[Gnso-epdp-team] SSAC response re EPDP homework - due Wed 24 February

Volker Greimann vgreimann at key-systems.net
Wed Feb 24 15:45:22 UTC 2021 

Hi Steve,
thanks for your feedback.

The issue is indeed whether contact data can be made available to requester
(and if so, by what process). However the default should be based on the
requirements of the GDRP (and confirmed again in the draft of the NIS II)
that _personal information_ should be protected. We cannot make the
presumption of consent you propose as it has no basis in law and continues
to present a legal risk.
I feel the only way to make progress at this stage is to abandon the legal
vs natural debate and focus on the data instead and find ways to make that
workable. As guidance.

Thank you for clarifying that the steps may in fact be null.


-- 
Volker A. Greimann
General Counsel and Policy Manager
*KEY-SYSTEMS GMBH*

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of
Saarbruecken, Germany with the registration no. HR B 18835
CEO: Oliver Fries and Robert Birkner

Part of the CentralNic Group PLC (LON: CNIC) a company registered in
England and Wales with company number 8576358.

This email and any files transmitted are confidential and intended only for
the person(s) directly addressed. If you are not the intended recipient,
any use, copying, transmission, distribution, or other forms of
dissemination is strictly prohibited. If you have received this email in
error, please notify the sender immediately and permanently delete this
email with any files that may be attached.


On Wed, Feb 24, 2021 at 4:01 PM Steve Crocker <steve at shinkuro.com> wrote:

> Volker,
>
> Thanks.  I agree partly.  The real issue is whether contact data is to be
> made available to requesters.  The default for natural persons is no and
> the default for legal persons is yes.  There are definitely circumstances
> where the default does not apply.  Some natural persons may wish for their
> contact information to be available, and some legal persons may wish their
> contact information not to be available.
>
> I disagree with the idea that personal contact information contained in a
> legal person's registration should result in protecting that information.
> Instead, it is the obligation of the legal person to not put personal
> information if they do not want it available.  Otherwise, it must be
> presumed they have chosen to make it visible.
>
> With respect to your comment about not front loading the information
> gathering, I believe the picture I presented definitely includes your
> idea.  In my picture, either the preliminary step or the later step might
> be null.
>
> Steve
>
>
>
>
> On Wed, Feb 24, 2021 at 9:41 AM Volker Greimann <vgreimann at key-systems.net>
> wrote:
>
>> Hi Steve,
>> thank you for your helpful proposal.
>>
>> I think it misses the mark on two essential points however:
>> 1) Legal vs natural is the wrong differentiation. I believe we already
>> moved past this on the legal team, and are close to agreeing the correct
>> differentiation would be the following:
>> a) contains personal information
>> b) does not contain personal information
>> This, we believe is the correct differentiation as even the data provided
>> by a legal entity can contain or consist of personal information of a
>> natural person.
>>
>> 2) Our role at this stage is not to make or propose binding rules but to
>> provide guidance for those parties that chose to differentiate between data
>> sets containing and not containing personal information.
>>
>> Regarding your point of inferred status, I feel this goes too far as well
>> as we do not currently believe that the quality of the data field is
>> sufficient for any automated inferral of status. Cases where the status is
>> inferred by the contents of this field do exist, but are usually limited to
>> manual review in case of ownership disputes, where the contents of the
>> field may prove the deciding factor in determining the right of ownership
>> or control over a domain name in cases of dispute.
>>
>> One further suggestion is not to front-load the determination in the
>> registration or initial data-gathering process, but allow for a larger
>> degree of flexibility by also including post-registration determination of
>> status.
>>
>> Best,
>> --
>> Volker A. Greimann
>> General Counsel and Policy Manager
>> *KEY-SYSTEMS GMBH*
>>
>> T: +49 6894 9396901
>> M: +49 6894 9396851
>> F: +49 6894 9396851
>> W: www.key-systems.net
>>
>> Key-Systems GmbH is a company registered at the local court of
>> Saarbruecken, Germany with the registration no. HR B 18835
>> CEO: Oliver Fries and Robert Birkner
>>
>> Part of the CentralNic Group PLC (LON: CNIC) a company registered in
>> England and Wales with company number 8576358.
>>
>> This email and any files transmitted are confidential and intended only
>> for the person(s) directly addressed. If you are not the intended
>> recipient, any use, copying, transmission, distribution, or other forms of
>> dissemination is strictly prohibited. If you have received this email in
>> error, please notify the sender immediately and permanently delete this
>> email with any files that may be attached.
>>
>>
>> On Wed, Feb 24, 2021 at 11:39 AM Steve Crocker via Gnso-epdp-team <
>> gnso-epdp-team at icann.org> wrote:
>>
>>> Folks,
>>>
>>> In our view, the proposal has two substantial flaws.  First, it is
>>> overly specific as to the process *all* contracted registrars must use to
>>> determine whether the registrant is a legal vs a natural person. Second, it
>>> includes procedures for verifying the accuracy of the data for legal
>>> persons.  The procedure is unnecessary for determining whether the
>>> registrant is a legal person.  If the eventual policy requires a high
>>> degree of accuracy of a legal person's name and address, that's a separate
>>> matter and should be dealt with in that part of the policy.
>>>
>>> The attached memo suggests a simpler and more comprehensive approach.
>>>
>>> Thanks,
>>>
>>> Steve
>>>
>>>
>>> _______________________________________________
>>> Gnso-epdp-team mailing list
>>> Gnso-epdp-team at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
>>> _______________________________________________
>>> By submitting your personal data, you consent to the processing of your
>>> personal data for purposes of subscribing to this mailing list accordance
>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>> You can visit the Mailman link above to change your membership status or
>>> configuration, including unsubscribing, setting digest-style delivery or
>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210224/d2b1bc4a/attachment.html>

More information about the Gnso-epdp-team mailing list