[Gnso-epdp-team] Access vs Disclosure and Centralized vs Decentralized

Mueller, Milton L milton at gatech.edu
Fri May 17 09:21:48 UTC 2019

I want to differ a bit with Alan's analysis below.

Access typically denotes a more general right to get something when one wants it. When I buy a subscription to a mobile phone service I am buying "access" to the network whenever I want to use it. A distinction between access demand and usage demand is a staple of information and communication economics.

In this regard, as Janis's slide correctly stated, in data protection law and policy the right of access usually refers to the right of a data _subject_ to inspect their data to ensure its accuracy. This is a broader, less conditional right than, say, the interest of a trademark holder in seeing a third party's domain name registration data. The trademark holders occasionally have a legitimate interest to see redacted data of a suspected infringer. What the trademark holder wants is the disclosure of contact data he or she  needs to serve legal process or to ascertain the legitimacy of the name's use.  The trademark holder does _not_ have a right of access to any and all registration data; he has disclosure rights.

So the insistence on the use of the term "disclosure" rather than "access" is not arbitrary, and we don't solve it with A/D. They are fundamentally different concepts and we need to keep them distinct. There are important differences in using one name or the other. whether we are talking UDM or some other form of DM when we talk about third parties we are talking about a disclosure model, not an access model.

From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Alan Greenberg
Sent: Wednesday, May 15, 2019 11:07 PM
To: GNSO EPDP <gnso-epdp-team at icann.org>
Subject: [Gnso-epdp-team] Access vs Disclosure and Centralized vs Decentralized

I would find the discussions of these two issues quite humorous if it was not for how much time we have and will spend on them, and the fact that the debates will take time and effort away from real issues.

Access vs Disclosure

They are the same thing, but from different perspectives. From the perspective of the entity holding the data (primarily the contracted parties in our case), information they hold and may be responsible for is being "disclosed". From the perspective of the entity requesting the data, it is a matter of them "accessing" it.

We can certainly define new meanings for these words as suggested on slide 3. But long experience has shown that when you attempt to define existing words in a way that is different from the dictionary meaning (ie {"access" is only for the data subject) people always revert back to the dictionary definitions and cause untold confusion.

Centralized vs Decentralized

Any real world solution that will be usable by those who will need data, and be supportable by those who hold the data, will have components that are decentralized and components that a centralized (and yet perhaps replicated for reliability). For example there will likely be common places at which to make a request, and accreditation for a given type of requestor may be centralized, yet the data will almost certainly reside in highly decentralized places.

Let's focus on how the work will be done and not worry about global labels.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190517/ec70268c/attachment.html>

More information about the Gnso-epdp-team mailing list