[Gnso-epdp-team] European Commission comments on Phase 1 report - additional information
Volker Greimann
vgreimann at key-systems.net
Fri May 3 12:29:32 UTC 2019
Thank you Chris for forwarding this.
As expected, the response is very helpful in providing further clarity
in how future disclosure models should work and it is also very helpful
that they provided a quick response just in time to the tstart of our
deliberations.
By stating that access should be enabled "/_upon request _(...) _showing
a legitimate interest_, provided both the controller (...) and the third
party _have a legal basis _for such processing (...)" /they basically
support a point many participants of Phase 1 have been making all along
in this debate:
_Disclosure can only work on a per-request basis and each such request
must show both the legitimate interest for the disclosure and the legal
basis for the processing activity requested for all parties involved in
the disclosure._
This explicitly excludes any concepts of "all-access" models where a
requester need only acquire some form of certification or accreditation
prior to being restored to the access to the whois of yore. I therefore
propose that we abandon these concepts at the start of our deliberations
to avoid wasting time on ultimately futile debates.
Another shortcut we could use to save time is to initially focus our
discussions of the UDM (Unified Disclosure Model) by looking exclusively
at those parties with the best legal basis for disclosure: national law
enforcement agencies and other public authorities in the same
jurisdiction as the data controller. Once we have a model for these
parties, the rest can follow from there. Obviously, the disclosure
methods these parties have legal rights to (that turn into legal
obligations for the data compliance) would vary on the legal bases of
their appropriate jurisdictions and that is ultimately something that we
would need to ask the individual GAC members to provide for example.
For example, we could start out by asking a GAC members to provide data
on how individual law enforcement bodies and public authorities have to
go about in their specific jurisdiction with obtaining data from
comparable data controllers, like telephone companies, internet access
providers or hosting providers. Are there special processes that
entities would need to follow? If so, could our model be based on these
processes for these jurisdictions? If, for example, a local police has
to obtain a court warrant or subpoena to demand disclosure personal data
held by a webhoster, is that not also sufficiently equivalent to a
demand towards a contracted party? This does mean we would have to vary
our model by jurisdiction, but ultimately it seems to be the most
legally sound way to operate. This is also supported by the letter,
which states: "/Instead, they need to rely on another legal basis, which
is normally provided for in national law./" It is the job of the GAC to
tell us what this legal basis is in each instance and it is our job to
reflect this basis in our model for access of the entities so entitled.
Best regards,
Volker Greimann
Am 03.05.2019 um 13:10 schrieb Chris Disspain:
> Hello All,
>
> As you will know, on 26 April Göran Marby wrote to the European
> Commission seeking additional information regarding their comments of
> 17 April. That letter is attached for ease of reference.
>
> A response has now been received from the Commission and I attach that
> for your information.
>
>
>
> Cheers,
>
>
> CD
>
>
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
--
Volker A. Greimann
General Counsel and Policy Manager
*KEY-SYSTEMS GMBH*
T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net
Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin
Part of the CentralNic Group PLC (LON: CNIC) a company registered in
England and Wales with company number 8576358.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190503/f5e804fb/attachment.html>
More information about the Gnso-epdp-team
mailing list