[Gnso-epdp-team] Proposed working definitions of the frequently used terms during the EPDP Phase 2

[Amr Elsadr]

Hi,

My understanding is that these working definitions are meant to be a helpful tool for EPDP Team members, when using the words defined - everybody will understand exactly what a word/phrase is being referred to, because a definition has been agreed upon. So I’m not opposed to having working definitions. I’ve found their use to be practically helpful in the past, and hope they could be moving forward in phase 2.

However, as discussed during yesterday’s meeting, I don’t find this proposed definition to be at all helpful. To be honest, I’m not even sure how to nail down what word is being defined in it. To me, it reads more like a stake in the ground for a policy outcome, which is very broad and that we are very far from reaching a conclusion on.

Like I said, I’m not even sure what is being defined, but the definition seems to cover the following:

- A request for access by third parties

“Access” is not defined in the proposed working definitions, although “Disclosure” is. “Right of access” is defined, but it might still be worthwhile to also define “access”, and make the difference between the EPDP Team’s use of this word vs “disclosure” clear to everyone. Use of “access” here without it itself being defined isn’t helpful in providing clarification to the intended use of the word. This is especially true since use of disclosure vs access is the whole reason why these working definitions are being proposed in the first place.

- The request may be for a full set or subset of non-public gTLD registration data

This is so incredibly vague. A working definition is meant to make things clearer, not more confusing. More specific, not more general. What purpose does having this definition cover both the full set as well as an unidentified subset(s) of gTLD registration data possibly serve? What is this seeking to clarify, and how does this achieve that goal?

- The request is compliant with a disclosure policy

Not helpful to refer to a disclosure policy that does not yet exist.

- The disclosure policy is compliant with GDPR

This is what we’re all trying to work towards, but we’re not there yet. I hope that nobody here is hoping we come up with a policy that is not compliant with GDPR. At best, this part of the definition is redundant, but what really bothers me with this is that it is presumptuous in a policy outcome that does not yet exist. I suppose it is relatively harmless to presume that a policy allows for requests (any type of requests) to be made by third parties, and remain GDPR-compliant (my impression is that it’s more the response to these requests that have to demonstrate compliance, not the requests themselves), but why is this all being crammed in to this proposed definition. I hope I’m not being thick, but I’m finding the point to this very elusive.

- The disclosure policy has been developed via the EPDP

Again…, this is what the EPDP Team’s objective is in phase 2, but right now the EPDP has not resulted in a GDPR-compliant disclosure policy yet.

Overall, I find this definition is presumptuous (especially concerning a hypothetical policy outcome), vague, and confuses/harms more than it clarifies/helps. I don’t believe we should even attempt to edit this. We should just drop it altogether.

Thanks.

Amr

> On May 31, 2019, at 6:30 AM, jk <karklinsj at gmail.com> wrote:
>
> Hi Milton.
>
> I would agree with you if you would be the only member of the team. There are others who hold different view. My role of the Chair is to try to reconcile diverging opinion and propose compromise formulations. This is what I attempted to do.
>
> May I also propose an experiment to you. Pls step in my shoes for a moment and try to reconcile different opinion of the team and come up with a compromise formulation.
>
> Thing that I agree is that we don’t need to waste too much time on working definition. If after further reflections members will not be able to come to a consensual compromise, I will park the document in the folder – Chair’s proposals.
>
> Looking forward to see your compromise formulation.
>
> JK
>
> [ ]
> From: Mueller, Milton L [mailto:milton at gatech.edu]
> Sent: Thursday, May 30, 2019 7:33 PM
> To: Janis Karklins <karklinsj at gmail.com>; gnso-epdp-team at icann.org
> Cc: gnso-epdp-lead at icann.org
> Subject: Re: [Gnso-epdp-team] Proposed working definitions of the frequently used terms during the EPDP Phase 2
>
> Hi, Janis,
>
> I am still having trouble with this:
>
> "The request of third parties for access to full set or subset of non-public gTLD domain name registration data through disclosure policy that is fully compliant with GDPR and developed as a result of the EPDP."
>
> This definition seems to be straining to get the word "access" into the definition even though the substance of the definition renders the word meaningless. Please do the following experiment. Delete the words "access to full set or subset of" from this definition. This is what you get:
>
> "The request of third parties for non-public gTLD domain name registration data through disclosure policy that is fully compliant with GDPR and developed as a result of the EPDP."
>
> In other words, the definition works fine without the word access.
>
> So let's be frank and realistic. We have a solid legal basis for talking about access for data subjects and none for access for third parties. Ergo, there is no reason to include third party requests in the definition of "access" unless we are trying to leverage the definition to lead to a particular policy outcome.
>
> I respectfully suggest, again, that we stop wasting time trying to impose idiosyncratic and politically motivated definitions on the process, and move straight on to having the policy debate about what kind of disclosure processes and rights third parties are going to get. That, ultimately, is all that matters. The definitional stuff is just spinning our wheels with political spin and positioning.
>
> --MM
>
> ---------------------------------------------------------------
>
> From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of Janis Karklins <karklinsj at gmail.com>
> Sent: Thursday, May 30, 2019 5:59 AM
> To: gnso-epdp-team at icann.org
> Cc: gnso-epdp-lead at icann.org
> Subject: [Gnso-epdp-team] Proposed working definitions of the frequently used terms during the EPDP Phase 2
>
> Dear team members,
>
> Pls see attached the Proposed working definitions of the frequently used terms during the EPDP Phase 2. It takes to account comments made by members and attempts to reconcile divergence of views on interpretation of some terms.
>
> Pls consider this proposal with clear understanding that these are not legal definitions, but only explanatory texts for the use of EPDP Phase 2 only.
>
> I hope you will find proposal as one you can live with. My wish is to endorse this understanding and move further with discussions on the outline of SSAD.
>
> Thank you
>
> JK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190531/763b8a6d/attachment-0001.html>