[Gnso-epdp-team] Proposed agenda - EPDP Team meeting #20 on Tuesday 24 September at 14.00 UTC

Greg Aaron greg at illumintel.com
Mon Sep 23 16:10:38 UTC 2019

Adyen’s proposal has major flaws, and IMHO is a non-starter.


One: it does not propose a deadline for the registry/registrar to provide any substantive response, i.e. the data or a denial.  Instead, it seems to allow contracted parties to not provide a substantive response for sixteen days, and maybe more.  That sets a very long response floor and expectation for the entire gTLD world.  The effective result will be: no flow of data.


Two: as we discussed in Los Angeles, we are trying to automate what can be automated, including automated decision-making where it is possible.  For anything that is automated, an ACK letter is not necessary -- instead the data (or a 6(1)f denial) should just come back in reply.  That would leverage RDAP, which is a goal of ours.  See also the TSG paper.


Three: a written ACK is appropriate for requests that are made offline, outside the system.  Even then, an acknowledgement of receipt can be issued automatically and immediately by the contracting party (with a tracking number).  That’s SOP for any system that requires the tracking of submissions, and most registrars already do it with customer service tickets.  


Four: the proposal assumes that data subjects must be informed every time a request for their data comes in, and that data subjects have the right to decline the processing.  The GDPR does not    require either of those.  Instead, GDPR requires that the data subject be made aware before of the processing that may happen, and who generally the recipients may be.  Appropriately, the Temp Spec already covers  this – it requires registrars to notify their registrants of the  specific purposes for which their data will be processed, and potential recipients, so case-based notification is not required. (Temp Spec, Section 7.)  If the policy needs to be more specific and tell registrants that they are subject to GDPR Article 6 disclosures, then we should make that happen.  Unfortunately Adyen’s proposal builds in a way for data subjects to hide their criminal activity and cover their tracks.  That is not necessary under the law, and it is contrary to the GDPR’s intent.  SSAC provided the legal-sub team with draft questions about these topics in the last submission round, and hopefully those will go to Bird & Bird soon.


All best,





From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Ayden Férdeline
Sent: Sunday, September 22, 2019 7:06 PM
To: Alex Deacon <alex at colevalleyconsulting.com>
Cc: gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] Proposed agenda - EPDP Team meeting #20 on Tuesday 24 September at 14.00 UTC


Hi Alex,


I envision this being some form of written communication (most likely an email) that lets the SSAD requestor know that their request has been successfully received and is being processed. I also imagine it containing a copy of their request.







‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Sunday, 22 September 2019 22:45, Alex Deacon <alex at colevalleyconsulting.com <mailto:alex at colevalleyconsulting.com> > wrote:




Can you describe what form this "Receipt Acknowledgement Letter" would take? 





Alex Deacon

Cole Valley Consulting

alex at colevalleyconsulting.com <mailto:alex at colevalleyconsulting.com> 





On Sat, Sep 21, 2019 at 11:41 AM Ayden Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com> > wrote:



Regarding building block k, I have alternate language that I would like to table for consideration please. 


The language circulated in the below email is:


Building Block k) (Receipt of acknowledgement)

The EPDP Team recommends that, consistent with the EPDP Phase 1 recommendations, the response time for acknowledging receipt of a SSAD request should be without undue delay, but not more than two (2) business days from receipt, unless shown circumstances does not make this possible.

The response should also include information about the subsequent steps as well as the timeline consistent with the recommendations outlined below.


Proposed new language (changes in red):


Building Block k) (Acknowledgement of request)

The EPDP Team recommends that upon receipt of an SSAD request, the receiving entity shall issue a Receipt Acknowledgement Letter which summarizes the applicant’s requests. This should happen without undue delay and, ideally, within two business days of the request being received by the receiving entity. This response shall include information about the subsequent steps to be taken as well as a timeline for its processing. Following the issuance of the Receipt Acknowledgement Letter, the applicant shall have a fourteen-calendar-day period within which it may make certain types of corrections to its request. This is to permit the applicant to correct data entry errors, change contact information, and to withdraw the request if it is no longer required. Similarly, the receiving entity of the request shall inform the data subject(s) whose personal information is sought, unless prohibited to make such a disclosure by law, and provide the data subject with a reasonable window of time and the opportunity within which they may object to their data being processed. 


Kind regards,


Ayden Férdeline 




‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Saturday, 21 September 2019 02:19, Marika Konings <marika.konings at icann.org <mailto:marika.konings at icann.org> > wrote:


Dear EPDP Team,


Please find attached the proposed agenda for the next EPDP Team meeting which is scheduled for Tuesday 24 September at 14.00 UTC. To facilitate your preparation, please review the attached documents which include in addition to the relevant section from the zero draft, the relevant section from the SSAD worksheet that contains information in relation to the objective of addressing the topic as well as materials to review.


Best regards,


Caitlin, Berry and Marika




EPDP Phase 2 - Meeting #20

Proposed Agenda

Tuesday, 24 September 2019 at 14.00 UTC


1.                            Roll Call & SOI Updates (5 minutes)


2.                            Confirmation of agenda (Chair)


3.                            Welcome and housekeeping issues (Chair) (5 minutes)

a)                     Reminder - the EPDP Team members to populate the contents of the lawful basis table by Wednesday 25 September (see https://docs.google.com/document/d/1U9jt9nOHs9QMjWTDl7UPaT-- <https://docs.google.com/document/d/1U9jt9nOHs9QMjWTDl7UPaT--%099aD2lHZI/edit>                 9aD2lHZI/edit) 

b)                     Reminder - submit alternate form if members are not attending the Jan 2020 F2F meeting


4.                            Acceptable Use Policy (Building block d & h) – first reading (30 minutes).

a)                      Initial discussion

b)                     Feedback from EPDP Team

c)                      Confirm next steps 


5.                            Receipt of acknowledgement (building block k) – first reading (30 minutes)

a)                      Initial discussion

b)                     Feedback from EPDP Team

c)                      Confirm next steps  


6.                            Who should be responsible for disclosure decision (15 minutes)

a)                      Review additional team input provided (see https://docs.google.com/document/d/10VRZRziGDXvckC_y3ob_SGB-1NN9WrL6Y6A3XQuniv8/edit) 

b)                     Consider team input and approach forward

c)                      Confirm next steps


7.                            Wrap and confirm next EPDP Team meeting (5 minutes):

a)                      Thursday 26 September 2019 at 14.00 UTC

b)                     Confirm action items

c)                      Confirm questions for ICANN Org, if any


Marika Konings

Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) 

Email:  <mailto:marika.konings at icann.org> marika.konings at icann.org  


Follow the GNSO via Twitter @ICANN_GNSO

Find out more about the GNSO by taking our  <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> interactive courses and visiting the  <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=> GNSO Newcomer pages. 




Gnso-epdp-team mailing list

Gnso-epdp-team at icann.org <mailto:Gnso-epdp-team at icann.org> 



By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190923/d4823a9a/attachment-0001.html>

More information about the Gnso-epdp-team mailing list