[Gnso-epdp-team] [GNSO-ePDP-Team] Changes to SSAC consensus designations

Mueller, Milton L milton at gatech.edu
Fri Jul 31 01:29:36 UTC 2020

Ben on behalf of SSAC said:

  The disclosing party should be prohibited from revealing the identity of a data requestor unless the data requestor goes through appropriate legal process.  1

Wow. Another example of the total lack of support for - or even interest in  - data subjects’ rights or interests. Thanks, Ben

Milton L Mueller
Professor, School of Public Policy
Georgia Institute of Technology

On Jul 29, 2020, at 19:53, Ben Butler <bbutler at godaddy.com> wrote:

Dear Rafik, Staff, and ePDP team,

Per the deadline for consensus designations, the SSAC EPDP Work Party has reviewed and discussed the finalized language and would like to flag that we cannot support, as written, the following four recommendations. Please update the listed consensus designations accordingly.  A brief rationale is provided for each, and we will provide more information in a minority statement including the nuances of where each recommendation falls short of achieving our support even if the intent was aligned with addressing our concerns.  Beyond further information on these particular recommendations, that minority statement will contain concerns about some of the other recommendations that we can support, as well as our overall concerns with issues that remain unaddressed that the EPDP was originally chartered to handle.  The SSAC’s EPDP team decisions on support/non-support for various recommendations are based on issues that were previously identified and documented in SAC101v2 and more recently SAC111 which contain the full SSAC consensus on those issues.

  *   Recommendation 6:  Priority Levels
     *   We do not feel that operational and network security investigations should be seen as Priority 3 with the corresponding SLA.  Things like phishing and malware attacks need to be resolved much more quickly than this would promote.
  *   Recommendation 10: Determining Variable SLAs for response times for SSAD
     *   Having SLAs for requests like Priority 3 go from 5 days to 10 days in Phase 2 is moving the needle in the wrong direction.  The hope should be to strive for improvements that will make legitimate requests through the SSAD more efficient, not less.
  *   Recommendation 12: Disclosure Requirement
     *   The language in this Recommendation allows a disclosing party to provide a data subject with the identity of the specific entity making a request for the RDS data.  The disclosing party should be prohibited from revealing the identity of a data requestor unless the data requestor goes through appropriate legal process.  1) The European Data Protection Board (EDPB) has told ICANN Org that revealing requestor data to data subjects is a problem.  2) Revealing the identities of requestors will compromise investigations, including those of law enforcement, and may place some data requestors in danger.  3) Per GDPR and the Temp Spec, it is sufficient for data controllers to inform data subjects about the types of groups to whom disclosure may occur.
  *   Recommendation 14: Financial Sustainability
     *   SSAC has several issues with the this Recommendation. We share concerns flagged in this consensus designation process by the ALAC, as well as concerns previously noted in SAC101v2 and more recently SAC111.

Thank you to all for the diligent efforts thus far, and we look forward in good faith to continuing to support and improve the SSAD.

Thank You.
Ben Butler (on behalf of the SSAC ePDP Work Party)
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20200731/b85b8368/attachment-0001.html>

More information about the Gnso-epdp-team mailing list