[Gnso-epdp-team] FW: Recommendation 12

Mon Jan 28 23:24:55 UTC 2019

Thanks Sarah.

Looking forward to discussing this further on the call tomorrow.  In the
mean time here are my thoughts inline....

On Mon, Jan 28, 2019 at 12:23 PM Sarah Wyld <swyld at tucows.com> wrote:

> Dear EPDP Team,
>
> Thanks to all those who worked on the updated Rec 12, especially Alex
> Deacon, it was good to be able to work from your thoughtful updates. I have
> attached a revised version of this Recommendation, however I'm not sure
> that my tracked changes were successful, here's hoping.
>
[Alex] they made it thru!

> The RrSG supports the proposed ""Format by which requests should be made
> and responses are provided"", as well as the requirement for the CP to
> publish information on their website about how to make a disclosure
> request.
>
> It is unclear exactly which text in the Temp. Spec. is to be updated with
> the phrase ""requests for lawful disclosure.” This may be acceptable, if it
> is limited to the title of the section; otherwise it would be appreciated
> if this could be clarified.
>

[Alex ] Agree some clarity is needed here.  If we are not going to
"redline" the temp spec, then any policy we agree to needs to be explicit
in the final report (vs. some promise to update the temp spec).

>
> The RrSG does not support a requirement to include a link to this process
> in any RDS response, as this may conflict with the CL&D Policy or the RDAP
> Profile which remains in progress with the RDAP WG.
>

[Alex] I don't believe this would conflict with the CL&D policy.   What I
had in mind is to also add instructions in "RDS" outputs where there is a
freeform text section at the end of the response.    See for example the
output from whois.donuts.co attached - I've highlighted the relevant text.
  This seems helpful IMO.

>
> The RrSG notes that the specific legal basis for disclosure may play a
> role in determining what information should be included in the disclosure
> request, so this can be the minimum set but it may not work for all
> scenarios. That said, the proposed set of information required in the
> request is appropriate.
>
[Alex] Agree.  My focus when drafting this was on 6.1.f disclosure, but
clearly if a reasonable disclosure request comes from LEA then things are
different.

>
> Regarding the timelines for responses, the RrSG would support the second
> version of the text: "Contracted Parties must acknowledge receipt of a
> Reasonable Disclosure Request without unreasonable delay, but ordinarily
> not more than 2 business days from receipt."
>
[Alex] Thanks - I think this can be further refined.  perhaps along the
lines of "with response within 2 days unless circumstances can be shown
that this time frame is not possible."

>
> If a timeline for processing and responding to the disclosure requests
> must be defined in this EPDP, it should be 30 days, in order to align with
> the Art. 12 GDPR timeframe for providing information to the data subject.
>

[Alex]  Article 12 seems to be specific to transparency requirements as
they relate to the rights of the data subject, so it iss not clear if it
applies here.  In either case as long as the variable "Y" is "reasonable"
we would be OK with that.

>
> Finally, regarding the proposed four types of responses to a disclosure
> request, requiring specific information to be included in the response is
> too detailed. We should expect the CP to provide a reasonably detailed
> response, including the info that the Controller determines should be
> disclosed. Blanket denials must be permitted where justified, with the
> decision made by the CP.
>
[Alex]  Lets discuss this further on the call today.  To enable
predictability I think it is important to have some high level
recommendations regarding responses here.

Finally, I note in the first paragraph you deleted the phrase
"notwithstanding discussions related to.....".   If you recall in Toronto
we discussed the need for a "reasonable access/disclosure" process to live
in parallel with any future UAM regime to accomodate requestors (on an ad
hoc basis) who may not be accredited.    i.e. Rec 12 should neither wait
for, nor be replaced by, a future UAM.

Thanks.
Alex

> Thank you,
>
> --
> Sarah Wyld
> Domains Product Team
> Tucows+1.416 535 0123 Ext. 1392
>
>
>
> On 1/28/2019 10:02 AM, Marika Konings wrote:
>
> Dear EPDP Team,
>
>
>
> Recommendation #12 and the proposed language by the small team are on the
> agenda for tomorrow’s EPDP Team meeting. To facilitate that discussion,
> please share your groups thoughts, concerns and/or proposed changes with
> the mailing list ahead of tomorrow’s meeting. Please focus on those aspects
> that could affect your group’s support for this recommendation.
>
>
>
> Thanks,
>
>
>
> Caitlin, Berry and Marika
>
>
>
> *From: *Gnso-epdp-team <gnso-epdp-team-bounces at icann.org>
> <gnso-epdp-team-bounces at icann.org> on behalf of Alex Deacon
> <alex at colevalleyconsulting.com> <alex at colevalleyconsulting.com>
> *Date: *Friday, January 25, 2019 at 11:59
> *To: *EPDP <gnso-epdp-team at icann.org> <gnso-epdp-team at icann.org>
> *Subject: *[Gnso-epdp-team] Recommendation 12
>
>
>
> All,
>
>
>
> At the very end of our face to face a very small team (tiny team?) met to
> discuss updates to Recommendation 12 (reasonable access).   The redline
> attached is where we ended up.
>
>
>
> Thanks.
>
> Alex
>
>
>
>
>
> ___________
>
> *Alex Deacon*
>
> Cole Valley Consulting
>
> alex at colevalleyconsulting.com
>
> +1.415.488.6009
>
>
>
> _______________________________________________
> Gnso-epdp-team mailing listGnso-epdp-team at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-epdp-team
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190128/0e363ecd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: donuts.email-whois-output.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 16067 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190128/0e363ecd/donuts.email-whois-output-0001.docx>