[Gnso-epdp-team] FW: Query policy homework

Mark Svancarek (CELA) marksv at microsoft.com
Thu Sep 26 14:23:01 UTC 2019

Apologies for the late submission - I initially failed to include the list when sharing with staff.

James and I were tasked to review two things: (1) whether the verbiage required changing and (2) whether it was in the scope of the Charter to include it at all.

Since the Charter does not directly prohibit such a thing, we proceeded to review the existing language.  We suggest only a minor grammatic change to the bullet.

"The EPDP Team recommends the SSAD, in whatever form it eventually takes:
 (a) Unless otherwise required or permitted, must not allow bulk access, wildcard requests, reverse lookups, nor Boolean search capabilities.
 (b) Must only return current data (no data about the domain name registration's history);
 (c) Must receive a specific request for every individual domain name (no bulk access);
 (d) Must direct requests at the entity that is determined through this policy process to be responsible for the disclosure of the requested data."

Our comments are:

  *   Bullet A
     *   During the F2F in Los Angeles, some members proposed removing this restriction entirely. This was opposed by others, including RrSG, RySG, and some ISPCP and NCSG.
     *   During the F2F in Los Angeles, some members proposed removing the first qualifying clause, beginning with "...not allow bulk access". This was opposed by some members, and the preferred option for some RrSG, RySG and NCSG members.
     *   During the F2F in Los Angeles, some members have proposed leaving this item as-is. This was less desirable for some RrSG, RySG, ISPCP and NCSG who were concerned that these facilities would be required elsewhere in the system.
  *   Bullet C
     *   No objections, but redundant with the equivalent (first) prohibition listed in (a)
We also considered whether a further definition of "SSAD" might be helpful, resulting in the following text:
"SSAD" is here defined as a system of data disclosure developed under consensus policy and contractually enforced by ICANN.  Development of SSAD does not prevent entities from developing additional data processing agreements outside of the consensus policy process to serve their business or customer interests.

As mentioned about, the Charter does not directly prohibit us from discussing such topics.  However, Thomas' reasoning is compelling and I attach it for completeness.

Mark and James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190926/287f97c8/attachment-0001.html>
-------------- next part --------------
An embedded message was scrubbed...
From: Thomas Rickert <epdp at gdpr.ninja>
Subject: Re: Regarding Charter issue
Date: Tue, 24 Sep 2019 14:19:28 +0000
Size: 18938
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20190926/287f97c8/attachment-0001.mht>

More information about the Gnso-epdp-team mailing list