[Gnso-epdp-team] [EXTERNAL] Re: On the proposed guidance

Sarah Wyld swyld at tucows.com
Thu Apr 22 14:46:18 UTC 2021 

Without the meaningful human review (aka “manual inspection”) how would we ensure that personal data is adequately protected? 

-- 
Sarah Wyld, CIPP/E

Policy & Privacy Manager
Pronouns: she/her

swyld at tucows.com 
+1.416 535 0123 Ext. 1392



From: Mark Svancarek (CELA) via Gnso-epdp-team
Sent: April 22, 2021 10:44 AM
To: Volker Greimann; gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] [EXTERNAL] Re: On the proposed guidance

Analogies of trade registries (or real property registries, a better example IMO) are flawed unless the data is available instantly and completely.  

So far the proposals seem to propose that only some unpredictable fraction of the data will be instantly available, with the rest subject to multi-day manual inspection.  I doubt that will meet the standard of “publication”.

From: Volker Greimann <vgreimann at key-systems.net> 
Sent: Thursday, April 22, 2021 7:31 AM
To: Mark Svancarek (CELA) <marksv at microsoft.com>
Cc: King, Brian <Brian.King at markmonitor.com>
Subject: Re: [EXTERNAL] Re: [Gnso-epdp-team] On the proposed guidance

My proposal includes the provision that data that is confirmed not to contain personal information would be automatically disclosed to requestors.
I am essentially proposing to lowering the barriers of access and the costs associated with this specific (and potentially other) automatic disclosure category. 

Basically framing the "Lowest" category as a functionality of SSAD, broadening SSAD availability and conceding this data would be available for automated disclosure. 
How can you not love that?

-- 
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Oliver Fries and Robert Birkner

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.

This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.


On Thu, Apr 22, 2021 at 4:07 PM Mark Svancarek (CELA) <marksv at microsoft.com> wrote:
The trade register provides guaranteed instant access to all data.  I haven’t seen a proposal so far which would ensure that all legal persona data would be available for automated access.  
 
From: Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> On Behalf Of Volker Greimann via Gnso-epdp-team
Sent: Thursday, April 22, 2021 6:58 AM
To: King, Brian <Brian.King at markmonitor.com>
Cc: gnso-epdp-team at icann.org
Subject: [EXTERNAL] Re: [Gnso-epdp-team] On the proposed guidance
 
That is but one opinion, Brian. As I have already outlined previously, common practice all over Europe disagrees with her. Data can be public even if they are behind a wall. No sane person in Germany would argue that the trade register is not public. And what is the implementation of the online access functionality of the German trade register but a light version of SSAD - exactly what I am proposing. 
 
You have the opportunity for a win here. Let's not waste it. 
 
-- 
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Oliver Fries and Robert Birkner

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.

This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.
 
 
On Thu, Apr 22, 2021 at 3:48 PM King, Brian via Gnso-epdp-team <gnso-epdp-team at icann.org> wrote:
Hi Alan, 
 
Sure thing. Melina (who wrote the NIS 2 Directive) clarified that point in her email on Tuesday. I’ve attached it here in hopes that the email list server doesn’t eat it. 
 
Brian King
He/Him/His
Head of Policy and Advocacy
​
T +1 443 761 3726
Time zone: US Eastern
 
clarivate.com | Accelerating innovation
Follow us on LinkedIn, Twitter, Facebook and Instagram
 
From: Alan Woods <alan at donuts.email> 
Sent: Thursday, April 22, 2021 9:29 AM
To: King, Brian <Brian.King at markmonitor.com>
Cc: Thomas Rickert <epdp at gdpr.ninja>; gnso-epdp-team at icann.org
Subject: Re: [Gnso-epdp-team] On the proposed guidance
 
Hi Brian, 
 
You have noted this European Commission advice twice now. both here and in the homework document comments. I need not say that our statements in this process have very large importance to the progression of this process, and I can but urge caution in categorical statements. If you can provide us with a copy of or a link to legal advice described, as formally issued by the Commission, regarding the implementation of the draft proposed directive (not to mention individual member state implementation) and how that applies to the SSAD, or more to the point why current proposed method does not meet 'publication requirements', then I think we would all be very interested in reviewing that. 
 
If not, I think we should continue to consider the path forward here that has been proposed.  
 
Thank you. 
 



Alan Woods
Senior Manager, Compliance & Policy, Donuts Inc.  

Donuts
Ground Floor
Le Pole House
Ship Street Great
Dublin 8


    
 
Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful.  If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.
 
 
 
 
On Thu, Apr 22, 2021 at 2:15 PM King, Brian via Gnso-epdp-team <gnso-epdp-team at icann.org> wrote:
I like it too (which is why I proposed it in Phase 2).  
 
However, what we developed in Phase 2 is clearly not acceptable to most groups, plus, we may never have an SSAD. Historically we’ve been let down by ICANN’s inability or unwillingness to implement policies like PPSAI which actually have consensus (unlike SSAD) and which have progressed to implementation, so I don’t see the IPC agreeing to the dubious proposition of SSAD as the solution here. 
 
Furthermore, the European Commission has already advised that mere availability of legal entity data in SSAD will not meet the publication requirements in NIS2. So let’s stay focused. 
 
Brian J. King​
Head of Policy and Advocacy, Intellectual Property Group

T +1 443 761 3726​
clarivate.com​
 
On Apr 22, 2021, at 8:18 AM, Thomas Rickert via Gnso-epdp-team <gnso-epdp-team at icann.org> wrote:
 Let me go on the record that I also like the idea.  
 
I addition to the points mentioned by others, making it a one-stop-shop for all data would make it more user friendly, add safeguards against undesirable correlation of data and allows for kicking-out bad actors even at that level.
 
Best,
Thomas
 
Am 20.04.2021 um 23:49 schrieb Volker Greimann via Gnso-epdp-team <gnso-epdp-team at icann.org>:
 
Hi Milton,
 
essentially, yes, although it would be non-personal data.
 
And it takes care of a huge chunk of DNS abuse (the abuse originating from the RDS harvesters, that is).
-- 
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Oliver Fries and Robert Birkner

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.

This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.
 
 
On Tue, Apr 20, 2021 at 8:47 PM Mueller, Milton L via Gnso-epdp-team <gnso-epdp-team at icann.org> wrote:
> Obviously I can’t speak for Volker, but I want to try and respond with why I find Volker’s 
> proposal intriguing.
 
I too am intrigued by this suggestion. Volker as I understand it proposed that instead of publishing the data as we used to do with “ye olde Whois” (love that term), we would make the data of those who flag themselves as legal persons available automatically to any registered SSAD user who requests it. Other requests would be available based on the review for legitimate purpose as originally envisioned. 
 
As Marc suggests, going through SSAD eliminates a lot of abusers/bad actors or at least gives us some recourse against them, but still gives all the legitimate users easy access to data that does not need to be private. I would hope this option would be acceptable to the stakeholders who are arguing for a legal/natural distinction. 
 
Dr. Milton L Mueller
Georgia Institute of Technology
School of Public Policy
 
 
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
 
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=X6pN0o-2i1MmkNU25SuEeN8oV8d98i2CNKj3g-jjirE&s=xCrS5DxPYNCapNFeUw801Nvw7kIjTySgfeAARmYPCNU&e= 
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=X6pN0o-2i1MmkNU25SuEeN8oV8d98i2CNKj3g-jjirE&s=qRSwC1FEY-KyOow9ajfhM8AjKV_9HCSb876d6DrJ2hk&e= ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwICAg&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=X6pN0o-2i1MmkNU25SuEeN8oV8d98i2CNKj3g-jjirE&s=Jl8ui2sOxtrAYNH5iYwuqQdGAgYx87bk7eN37B_G1iI&e= ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Confidentiality note: This e-mail may contain confidential information from Clarivate. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please delete this e-mail and notify the sender immediately. 
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwICAg&c=pwhBwDZ7niwLfi8MTbIX0Q&r=ZqRGWEErsHU0K2fDc98VqIt2kjYoLzBfF4l25z7etPU&m=hkE-PPn1AO-ySNzzPVGXIeJK_hA0ZWqpBI8j7YmiavA&s=TNRKjFp3drfDtC67sZbQX3L0T1AXfElgV8k9jIsIaJs&e= 
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_policy&d=DwICAg&c=pwhBwDZ7niwLfi8MTbIX0Q&r=ZqRGWEErsHU0K2fDc98VqIt2kjYoLzBfF4l25z7etPU&m=hkE-PPn1AO-ySNzzPVGXIeJK_hA0ZWqpBI8j7YmiavA&s=EPfDjRvPmtGiTop2Nv_gWljvJs5eSEo_v0rjfA--PE8&e= ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_tos&d=DwICAg&c=pwhBwDZ7niwLfi8MTbIX0Q&r=ZqRGWEErsHU0K2fDc98VqIt2kjYoLzBfF4l25z7etPU&m=hkE-PPn1AO-ySNzzPVGXIeJK_hA0ZWqpBI8j7YmiavA&s=fNlrRbLdLqsS2O3Wdwy9mENLETNdMJsZzn1S8AS0YN0&e= ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Confidentiality note: This e-mail may contain confidential information from Clarivate. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this e-mail is strictly prohibited. If you have received this e-mail in error, please delete this e-mail and notify the sender immediately. 
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team at icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210422/ecd3e43d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 66DD891F1CD140B8B082E775A55F2328[12329874050].png
Type: image/png
Size: 3031 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210422/ecd3e43d/66DD891F1CD140B8B082E775A55F232812329874050.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0E9E049686CF47099330A299C7F51039.png
Type: image/png
Size: 146 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210422/ecd3e43d/0E9E049686CF47099330A299C7F51039.png>

More information about the Gnso-epdp-team mailing list