[Gnso-epdp-team] [EXTERNAL] NCSG Feedback on EPDP Phase 2/Batch 2 Legal Questions for Bird & Bird
aelsadr at icannpolicy.ninja
Thu Jan 23 13:37:12 UTC 2020
> On Jan 23, 2020, at 2:05 AM, Crossman, Matthew <mmcross at amazon.com> wrote:
> I think the takeaway (at least based on the state of the law today) is that most decisions short of the ultimate decision whether or not to disclose data can be fully automated, but that most decisions involving disclosing registrant data of a natural person will require meaningful human review.
> To be clear, this shouldn’t foreclose the possibility of a model that evolves towards further automation of disclosure decisions, or individual controllers automating their own decision-making processes based on their assessment of the risks.
I’m not sure what you mean by this. If you’re suggesting that the EPDP Team recommends that the use of automated decisions to disclose registrant data to third parties be somehow envisioned in our recommendations, but not used until certain conditions are met, then I imagine we would need to flesh those conditions out in detail before coming up with the appropriate recommendations.
I’m not saying that the possibility of scenarios like this in the future need to be prohibited, but I don’t see how we can recommend something to this effect without addressing safeguards to registrants (not just Contracted Parties, even though the two are likely very interlinked). This might require that a DPIA be conducted, which is something we (as a team) have resisted doing so far.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnso-epdp-team