[Gnso-epdp-team] Requestor Purpose - Rec 7

Amr Elsadr aelsadr at icannpolicy.ninja
Tue Jul 28 19:30:13 UTC 2020 

Hi,

I don’t think we’ve discussed it enough, and am not sure what the relevance of adding the reference. Regulated entities can use the SSAD, same as anyone else, will require a legitimate interest just like any other SSAD user, and the CPs being asked to disclose data will need a legal basis to disclose registration data to the regulated entity, just like they would with any other SSAD user.

If all that is being sought is an example of regulation making entities regulated, would (just for the sake of argument) it be ok to replace the NIS with HIPAA?

The thing is, it isn’t clear to us how the footnote “allows these entities to request disclosure of redacted data to enable them to comply with their obligations under the NIS”. I would assume that this is perfectly possible without the footnote, so what gives?

Clearly, we haven’t discussed this nearly as much as we should have.

Thanks.

Amr

> On Jul 28, 2020, at 8:30 PM, Margie Milam via Gnso-epdp-team <gnso-epdp-team at icann.org> wrote:
>
> Hi-
>
> Regarding the footnote – we need to retain the footnote since it gives a concrete example of what we mean by regulated companies, and, more importantly, it avoids confusion later that a digital service provider is not a regulated company for the purposes of Rec 7.
>
> We’ve discussed the NIS directive as it applies to digital service providers numerous times, and have referred the team to the description[here:](https://ico.org.uk/for-organisations/the-guide-to-nis/digital-service-providers/) Examples of the types of obligations are listed here:https://ico.org.uk/for-organisations/the-guide-to-nis/key-concepts-and-definitions/. These pages describe how theNIS requires these types of organizations to have sufficient security to prevent any action that compromises either the data they store, or any related services they provide. This proactive requirement doesn’t commit ICANN to do anything specific related the NIS but allows these entities to request disclosure of redacted data to enable them to comply with their obligations under the NIS.
>
> All the best,
>
> Margie
>
> From:Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of Rafik Dammak <rafik.dammak at gmail.com>
> Date:Monday, July 27, 2020 at 11:52 PM
> To:"Mueller, Milton L" <milton at gatech.edu>
> Cc:"gnso-epdp-team at icann.org" <gnso-epdp-team at icann.org>
> Subject:Re: [Gnso-epdp-team] Requestor Purpose - Rec 7
>
> Thanks Mathew and Milton
>
> @RySG/BC representatives is it acceptable for you to drop the footnote and have everyone to "live with" this recommendation without the footnote?
>
> Best,
>
> Rafik
>
> Le mar. 28 juil. 2020 à 01:21, Mueller, Milton L <milton at gatech.edu> a écrit :
>
>> NCSG approves of the modified language, which is more generic (obligations of regulated entities). But we strongly object to the footnote being included. We have had no opportunity to review the EU NIS Directive legislation and its implications for disclosure or what it might commit ICANN to doing. During the consideration of this we asked for specific examples of what obligations we might be talking about and never got them. It's too late to include this now. We can accept item (iv) without the footnote.
>>
>> ---------------------------------------------------------------
>>
>> From:Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> on behalf of Crossman, Matthew via Gnso-epdp-team <gnso-epdp-team at icann.org>
>> Sent:Monday, July 27, 2020 11:54 AM
>> To:gnso-epdp-team at icann.org<gnso-epdp-team at icann.org>
>> Subject:[Gnso-epdp-team] Requestor Purpose - Rec 7
>>
>> Hi team,
>>
>> As an update, Margie, Brian, and I worked on a compromise for the Rec 7 language on Requestor Purposes. We agreed on the following edit to 7.1(a):
>>
>> 7.1(a)
>>
>> Requestors MUST submit data disclosure requests for specific purposes such as but not limited to: but not limited to: (i) criminal law enforcement, national or public security, (ii) non law enforcement investigations and civil claims, including, intellectual property infringement and UDRP and URS claims,(iii) consumer protection, abuse prevention, and network security, and (iv) obligations applicable to regulated entities.[][1](x-msg://5/#m_9205616789594008789_x__ftn1)Requestors MAY also submit data verification requests on the basis of Registered Name Holder (RNH) consent that has been obtained by the Requestor (and is at the sole responsibility of that Requestor), for example to validate the RNH’s claim of ownership of a domain name registration, or contract with the Requestor.
>>
>> (Footnote below)
>>
>> 1 For example, the EU Directive on security of network and information systems (known as the NIS Directive) imposes specific obligations on Digital Service Providers and Operators of Essential Services.
>>
>> With these changes this is no longer a CLW item for the RySG. Let us know if this new language causes any concern for other groups.
>>
>> Thanks,
>> Matt
>>
>> Matthew Crossman|Amazon
>> Corporate Counsel gTLD Registry, IP
>>
>> P: 206-266-1103 | C: 530-574-2956
>>
>> Email:mmcross at amazon.com
>>
>> ---------------------------------------------------------------
>>
>> [][1](x-msg://5/#m_9205616789594008789_x__ftnref1)This approach is very similar to the business model ARSI had previously discussed with the Author Central Pro teams for the .AUTHOR TLD.
>>
>> _______________________________________________
>> Gnso-epdp-team mailing list
>> Gnso-epdp-team at icann.org
>> [https://mm.icann.org/mailman/listinfo/gnso-epdp-team](https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=f40qXENVwTNlHaI3M3teHJv_-eTQbKL7yJarKwfvn3A&s=6X1FwkRZ2KxhtmfyU3Ndk1tLjP1ofTsGjuyEmOyppyo&e=)
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ([https://www.icann.org/privacy/policy](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=f40qXENVwTNlHaI3M3teHJv_-eTQbKL7yJarKwfvn3A&s=sOyjkCW5ErH-zqC67ds8MhFCp-dYrE_oiH5Tmq6nmf8&e=)) and the website Terms of Service ([https://www.icann.org/privacy/tos](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=_4XWSt8rUHZPiRG6CoP4Fnk_CCk4p550lffeMi3E1z8&m=f40qXENVwTNlHaI3M3teHJv_-eTQbKL7yJarKwfvn3A&s=oB13Y4B3b0nGxJ7TpDWHafSmV6Qf7FE8zbFKWFAzahk&e=)). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20200728/fd0392c6/attachment-0001.html>

More information about the Gnso-epdp-team mailing list