[Gnso-epdp-team] Recommendation 13 - Responsibilities of the Parties - email list discussion

Sarah Wyld swyld at tucows.com
Mon Jan 28 20:29:06 UTC 2019 

Hello All,

Here is the RrSG's proposed text for Rec 13:

    The EPDP Team recommends that ICANN Org negotiates and enters into
    required data protection agreements, as appropriate, with the
    Contracted Parties. In addition to the legally required components
    of such agreement, the agreement shall specify the responsibilities
    of the respective parties for the processing activities as described
    therein. Indemnification clauses shall ensure that the risk for
    certain data processing is borne by either one or multiple parties
    that determine the purpose and means of the processing. Due
    consideration should be given to the analysis carried out by the
    EPDP Team in its Final Report.

The RrSG is aware that ICANN's status as controller, joint or
independent, is not yet fully determined. As such, this proposed wording
allows the flexibility to determine the appropriate type of data
protection agreement following further input.

-- 
Sarah Wyld
Domains Product Team
Tucows
+1.416 535 0123 Ext. 1392

 

On 1/23/2019 6:22 PM, Kurt Pritz wrote:
>
> Hi Everyone:
>
> With the goal of progressing on issues via email, the leadership team
> has considered the discussion provided during the Toronto meeting and
> suggests the following compromise language to address the different
> positions expressed. (This is a resend of an earlier email with only
> the subject line of the email updated.)
>
> *Discussion* 
>
> The language below is the same language proposed by the small team
> that reviewed the comments, but modified: 
>
>   * as suggested by Diane during the meeting to reflect that GDPR Art
>     28 is unlikely to apply in this situation, and
>   * by an addition (bracketed & bolded below) to reference the
>     analysis in the Final Report that this team recommends the
>     creation of Joint Controller Agreements, to appropriately
>     influence the negotiation of GDPR-compliant agreements.
>
>
> This language is intended to strike a balance between those preferring
> to leave some flexibility for ICANN Org and Contracted Parties to
> consider the appropriate agreements and those preferring to be
> specific about the type of agreement to be pursued.
>
> I understand this is a complex topic that might require additional
> discussion but it is also possible that we cannot be dispositive on
> this issue prior to a lengthy contract formation discussion that
> extends well beyond our time frames. For that reason, we are taking
> the liberty of making this recommendation and hope you accept it in
> the spirit it is offered.
>
> *Proposed Recommendation #13 Language*
>
> The EPDP Team recommends that ICANN Org negotiates and enters into
> required data protection agreements such as a Data Processing
> Agreement (GDPR Art. 28) or Joint Controller Agreement (Art. 26), as
> appropriate, with the Contracted Parties. In addition to the legally
> required components of such agreement, the agreement shall specify the
> responsibilities of the respective parties for the processing
> activities as described therein. Indemnification clauses shall ensure
> that the risk for certain data processing is borne by either one or
> multiple parties that determine the purpose and means of the
> processing. [*Due consideration should be given to the analysis
> carried out by the EPDP Team in its Final Report.*]
>
> *Action:* 
>
> Please indicate on the mailing list whether you have any concerns
> about these modifications and/or what other aspects of this
> recommendation should be discussed.
>
> Deadline: Monday, 28 January, additional email discussion might follow
> depending on responses. 
>
> Sincerely,
>
> Kurt
>
>  
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190128/9a973be2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190128/9a973be2/signature-0001.asc>

More information about the Gnso-epdp-team mailing list