[Gnso-epdp-team] [Ext] Re: Proposed agenda and materials for review - EPDP Team meeting Thursday 13 June at 14.00 UTC
Greg Aaron
greg at illumintel.com
Mon Jun 17 21:38:18 UTC 2019
Dear Marika:
Attached please find an updated Purposes Template from the SSAC ePDP team.
The term “security research” has taken hold as shorthand for purpose sand use cases associated with security. It is a very inadequate term, and there is probably little common understanding so far of what the term might mean. People tends to think of "research" as an offline and manual activity, akin to academic research. But security purposes more often have an operational character -- dealing with problems in a real-time or near-real-time basis, in response to a problem.
So we suggest that "Security operations, investigation, and research” would be a much better label. That would be separate from a pure "research" purpose, which includes work that is not related to security, such as measuring Internet adoption, market research, etc.,, and is described in some other GDPR Recitals.
With best wishes,
--Greg
-----Original Message-----
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Marika Konings
Sent: Wednesday, June 12, 2019 4:08 PM
To: Hadia Abdelsalam Mokhtar EL miniawi <Hadia at tra.gov.eg>; Janis Karklins <karklinsj at gmail.com>
Cc: gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] [Ext] Re: Proposed agenda and materials for review - EPDP Team meeting Thursday 13 June at 14.00 UTC
Thanks, Hadia for your feedback. If other EPDP Team members have additional suggestions or would like to share their thoughts on the approach proposed by Hadia, you are encouraged to do so in advance of tomorrow's EPDP Team meeting.
Best regards,
Caitlin, Berry and Marika
On 6/12/19, 12:58, "Hadia Abdelsalam Mokhtar EL miniawi" <Hadia at tra.gov.eg> wrote:
Dear Janis,
Thank you for outlining the charter section that is in relation to our work, however I do not see any contradiction between what I meant and the charter's question "a1) Under applicable law, what are legitimate purposes for third parties to access registration data?
The draft document circulated by staff says that the 3rd party purposes have been inspired/derived from the community responses to a request from ICANN at the end of June 2017 to identify user types and purposes of data elements required by ICANN policies and contracts. So instead of being driven by some data that was collected in 2017 which might include purposes that are not GDPR compliant, why not rely on our work that was developed in phase 1 - which actually stems from ICANN's purposes - and make this our base for identifying the users' types and purposes.
Article 5 (1)b of the GDPR - Purpose limitation -says that the data needs to be collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes
Using our work as the starting point and base to identify the users and their purposes rather than previously collected data would yield to more up to date results.
So yes, my below points are not quite accurate, as for sure we shall need to refer to the third parties purposes when identifying the lawful basis and the data elements. But generally speaking I would like our starting point in identifying the users of the SSAD to be our previous work in phase 1 and not previously collected data that was in relation to the retired WHOIS and was prior to the GDPR and the temp Spec and could be debated forever.
I hope my thoughts are clearer this time and better organized
Regards
Hadia
________________________________
From: Janis Karklins <karklinsj at gmail.com>
Sent: 12 June 2019 18:45
To: Hadia Abdelsalam Mokhtar EL miniawi
Cc: Marika Konings; gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] Proposed agenda and materials for review - EPDP Team meeting Thursday 13 June at 14.00 UTC
Dear Hadia,
Thank you for your mail outlining your view on the scope of our task.
I just checked the Charter and found the following tasks:
... (page 7)
System for Standardized Access to Non-Public Registration Data
Work on this topic shall begin once the gating questions above have been answered and finalized in preparation for the Temporary Specification initial report. The threshold for establishing “answered” for the gating questions shall be consensus of the EPDP Team and non-objection by the GNSO Council.
(a) Purposes for Accessing Data – What are the unanswered policy questions that will guide implementation? a1) Under applicable law, what are legitimate purposes for third parties to access registration data? a2) What legal bases exist to support this access? a3) What are the eligibility criteria for access to non-public Registration data? a4) Do those parties/groups consist of different types of third-party requestors? a5) What data elements should each user/party have access to based on their purposes? a6) To what extent can we determine a set of data elements and potential scope (volume) for specific third parties and/or purposes? a7) How can RDAP, that is technically capable, allow Registries/Registrars to accept accreditation tokens and purpose for the query? Once accreditation models are developed by the appropriate accreditors and approved by the relevant legal authorities, how can we ensure that RDAP is technically capable and is ready to accept, log and respond to the accredited requestor’s token?
...
How would you reconcile your view with task a1 of the Charter? I simply want to understand different points of view to prepare better for the team meeting tomorrow.
Thank you
JK
On Wed, Jun 12, 2019 at 3:03 PM Hadia Abdelsalam Mokhtar EL miniawi <Hadia at tra.gov.eg<mailto:Hadia at tra.gov.eg>> wrote:
Dear Staff,
Thank you for the submitted document, however I have fundamental comments in relation to the logic through which we are handling the first topic of the SSAD that is defining the user groups and data elements
• The EPDP team should be considering only ICANN purposes and not third parties' purposes, for this reason the starting point in defining the users of the system should be the ICANN purposes previously defined in phase1. Whilst purpose 2 could be considered serving the public interest by maintaining the security, stability and resiliency of the DNS in accordance to ICANN's mission and bylaws
• So our starting point should be to analyze each of the 7 ICANN purposes to determine 1)who needs to access the registration data in order to fulfill this purpose 2)which parts of the data does he need to access in order to fulfil the purpose
• Stemming from the above will originate all of the user groups and categories as well as the data elements, like the ones in the sheets. We must remember that third parties' purposes are not our objectives but fulfilling ICANN's purposes is our objective and in satisfying ICANN's purposes access or disclosure to certain parts of the data is required for several types of users.
Kind regards
Hadia
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces at icann.org<mailto:gnso-epdp-team-bounces at icann.org>] On Behalf Of Marika Konings
Sent: Tuesday, June 11, 2019 3:41 PM
To: gnso-epdp-team at icann.org<mailto:gnso-epdp-team at icann.org>
Subject: [Gnso-epdp-team] Proposed agenda and materials for review - EPDP Team meeting Thursday 13 June at 14.00 UTC
Dear EPDP Team,
Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 13 June at 14.00 UTC. For agenda item 6c, you will find attached an initial draft of the agenda for the F2F meetings at ICANN65 – if you have any comments or suggestions, you are encouraged to share these. Please also review the document for agenda item 4 in advance of the meeting.
Best regards,
Caitlin, Berry and Marika
======================
EPDP Phase 2 - Meeting #6
Proposed Agenda
Thursday, 13 June 2019 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Confirmation of agenda (Chair)
3. Welcome and housekeeping issues (Chair) (10 minutes)
• Working definitions – confirm posting of updated version on wiki
• Legal advisory group – nominations received to date
• SSAD Priority 1 worksheet status
4. SSAD – Topic c: Define user groups, criteria and purposes / lawful basis per user group (Marika) (40 minutes)
a. Review purpose template developed by staff support team (see attached)
b. EPDP Team input
c. Confirm next steps
5. Presentation by Steve Crocker (40 minutes)
a. Presentation
b. Q & A
6. Any other business (5 minutes)
a. Priority 2 small team meetings update
Reminder - Call schedule remaining priority 2 worksheets:
• Monday 17 June – 13:00 – 14:30 UTC
Potential OCTO Purpose
Feasibility of unique contacts to have a uniform anonymized email address
• TBC (post ICANN65)
Accuracy and WHOIS ARS
Deadline for providing input for those that were not able to attend the calls – proposed 20 June 2019.
b. Confirm attendance for meeting on Thursday 13 June at 14.00 UTC
c. ICANN65 EPDP Team meetings - Initial Draft Agenda (see attached)
7. Wrap and confirm next meeting to be scheduled for Thursday, 13 June at 14.00 UTC (5 minutes)
a. Confirm action items
b. Confirm questions for ICANN Org, if any
Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings at icann.org<mailto:marika.konings at icann.org>
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org<mailto:Gnso-epdp-team at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwIF-g&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=ANFiCeSxpo6WG5vUnbLixbNdV1OLoQS1k3QN2i2yWBQ&s=H0-5BIG1keFbuUlBuygKdLEXyg52ZxtG69FbrK-Uj1U&e= ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwIF-g&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=ANFiCeSxpo6WG5vUnbLixbNdV1OLoQS1k3QN2i2yWBQ&s=cMyskr0zI86Y5VnY0hHR9qv-ZR8yFmzHuP-TSXicMMs&e= ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Purposes template - updated 10 June 2019 -- SSAC.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 43017 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190617/26e47a82/Purposestemplate-updated10June2019--SSAC-0001.docx>
More information about the Gnso-epdp-team
mailing list