[Gnso-epdp-team] Recommendation 14 - Responsible Parties: email discussion

[James M. Bladel]

Kurt and ePDP Team –

RrSG members have discussed this recommendation, and agree with the draft language:

During Phase 1 of its work, the EPDP Team documented the data processing activities and responsible parties associated with gTLD registration data. The EPDP Team, accordingly, recommends the inclusion of the data processing activities and responsible parties, outlined below, to be confirmed and documented in the relevant data processing agreements, noting, however, this Recommendation may be affected by the finalization of the necessary agreements (described elsewhere in this report) that would confirm and define the roles and responsibilities.

Additionally, we’d like to append the following sentence to the end of this Recommendation:
“To ensure compliance with GDPR and other data protection regulations, these agreements must be in place prior to the enforcement of ePDP policy recommendations."

This is consistent with statements made at our F2F in Toronto.

Thanks—

J.


-------------
James Bladel
GoDaddy


From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of Kurt Pritz <kurt at kjpritz.com>
Date: Wednesday, January 23, 2019 at 21:18
To: EPDP <gnso-epdp-team at icann.org>
Subject: [Gnso-epdp-team] Recommendation 14 - Responsible Parties: email discussion

Hi Everyone:
With the goal of progressing (even more) issues via email, the leadership team has considered the discussion during the most recent planary conference call and suggests the following language to capture the agreement in principle that was developed on Recommendation 14 (Responsible Parties).
Based on the discussion of the EPDP meeting on 22 Jan 2019, the amendment below is proposed for EPDP Team consideration.

Initial Report Language
The EPDP Team recommends that the policy includes the following data processing activities as well as responsible parties: <See Initial Report Language>.

Plenary Discussion on this Issue
It was stated that the EPDP Team documented the data processing activities and responsible parties associated with gTLD registration data based upon data analysis and facts available at the time of the Phase I discussion.
The EPDP Team acknowledged that, given the iterative nature between the development of GDPR-compliant agreements and the specification of data processing activities & responsible parties, whatever Recommendation is made at this time is likely to be affected by the completion of the necessary agreements, i.e., that contract development work would confirm and define the roles and responsibilities.

Proposed Updated Language:
During Phase 1 of its work, the EPDP Team documented the data processing activities and responsible parties associated with gTLD registration data. The EPDP Team, accordingly, recommends the inclusion of the data processing activities and responsible parties, outlined below, to be confirmed and documented in the relevant data processing agreements, noting, however, this Recommendation may be affected by the finalization of the necessary agreements (described elsewhere in this report) that would confirm and define the roles and responsibilities.

Action
Please indicate on the mailing list whether you have any concerns about these modifications and/or what other aspects of this recommendation should be discussed. If there are additional questions for ICANN Compliance that would serve to inform the deliberations on this recommendation, please share these also.
Deadline: Monday, 28 January, additional email discussion might follow depending on responses.

Best regards,
Kurt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190128/eb74040d/attachment-0001.html>