[Gnso-epdp-team] Notes and action items from EPDP Meeting #10 - 11 July 2019
Caitlin Tubergen
caitlin.tubergen at icann.org
Thu Jul 11 17:41:30 UTC 2019
Dear EPDP Team,
Please find the notes and action items from today’s meeting below.
As a reminder, the next EPDP Team call will be Thursday, 18 July at 14:00 UTC. The first call for the Phase 2 Legal Committee will be Tuesday, 16 July at 14:00 UTC.
Best regards,
Marika, Berry, and Caitlin
EPDP Meeting #10
11 July 2019
Action Items
Support Staff to (1) compile all early input received into the SSAD worksheet by Thursday, 18 July, and (2) create a corresponding Google doc where EPDP Team members may enter questions regarding the early input.
Each group to review the early input included in the updated SSAD worksheet and provide questions (if any) into the Google doc for early input questions by Thursday, 25 July.
With respect to the order of use case review, Support Staff to send a survey to the groups to prioritize/rank the use cases submitted.
Thomas, Georgios, and Brian to work together on fleshing out the safeguards section of the trademark use case by Friday, 19 July.
Georgios and Chris to work together on fleshing out the safeguards section of the LEA use case and consider the implementation of safeguards, and who would be responsible for the implementation, in the context of a manual and automated system by Monday, 15 July. If Team Members have feedback on the updated text, please provide it by Tuesday, 16 July.
Notes
These high-level notes are designed to help the EPDP Team navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/ZwPVBQ.
EPDP Phase 2 - Meeting #10
Agenda
Thursday, 11 July 2019 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Confirmation of agenda (Chair)
3. Welcome and housekeeping issues (Chair) (10 minutes)
· ICANN65 Recap
· Use cases as agreed methodology to extract commonalities to build SSAD
· Examined two cases and agreed on way forward to F2F in Sept in LA
· Finalized established of legal committee with Leon Sanchez selected as the Chair
· Deadlines agreed where contingent on having 5-6 use cases, the list is now much longer and may mean that timelines need to be revisited. Will be discussed under agenda item 5.
· Reminder: Notice of EPDP team F2F meeting - 09-11 September 2019
· On Sunday, 8 September, there will be an informal get together
· On 11 September, a late lunch will be served, and the session will conclude around 3PM. Accordingly, please do not plan any departures before 5PM from LAX.
4. SG/C/SO/AC Early Input (10 minutes)
· Status of input received: https://community.icann.org/x/zIWGBg
· Prior to ICANN65, ICANN SO/AC/Gs were asked to provide input. Several groups requested additional time, so the deadline was extended to 8 July.
· By the deadline, six groups provided input: RrSG, RySG, BC, NCSG, ISPCP, ALAC (updated per ALAC’s later intervention)
· Support Staff organized the comments received into the comment review tool and organized it into six categories, including purposes for accessing data, credentialing, et. al.
· The tool is designed to facilitate the group’s review of the early input
· The document is available for review on the wiki.
· Discuss how to conduct review of input received (see also early input review tool)
· Staff could review and make proposals
· Small representative team could review
· Review collectively as a team
EPDP Team Feedback:
· ALAC provided a submission, and it is not included within this document.
· This tool is useful for public comments where the comments involve work the team has already deliberated on. It may be helpful to take the feedback received and incorporate it into the existing workbooks. When the Team discusses the relevant topic, the Team would see the early input received and be able to incorporate it into the discussion.
· The full team should review these comments. One way would be for Support Staff to populate the comments into a public comment review tool and use a google doc so that groups can comment online in between calls. Once comments are received, the Team can discuss during the call.
· The SSAD worksheet has the charter questions up front, but the worksheet is not as straightforward as copying and pasting the content. What is the expectation for how this information is populated?
· It would be preferable to include the information under the relevant charter questions.
· It is important that each group review the early input. Each group would be responsible for reviewing the input received on its own. Support Staff will create a Google Doc to include questions on the input. One hour of a plenary call could be dedicated to responding to any questions received. It’s also helpful to include the early input into the worksheets.
· Proposal: Support Staff will compile all input received into the worksheet by next week. Each group will be responsible for reviewing it within seven days. Support Staff will create a Google Doc where groups can include questions on the input. Based on the input received, the Chair will dedicate time during a call to go over questions.
· Confirm next steps
5. Use Cases (20 minutes)
· Overview of use cases submitted: https://community.icann.org/x/-KCjBg
· More use cases were received than originally intended
· Received input from GAC, IPC, BC, ALAC, SSAC
· There are eight meetings remaining prior to F2F meeting in Los Angeles
· Examination of use cases does not mean the Team has to agree on every word within the text
· Out of the 20 use cases, there are 4 LEA, 8 cases for non-law enforcement investigations, 3 cases on IP, 2 commercial, and 2 domain name maintenance
· Proposed methodology:
1. Confirm order of review of use cases
2. Two readings for each use case: first reading of each case will be short (30 minutes). For first reading, groups will be invited to indicate concerns and provide a brief description of the concerns.
3. Following the call, groups may provide their concerns in writing by Friday.
4. Support Staff will compile updated text by Tuesday before the meeting.
5. Second reading will be Thursday - one hour review of updated text.
6. Aim of second reading is to reach a broad understanding among the group.
· EPDP Team Feedback on approach and order of cases
· Criminal law cases could be discussed together with a focus on safeguards. There may be minor breaches of law where personal data should not be revealed. There will also be the reveal area where data can be passed. There may also be cases where severe penalties like the death penalty are involved where commonalities can be found.
· With LEA, it does not matter what the case is (whether copyright, murder) - it is generally the same type of agency. When IPC proposed criminal copyright and criminal trademark, that should be included with other criminal cases. National public security is different as it may not involve a specific crime and a specific individual, so this should not be in the same category. Public security may or may not be national law enforcement. The commercial category is confusing, and domain name maintenance may not be a legitimate category. Some use cases (like BC-9) seem very broad and necessary. The categories are a good start, but there will likely be four or five categories and one example use case within each category.
· For the moment, we should probably not eliminate anything. Instead, the Team should examine if any cases could be merged.
· Important to find commonalities and merge them. The Team should avoid deliberating on every use case submitted. There are some use cases submitted that are likely to be controversial and may bog the group down. Instead, the group should focus on the well understood use cases.
· Regarding the number of use cases, the BC was aiming for specificity. The Team should be cautious about lumping law enforcement and non-law enforcement together.
· In Marrakech, it was agreed the template would be static. For request and response, these have separate legal bases, and it’s important to keep in mind the processing activities. In some use cases, it may be helpful to include workflow diagrams to see how the process of requesting is dealt with.
· We may have received a lot of use cases because the responses are not very specific. For example, why is the data necessary? For this question, there should be a policy or a law that requires that the data should be provided. For the legal basis, there needs to be a rationale provided.
· One of the benefits of the large number of use cases is that it’s helpful when the Team discusses accreditation. Some of the details described above should be included in the request for data, not in the use case itself.
· The outlined methodology works. The Team spent almost 10 hours going through one use case; 90 minutes may not be enough time to go through the outstanding use cases.
· It may be premature to categorize use cases since it’s unlikely everyone has read through all of the use cases. It would be beneficial to merge use cases as the Team goes along, but it’s not appropriate at this stage.
· If there is more interest in learning about criminal cases, Microsoft could bring in a representative to discuss with the Team.
· It may be helpful to devote time to discuss what the envisaged outcome of this work would be. The Team is not aligned on what problem we are trying to solve through the review of the use cases.
· The envisaged outcome is to create building blocks for the SSAD.
· It is not intentioned for the moment to eliminate any use cases; instead, we are trying to determine the order in which use cases are discussed.
· Support Staff will send a survey to the groups to prioritize/rank the use cases submitted. As there was no objection to the methodology, we will proceed in this way.
· Confirm categories identified
· Discuss approach for reviewing and agreeing on use cases
· Confirm next steps
6. Use case: Trademark owners requesting data in the establishment, exercise or defense of legal claims for trademark infringement (20 minutes)
· Review input received on updated version following ICANN65, incl. input per action items
· The clean version aims to address the input and comments received during ICANN65. No additional input was received.
· There was a potential action item for Georgios to review the safeguard categories.
EPDP Team Feedback
· With respect to the safeguards, the template is referring to items that are not really safeguards. Safeguards according to the GDPR refer to safeguards for the data subject.
· The templates can be modified to include the safeguards from the LEA case
· Being able to demonstrate the GDPR safeguards will be critical to show that the Team has a GDPR-compliant solution. In this particular use case, what did the Team learn by going through this in terms of policy recommendations.
· What are the expectations that the safeguards section will be further reworked by someone, and if so, by whom?
· In order to get this template right, it may be helpful to sit with the author and work through the safeguards section.
· Action: Thomas and Georgios to work together on fleshing out the safeguards section of the trademark use case.
· If following these updates, the use case needs to be revisited, we will determine if further review is needed.
· Confirm any outstanding concerns / issues
· Preliminary agreement on use case
· Confirm next steps, if any
7. Use case: Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller (20 minutes)
· Confirm changes post ICANN65
· With respect to safeguards, it will depend on the access/disclosure system as to what safeguards are required.
· Will the Team detail, within each use case, the specific safeguards that are relevant? Or is the Team trying to collaborate on broad safeguards?
· The Team needs to identify what the safeguards are and who is responsible for implementing them.
· If the Team is contemplating an eventual automatic system, it’s unlikely an artificial intelligence engine will review paragraphs of legal text for legal justification. Instead, it’s likely the accredited user will have to certify it meets certain requirements.
· The value of accreditation is helpful irrespective of if the ultimate system is manual or automated.
· Action: Georgios and Chris to revisit the safeguards and think of implementation of the safeguards and who will be responsible for implementing the safeguards in the context of a manual and automated system.
· Proposal to make the title Criminal Law Enforcement and delete national security. Within the purpose statement, delete everything after terrorism as the additional text is a separate type of use case.
· The intent for the purpose statement was to have an overarching purpose where the activities could involve a criminal activity so that multiple use cases could fall under the overarching purpose
· Confirm any outstanding concerns / issues
· Preliminary agreement on use case
· Confirm next steps, if any
8. Policy questions for strawberry team (10 minutes)
· Confirm status of development of policy questions
· Marc A. and Georgios agreed to put together policy questions for review.
· The suggestion by Marc in Marrakech was not to work on policy questions for the strawberry team. ICANN commissioned the TSG report to send to DPAs to see what is and is not workable under GDPR and to see if the TSG model could be used to limit the liability of the contracted parties. The TSG is a technical solution that presupposes policy. Marc’s proposal is not to submit more policy questions to the strawberry team - proposal is to reach out to the strawberry team to understand what their policy assumptions are and ensure it is in line with what the EPDP Team is doing.
· After ICANN org presented the basic assumption about eliminating liability of the contracted parties. It would be better to present the DPAs with who is taking the liability, not how it is shifted. The questions needs to be framed in the correct way.
· When it is the right time for the Team to discuss Georgios and Marc’s proposal, the Leadership Team will put it on the agenda.
· Confirm next steps
9. Any other business (5 minutes)
· Priority 2 small team meetings update
a) Accuracy and WHOIS ARS
b) Input received on other priority 2 items from RrSG
c) Leadership to recommend next steps via mailing list
· Council request for input on org letter requesting clarification on Data Accuracy and Phase-2 (see https://gnso.icann.org/sites/default/files/file/field-file-attach/marby-to-drazek-21jun19-en.pdf). EPDP Team to provide input on the mailing list. Confirm deadline for input.
· Legal committee meeting on Tuesday 16 July at 14.00 UTC
10. Wrap and confirm next meeting on Thursday 18 July at 14.00 UTC (5 minutes)
· Confirm action items
· Confirm questions for ICANN Org, if any
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190711/1785a260/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190711/1785a260/smime-0001.p7s>
More information about the Gnso-epdp-team
mailing list