[Gnso-epdp-team] BC Comments to the User Groups

Margie Milam margiemilam at fb.com
Wed Jun 5 23:29:34 UTC 2019

Dear All,

On behalf of the BC, here are our comments to the Proposed User Groups:


  *   We agree that Registrant Access is necessary.  For example, one common use case is where the registrant may be a company whose former employee may have registered the domain name in a personal account, and the company may not have access to the registrar account.   Another is where someone has purchased or transferred a domain name and needs to confirm that the acquisition or transfer has been properly completed.
  *   We note that this user group has an additional legal basis, and suggest that this section be updated to include Article 15 (right of access for data subject).

  *   We agree that end users need access for consumer protection purposes. This is consistent with the EU Data Protection Board’s letter last year that recognized ICANN’s mandate under its Bylaws to assess whether WHOIS meets the “legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data”, and also recognized ICANN’s commitment to adequately address issues of competition, consumer protection, security and stability, malicious abuse, sovereignty concerns and rights protection prior to authorizing an increase in new GTLDs.
  *   The legal basis should also include 6(1)(e) (public interest), and 6(1)(b) – performance of contract, as referenced in the EC letter dated March 19th.
EU & Non-EU Law Enforcement:

  *   These should be combined into one user group
  *   The legal basis should include 6(1)(b) performance of contract, and public interest 6(1)(e), and should not include 6(1)(f) since the EC letter states that “[i]t is also worth recalling that under the GDPR legitimate interest cannot be used as a legal basis for data processing by public authorities (including law enforcement authorities) in the performance of their tasks.”  It should also be 6(1)(c) in some instances, as per the EC’s comments on the Phase 1 Final Report.
Intellectual Property:

  *   We support each of the purposes listed in c) and should add another bullet:
To support investigations to facilitate usage of ICANN’s rights protection mechanisms

  *   The legal basis should include 6(1)(b) performance of contract and 6(1)(e) public interest.
  *   b) self- certification of the owner, attorney, agent, analyst as representing an IP rights holder
Commercial:  We support this user group.
Security Researchers:

  *   This purpose should be renamed “Security Practitioners.”
  *   The definition is too narrow and should include “individual or entity involved investigating, analyzing and mitigating security, fraud and cybercrime”
  *   The legal basis should include 6(1)(b) performance of contract and 6(1)(e) public interest.
  *   b) self-certification as a member a recognized security mitigation group such as APWG, MAAAWG, CAUCE, and required recertification on an annual basis;
Academic Researcher:

  *   This purpose should be updated to include cybercrime and abuse research.
  *   The legal basis should include 6(1)(e) public interest.
  *   c) Employees, professors, and students in post-secondary education institutions conducting research or studies involving domain names
Additional user - ICANN:
We need to address ICANN’s use of WHOIS, as well as those
entities under contract with ICANN, such as to conduct security-related studies, or to allow ICANN to continue with the WHOIS Accuracy Reporting System.

All the best,

Margie and Mark
On behalf of the BC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190605/7a6aeef5/attachment-0001.html>

More information about the Gnso-epdp-team mailing list