[Gnso-epdp-team] Recommendation 13 - Responsibilities of the Parties - email list discussion

farzaneh badii farzaneh.badii at gmail.com
Fri Jan 25 23:23:26 UTC 2019

Thanks Kurt

I had the impression that ICANN org suggested data protection agreement as
opposed to data processing agreements. I also think that data protection
agreement is not really a legal term. What does data protection agreement
mean and why was it suggested by ICANN org? (I was listening in, not in the
room, so if I am wrong please correct me.


On Wed, Jan 23, 2019 at 6:23 PM Kurt Pritz <kurt at kjpritz.com> wrote:

> Hi Everyone:
> With the goal of progressing on issues via email, the leadership team has
> considered the discussion provided during the Toronto meeting and suggests
> the following compromise language to address the different positions
> expressed. (This is a resend of an earlier email with only the subject line
> of the email updated.)
> *Discussion*
> The language below is the same language proposed by the small team that
> reviewed the comments, but modified:
>    - as suggested by Diane during the meeting to reflect that GDPR Art 28
>    is unlikely to apply in this situation, and
>    - by an addition (bracketed & bolded below) to reference the analysis
>    in the Final Report that this team recommends the creation of Joint
>    Controller Agreements, to appropriately influence the negotiation of
>    GDPR-compliant agreements.
> This language is intended to strike a balance between those preferring to
> leave some flexibility for ICANN Org and Contracted Parties to consider the
> appropriate agreements and those preferring to be specific about the type
> of agreement to be pursued.
> I understand this is a complex topic that might require additional
> discussion but it is also possible that we cannot be dispositive on this
> issue prior to a lengthy contract formation discussion that extends well
> beyond our time frames. For that reason, we are taking the liberty of
> making this recommendation and hope you accept it in the spirit it is
> offered.
> *Proposed Recommendation #13 Language*
> The EPDP Team recommends that ICANN Org negotiates and enters into
> required data protection agreements such as a Data Processing Agreement
> (GDPR Art. 28) or Joint Controller Agreement (Art. 26), as appropriate,
> with the Contracted Parties. In addition to the legally required components
> of such agreement, the agreement shall specify the responsibilities of the
> respective parties for the processing activities as described therein.
> Indemnification clauses shall ensure that the risk for certain data
> processing is borne by either one or multiple parties that determine the
> purpose and means of the processing. [*Due consideration should be given
> to the analysis carried out by the EPDP Team in its Final Report.*]
> *Action:*
> Please indicate on the mailing list whether you have any concerns about
> these modifications and/or what other aspects of this recommendation should
> be discussed.
> Deadline: Monday, 28 January, additional email discussion might follow
> depending on responses.
> Sincerely,
> Kurt
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190125/b0f80ecc/attachment-0001.html>

More information about the Gnso-epdp-team mailing list