relied upon to establish the
required relevant and specific minimum data retention expectations for
registrars. 2) In the interim, the EPDP team has recognized that the
Transfer Dispute Resolution Policy (“TDRP”) has been identified as one such
process. The EPDP team therefore recommends that ICANN should direct
registrars to retain only those data elements deemed necessary for the
purposes of the TDRP, for a period of , at least one year following the
life of the registration. This retention is grounded on the stated policy
stipulation within the TDRP that claims under the policy may only be raised
for a period of 12 months after the alleged breach (FN: see TDRP section
2.2) of the Transfer Policy (FN: see Section 1.15 of TDRP). Such retained
data may only be used in relation to a specific TDRP complaint; should a
Registrar use the retained data for any other purpose, they would do so
under their own Controllership. 3) The EPDP team recognizes that Contracted
Parties may have needs or requirements for different retention periods,
beyond one year in line with local law or other requirements. The EPDP
team recommends that nothing in this recommendation, or in separate
ICANN-mandated policy, should prohibit contracted parties from setting
their own retention periods beyond the minimum one year period or that
which is expected in ICANN policy. Similarly, However, should local law
prevent retention for the minimum period as stipulated above or set by
ICANN, the ePDP team recommends that a suitable waiver procedure is put in
place that can address such situations. In addition, the waiver procedure
should be reviewed to determine if it would be appropriate for other CPs to
“join” themselves to an existing waiver upon demonstration of being subject
to the same law or other requirement that grounded the original waiver
application*
Regards
Kavouss
On Fri, Jan 25, 2019 at 10:14 PM Sarah Wyld <swyld at tucows.com> wrote:
> Hello All,
> For Recommendation 11, the RrSG has the following proposed new text and
> comments:
>
> *New text:*
>
> 1) The EPDP team recommends that ICANN, as soon as is practicable,
> undertakes a review of all its active processes and procedures so as to
> identify and document the instances in which personal data are requested
> from a registrar beyond the period of the 'life of the registration'.
> Retention periods for specific data elements should then be identified and
> documented, and relied upon to establish the required relevant and specific
> minimum data retention expectations for registrars.
>
> 2) In the interim, the EPDP team has recognized that the Transfer Dispute
> Resolution Policy (“TDRP”) has been identified as one such process. The
> EPDP team therefore recommends that ICANN should direct registrars to
> retain only those data elements deemed necessary for the purposes of the
> TDRP, for a period of one year following the life of the registration. This
> retention is grounded on the stated policy stipulation within the TDRP that
> claims under the policy may only be raised for a period of 12 months after
> the alleged breach (FN: see TDRP section 2.2) of the Transfer Policy (FN:
> see Section 1.15 of TDRP). Such retained data may only be used in relation
> to a specific TDRP complaint; should a Registrar use the retained data for
> any other purpose, they would do so under their own Controllership.
>
> 3) The EPDP team recognizes that Contracted Parties may have needs or
> requirements for different retention periods in line with local law or
> other requirements. The EPDP team recommends that nothing in this
> recommendation, or in separate ICANN-mandated policy, should prohibit
> contracted parties from setting their own retention periods beyond that
> which is expected in ICANN policy. Similarly, should local law prevent
> retention for the minimum period as set by ICANN, the ePDP team recommends
> that a suitable waiver procedure is put in place that can address such
> situations. In addition, the waiver procedure should be reviewed to
> determine if it would be appropriate for other CPs to “join” themselves to
> an existing waiver upon demonstration of being subject to the same law or
> other requirement that grounded the original waiver application.
>
> *Notes:*
>
> - incorporates suggested new text & comments from email list discussion
> (thanks Alan W for your insights!)
> - spells out that the data can only be used for specified retention
> purposes (or, if used for other purpose, that would be a separate
> Controller decision)
>
> --
> Sarah Wyld
> Domains Product Team
> Tucows
> +1.416 535 0123 Ext. 1392
>
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190125/4f5fb597/attachment.html>
More information about the Gnso-epdp-team
mailing list