[Gnso-epdp-team] EPDP Homework: Updated Draft of Board Letter
Brian.King at markmonitor.com
Wed Oct 9 20:51:45 UTC 2019
Thank you, and thanks to our Board liaisons for their assistance. I think it might be more accurate to say that absent input from the board, we might propose policy recommendations that the Board might find unpalatable.
The IPC does not agree that in the absence of input from the board we would abandon the concept of a centralized SSAD. Rather, we would continue to work together on a centralized SSAD, taking the “leap of faith” as suggested by Ashley.
Brian J. King
Director of Internet Policy and Industry Affairs
T +1 443 761 3726
Protecting companies and consumers in a digital world
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of James M. Bladel
Sent: Wednesday, October 9, 2019 4:07 PM
To: gnso-epdp-team at icann.org
Subject: [Gnso-epdp-team] EPDP Homework: Updated Draft of Board Letter
Regarding the draft letter to the Board presented on Tuesday, some members were uncomfortable with the wording of the last sentence. Since that call, I’ve been working with our Board liaisons (Becky and Chris) to make some edits. The resulting Revised Draft copied below. To expedite your review, please note that only the final sentence has changed.
Letter from EPDP 2 to ICANN Board on Standardized System for Access/Disclosure (SSAD)
To: ICANN Board
CC: GNSO Council
Dear ICANN Board,
We are writing to you at the suggestion of the EPDP 2 Board liaisons. The working group is at a critical junction which requires clear input from the Board in order to further our work to produce realistic, timely, implementable policy recommendations. Specifically, we seek to understand the Board’s position on the scope of operational responsibility and level of liability (related to decision-making on disclosure of non-public registration data) they are willing to accept on behalf of the ICANN organization along with any prerequisites that may need to be met in order to do so.
Our goal is to avoid policy recommendations that cement the current situation, where requests for non-public registration data are handled on a case-by-case basis by the registry/registrar in a non-standardized and decentralized manner. We are considering several models for a Standardized System for Access and Disclosure (SSAD), including (but not limited to) the Unified Access Model (UAM) developed by the Technical Study Group. All of the proposed “centralized” SSAD models presume that ICANN will assume an operational role, and, depending upon the model, some degree of responsibility and liability for decisions to disclose non-public data to a third-party requester.
In some models, ICANN (or its designee) would approve accrediting bodies, or function as an accrediting body themselves. Some proposed models establish ICANN (or its designee) as the entity that will conduct an initial validation of disclosure requests prior to relaying this request to the appropriate registry or registrar. Other proposed models would require ICANN to play a larger role, either endorsing the legitimacy of the request, or issuing a determination of whether or not the registrar or registry should or must disclose the non-public data to the third party requester.
We recognize that our questions are clouded by the uncertainty associated with constructing a model that is compliant with the General Data Protection Regulation (GDPR) and other privacy laws. We are also aware of the work of ICANN org (via the “Strawberry Team”) to engage with data protection authorities to better understand the liability involved in decisions to disclose non-public registration data. As noted above, our goal is to produce realistic, timely, and implementable policy recommendations, and our work requires Board input on the level of involvement and amount of liability they are willing to assume for ICANN org, along with any prerequisites that may need to be met in order to do so.
Absent that input, the EPDP work must abandon the centralized SSAD model, and shift its focus to policy recommendations aimed at improving the existing distributed model in which each registry and registrar independently evaluates, applies their own balancing test, and responds to queries on a case by case basis.
EPDP Phase 2 working group members
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team