[Gnso-epdp-team] Proposed agenda - EPDP Team meeting #20 on Tuesday 24 September at 14.00 UTC
Alex Deacon
alex at colevalleyconsulting.com
Mon Sep 23 17:42:08 UTC 2019
Building upon Greg's points two and three - the IPC would oppose any policy
that would not allow any future SSAD implementation to be built using
modern request/response protocols (e.g. RDAP) or leverage standard and
existing authentication and authorization mechanisms. (e.g. OpenID
connect and the like).
Alex
___________
*Alex Deacon*
Cole Valley Consulting
alex at colevalleyconsulting.com
+1.415.488.6009
On Mon, Sep 23, 2019 at 9:10 AM Greg Aaron <greg at illumintel.com> wrote:
> Adyen’s proposal has major flaws, and IMHO is a non-starter.
>
>
>
> One: it does not propose a deadline for the registry/registrar to provide
> any substantive response, i.e. the data or a denial. Instead, it seems to
> allow contracted parties to not provide a substantive response for sixteen
> days, and maybe more. That sets a very long response floor and expectation
> for the entire gTLD world. The effective result will be: no flow of data.
>
>
>
> Two: as we discussed in Los Angeles, we are trying to automate what can be
> automated, including automated decision-making where it is possible. For
> anything that is automated, an ACK letter is not necessary -- instead the
> data (or a 6(1)f denial) should just come back in reply. That would
> leverage RDAP, which is a goal of ours. See also the TSG paper.
>
>
>
> Three: a written ACK is appropriate for requests that are made offline,
> outside the system. Even then, an acknowledgement of receipt can be issued
> automatically and immediately by the contracting party (with a tracking
> number). That’s SOP for any system that requires the tracking of
> submissions, and most registrars already do it with customer service
> tickets.
>
>
>
> Four: the proposal assumes that data subjects must be informed every time
> a request for their data comes in, and that data subjects have the right to
> decline the processing. The GDPR does not require either of those.
> Instead, GDPR requires that the data subject be made aware before of the
> processing that may happen, and who generally the recipients may be.
> Appropriately, the Temp Spec already covers this – it requires registrars
> to notify their registrants of the specific purposes for which their data
> will be processed, and potential recipients, so case-based notification is
> not required. (Temp Spec, Section 7.) If the policy needs to be more
> specific and tell registrants that they are subject to GDPR Article 6
> disclosures, then we should make that happen. Unfortunately Adyen’s
> proposal builds in a way for data subjects to hide their criminal activity
> and cover their tracks. That is not necessary under the law, and it is
> contrary to the GDPR’s intent. SSAC provided the legal-sub team with draft
> questions about these topics in the last submission round, and hopefully
> those will go to Bird & Bird soon.
>
>
>
> All best,
>
> --Greg
>
>
>
>
>
>
>
> *From:* Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> *On Behalf Of *Ayden
> Férdeline
> *Sent:* Sunday, September 22, 2019 7:06 PM
> *To:* Alex Deacon <alex at colevalleyconsulting.com>
> *Cc:* gnso-epdp-team at icann.org
> *Subject:* Re: [Gnso-epdp-team] Proposed agenda - EPDP Team meeting #20
> on Tuesday 24 September at 14.00 UTC
>
>
>
> Hi Alex,
>
>
>
> I envision this being some form of written communication (most likely an
> email) that lets the SSAD requestor know that their request has been
> successfully received and is being processed. I also imagine it containing
> a copy of their request.
>
>
>
> Thanks,
>
>
>
> Ayden
>
>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> On Sunday, 22 September 2019 22:45, Alex Deacon <
> alex at colevalleyconsulting.com> wrote:
>
>
>
> Ayden,
>
>
>
> Can you describe what form this "Receipt Acknowledgement Letter" would
> take?
>
>
>
> Alex
>
>
>
> ___________
>
> *Alex Deacon*
>
> Cole Valley Consulting
>
> alex at colevalleyconsulting.com
>
> +1.415.488.6009
>
>
>
>
>
>
>
> On Sat, Sep 21, 2019 at 11:41 AM Ayden Férdeline <icann at ferdeline.com>
> wrote:
>
> Hi,
>
>
>
> Regarding building block k, I have alternate language that I would like to
> table for consideration please.
>
>
>
> *The language circulated in the below email is:*
>
>
>
> *Building Block k) **(Receipt of acknowledgement)*
>
> The EPDP Team recommends that, consistent with the EPDP Phase 1
> recommendations, the response time for acknowledging receipt of a SSAD
> request should be without undue delay, but not more than two (2) business
> days from receipt, unless shown circumstances does not make this possible.
>
> The response should also include information about the subsequent steps as
> well as the timeline consistent with the recommendations outlined below.
>
>
>
> *Proposed new language (changes in red):*
>
>
>
> *Building Block k) **(Acknowledgement of request)*
>
> The EPDP Team recommends that *upon receipt of an SSAD request, the
> receiving entity shall issue a Receipt Acknowledgement Letter which
> summarizes the applicant’s requests. This should happen without undue delay
> and, ideally, within two business days of the request being received by the
> receiving entity. This response shall include information about the
> subsequent steps to be taken as well as a timeline for its processing.
> Following the issuance of the Receipt Acknowledgement Letter, the applicant
> shall have a fourteen-calendar-day period within which it may make certain
> types of corrections to its request. This is to permit the applicant to
> correct data entry errors, change contact information, and to withdraw the
> request if it is no longer required. Similarly, the receiving entity of the
> request shall inform the data subject(s) whose personal information is
> sought, unless prohibited to make such a disclosure by law, and provide the
> data subject with a reasonable window of time and the opportunity within
> which they may object to their data being processed. *
>
>
>
> Kind regards,
>
>
>
> Ayden Férdeline
>
>
>
>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> On Saturday, 21 September 2019 02:19, Marika Konings <
> marika.konings at icann.org> wrote:
>
>
>
> Dear EPDP Team,
>
>
>
> Please find attached the proposed agenda for the next EPDP Team meeting
> which is scheduled for Tuesday 24 September at 14.00 UTC. To facilitate
> your preparation, please review the attached documents which include in
> addition to the relevant section from the zero draft, the relevant section
> from the SSAD worksheet that contains information in relation to the
> objective of addressing the topic as well as materials to review.
>
>
>
> Best regards,
>
>
>
> Caitlin, Berry and Marika
>
>
>
> ===========
>
>
>
> *EPDP Phase 2 - Meeting #20*
>
> *Proposed Agenda*
>
> Tuesday, 24 September 2019 at 14.00 UTC
>
>
>
> 1. Roll Call & SOI Updates (5 minutes)
>
>
>
> 2. Confirmation of agenda (Chair)
>
>
>
> 3. Welcome and housekeeping issues (Chair) (5
> minutes)
>
> a) Reminder - the EPDP Team members to populate the
> contents of the lawful basis table *by Wednesday 25 September *(see https://docs.google.com/document/d/1U9jt9nOHs9QMjWTDl7UPaT--
> 9aD2lHZI/edit
> <https://docs.google.com/document/d/1U9jt9nOHs9QMjWTDl7UPaT--%099aD2lHZI/edit>)
>
>
> b) Reminder - submit alternate form if members are
> not attending the Jan 2020 F2F meeting
>
>
>
> 4. Acceptable Use Policy (Building block d &
> h) – first reading (30 minutes).
>
> a) Initial discussion
>
> b) Feedback from EPDP Team
>
> c) Confirm next steps
>
>
>
> 5. Receipt of acknowledgement (building block
> k) – first reading (30 minutes)
>
> a) Initial discussion
>
> b) Feedback from EPDP Team
>
> c) Confirm next steps
>
>
>
> 6. Who should be responsible for disclosure
> decision (15 minutes)
>
> a) Review additional team input provided (see
> https://docs.google.com/document/d/10VRZRziGDXvckC_y3ob_SGB-1NN9WrL6Y6A3XQuniv8/edit
> )
>
> b) Consider team input and approach forward
>
> c) Confirm next steps
>
>
>
> 7. Wrap and confirm next EPDP Team meeting (5
> minutes):
>
> a) Thursday 26 September 2019 at 14.00 UTC
>
> b) Confirm action items
>
> c) Confirm questions for ICANN Org, if any
>
>
>
> *Marika Konings*
>
> *Vice President, Policy Development Support – GNSO, Internet Corporation
> for Assigned Names and Numbers (ICANN) *
>
> *Email: marika.konings at icann.org <marika.konings at icann.org> *
>
>
>
> *Follow the GNSO via Twitter @ICANN_GNSO*
>
> *Find out more about the GNSO by taking our interactive courses
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and
> visiting the GNSO Newcomer pages
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>. *
>
>
>
>
>
> _______________________________________________
>
> Gnso-epdp-team mailing list
>
> Gnso-epdp-team at icann.org
>
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
>
> _______________________________________________
>
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190923/860a5465/attachment-0001.html>
More information about the Gnso-epdp-team
mailing list