[Gnso-epdp-team] EPDP Homework: Updated Draft of Board Letter

Matt Serlin matt at brandsight.com
Wed Oct 9 22:09:40 UTC 2019

I believe including that final sentence gets at the heart of the issue with the guidance we are seeking and removing it makes the letter less impactful IMO.

Yes, we think the Board and Org do know these things but I think being as explicit as possible with our words will help ensure we get the most clear answer from the Board as possible.


From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of "Mark Svancarek (CELA) via Gnso-epdp-team" <gnso-epdp-team at icann.org>
Reply-To: "Mark Svancarek (CELA)" <marksv at microsoft.com>
Date: Wednesday, October 9, 2019 at 3:35 PM
To: "James M. Bladel" <jbladel at godaddy.com>, "gnso-epdp-team at icann.org" <gnso-epdp-team at icann.org>
Subject: Re: [Gnso-epdp-team] EPDP Homework: Updated Draft of Board Letter

I still think it’s better not to close the letter with a threat or even a prediction.  The Board and Org know the critical importance of giving us a decision answering this letter.

We suggest removing the final sentence.  The rest of the letter is great.


From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of James M. Bladel
Sent: Wednesday, October 9, 2019 1:07 PM
To: gnso-epdp-team at icann.org
Subject: [Gnso-epdp-team] EPDP Homework: Updated Draft of Board Letter

Colleagues –

Regarding the draft letter to the Board presented on Tuesday, some members were uncomfortable with the wording of the last sentence.  Since that call, I’ve been working with our Board liaisons (Becky and Chris) to make some edits.  The resulting Revised Draft copied below.  To expedite your review, please note that only the final sentence has changed.


James Bladel

Letter from EPDP 2 to ICANN Board on Standardized System for Access/Disclosure (SSAD)

To: ICANN Board
CC: Goran
CC: GNSO Council

Dear ICANN Board,

We are writing to you at the suggestion of the EPDP 2 Board liaisons.  The working group is at a critical junction which requires clear input from the Board in order to further our work to produce realistic, timely, implementable policy recommendations.  Specifically, we seek to understand the Board’s position on the scope of operational responsibility and level of liability (related to decision-making on disclosure of non-public registration data) they are willing to accept on behalf of the ICANN organization along with any prerequisites that may need to be met in order to do so.

Our goal is to avoid policy recommendations that cement the current situation, where requests for non-public registration data are handled on a case-by-case basis by the registry/registrar in a non-standardized and decentralized manner.  We are considering several models for a Standardized System for Access and Disclosure (SSAD), including (but not limited to) the Unified Access Model (UAM) developed by the Technical Study Group.  All of the proposed “centralized” SSAD models presume that ICANN will assume an operational role, and, depending upon the model, some degree of responsibility and liability for decisions to disclose non-public data to a third-party requester.

In some models, ICANN (or its designee) would approve accrediting bodies, or function as an accrediting body themselves.  Some proposed models establish ICANN (or its designee) as the entity that will conduct an initial validation of disclosure requests prior to relaying this request to the appropriate registry or registrar. Other proposed models would require ICANN to play a larger role, either endorsing the legitimacy of the request, or issuing a determination of whether or not the registrar or registry should or must disclose the non-public data to the third party requester.
We recognize that our questions are clouded by the uncertainty associated with constructing a model that is compliant with the General Data Protection Regulation (GDPR) and other privacy laws.  We are also aware of the work of ICANN org (via the “Strawberry Team”) to engage with data protection authorities to better understand the liability involved in decisions to disclose non-public registration data.  As noted above, our goal is to produce realistic, timely, and implementable policy recommendations, and our work requires Board input on the level of involvement and amount of liability they are willing to assume for ICANN org, along with any prerequisites that may need to be met in order to do so.
Absent that input, the EPDP work must abandon the centralized SSAD model, and shift its focus to policy recommendations aimed at improving the existing distributed model in which each registry and registrar independently evaluates, applies their own balancing test, and responds to queries on a case by case basis.

Thank you,

EPDP Phase 2 working group members

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20191009/66b0cddd/attachment-0001.html>

More information about the Gnso-epdp-team mailing list