[Gnso-epdp-team] Question for legal advisors
Alan Greenberg
alan.greenberg at mcgill.ca
Wed Jul 24 20:53:21 UTC 2019
As requested during the last meeting, here is a question to go to the
Legal Committee looking for a clear legal opinion.
===============================
If information is to be requested released to third parties, the
controller or other party(ies) must decide whether the need for the
data outweighs the data subject's right to privacy.
If the decision is made by a human, the competing needs/rights can be
carefully weighed to decide whether the request should be honoured.
If we are to consider any form of automated decision process, it is
unlikely that we can build a sufficiently robust artificial
intelligence engine to carry out the balancing operation. That raises
the question of to what extent, based on appropriate accreditation
processes, can we rely on the vetting during accreditation and the
commitments made by the requester in order to be accredited can be relied upon.
Specifically, if a requester is properly vetted and provides
assurances (and proof?) they understand the balancing that must be
done, can the automated system presume that the balancing test has
been satisfied.
Of course, accreditation could be revoked if it comes to light that
inappropriate requests are being made.
In one simple case, if a UDRP provider (who is authenticated as such)
make a request claiming it is for an ongoing UDRP process, can it be
presumed that it is an authentic request and simply grant it.
A less clear case is that of a cyber security researcher who has been
properly accredited (the Anti-Phishing WG as an example).
Perhaps other specific cases should be cited in the question, but we
do need guidance in the general case. Without being able to rely on
the reputation and assurances of the requester, I do not see how ANY
automated process will be possible.
Alan
More information about the Gnso-epdp-team
mailing list