[Gnso-epdp-team] SSAC response re EPDP homework - due Wed 24 February

Wed Feb 24 16:49:18 UTC 2021

In truth I have not had the full opportunity to read the document, but
merely reacting to some of the back and forth here.

I think Steve, that the simple response regarding businesses competency to
publish their key role contacts is simply by acknowledging the fact that in
our case, they are not the ones publishing, the registry or registrar is.
This remains our risk, and we are trying to control that; we cannot
have our fates in the hand of the internal process and legal awareness of
one of any of the legal entities who are registrants. Bird & Bird's 2nd
Legal memo on consent is pretty helpful in establishing that delineation. (
https://community.icann.org/download/attachments/111388744/ICANN%20memo%2013%20March%202020%20-%20consent.docx?version=1&modificationDate=1584121399000&api=v2
)

*"However, the  controller will  not  be discharged from its obligations
under the GDPR and – if the registrant has not met its obligations and/or
does not provide a copy of the consent on request –  then the  controller
will not be  able to demonstrate that consent requirements are met, so this
will impact on controller's compliance with GDPR." *

Warm regards,

Alan
[image: Donuts Inc.] <http://donuts.domains/>

Alan Woods
Senior Compliance & Policy Manager, Donuts Inc.
------------------------------
Donuts
Ground Floor
Le Pole House
Ship Street Great
Dublin 8

<https://www.facebook.com/donutstlds>   <https://twitter.com/DonutsInc>
<https://www.linkedin.com/company/donuts-inc>

Please NOTE: This electronic message, including any attachments, may
include privileged, confidential and/or inside information owned by Donuts
Inc. . Any distribution or use of this communication by anyone other than
the intended recipient(s) is strictly prohibited and may be unlawful.  If
you are not the intended recipient, please notify the sender by replying to
this message and then delete it from your system. Thank you.

On Wed, Feb 24, 2021 at 4:06 PM STROUNGI Melina via Gnso-epdp-team <
gnso-epdp-team at icann.org> wrote:

> -          Re-sending as I see that not everyone had been in cc -
>
>
>
> Thanks Volker and Steve.
>
>
>
> Just a small remark from my side on the first essential point raised by
> Volker:
>
>
>
> This is precisely the concern of contracted parties that we aimed at
> addressing at our revised GAC proposal.
>
>
>
> If you see our proposal, at first level we have the distinction between
> natural and legal entities (which of course cannot be skipped) and at
> second level the further distinction between:
> a) data of legal entities containing personal information and
> b) data of legal entities which do not contain personal information.
>
>
>
> Data related to entities that are designated as natural entities under
> step 1 would not be published, so a further distinction wouldn’t be
> necessary for those.
>
>
>
> We trust that the above addresses your concern Volker. And of course we
> can find ways together on how to make this work.
>
>
>
> Talk soon!
>
>
>
> Best,
>
> Melina
>
>
>
> *From:* Gnso-epdp-team <gnso-epdp-team-bounces at icann.org> *On Behalf Of *Volker
> Greimann via Gnso-epdp-team
> *Sent:* Wednesday, February 24, 2021 3:41 PM
> *To:* Steve Crocker <steve at shinkuro.com>
> *Cc:* SSAC-EPDP-WP <ssac-epdp-wp at icann.org>; gnso-epdp-team at icann.org
> *Subject:* Re: [Gnso-epdp-team] SSAC response re EPDP homework - due Wed
> 24 February
>
>
>
> Hi Steve,
>
> thank you for your helpful proposal.
>
>
>
> I think it misses the mark on two essential points however:
>
> 1) Legal vs natural is the wrong differentiation. I believe we already
> moved past this on the legal team, and are close to agreeing the correct
> differentiation would be the following:
>
> a) contains personal information
>
> b) does not contain personal information
>
> This, we believe is the correct differentiation as even the data provided
> by a legal entity can contain or consist of personal information of a
> natural person.
>
>
>
> 2) Our role at this stage is not to make or propose binding rules but to
> provide guidance for those parties that chose to differentiate between data
> sets containing and not containing personal information.
>
>
>
> Regarding your point of inferred status, I feel this goes too far as well
> as we do not currently believe that the quality of the data field is
> sufficient for any automated inferral of status. Cases where the status is
> inferred by the contents of this field do exist, but are usually limited to
> manual review in case of ownership disputes, where the contents of the
> field may prove the deciding factor in determining the right of ownership
> or control over a domain name in cases of dispute.
>
>
>
> One further suggestion is not to front-load the determination in the
> registration or initial data-gathering process, but allow for a larger
> degree of flexibility by also including post-registration determination of
> status.
>
>
>
> Best,
>
> --
> Volker A. Greimann
> General Counsel and Policy Manager
> *KEY-SYSTEMS GMBH*
>
> T: +49 6894 9396901
> M: +49 6894 9396851
> F: +49 6894 9396851
> W: www.key-systems.net
> <https://urldefense.com/v3/__http:/www.key-systems.net/__;!!DOxrgLBm!QLaJJAgxLCncaOTRibshBFoWs4A7m2R5CAe4PqZIyk3cldtLhiVkYpuKMVICbdA5hNCXDYkk$>
>
> Key-Systems GmbH is a company registered at the local court of
> Saarbruecken, Germany with the registration no. HR B 18835
> CEO: Oliver Fries and Robert Birkner
>
> Part of the CentralNic Group PLC (LON: CNIC) a company registered in
> England and Wales with company number 8576358.
>
> This email and any files transmitted are confidential and intended only
> for the person(s) directly addressed. If you are not the intended
> recipient, any use, copying, transmission, distribution, or other forms of
> dissemination is strictly prohibited. If you have received this email in
> error, please notify the sender immediately and permanently delete this
> email with any files that may be attached.
>
>
>
>
>
> On Wed, Feb 24, 2021 at 11:39 AM Steve Crocker via Gnso-epdp-team <
> gnso-epdp-team at icann.org> wrote:
>
> Folks,
>
>
>
> In our view, the proposal has two substantial flaws.  First, it is overly
> specific as to the process *all* contracted registrars must use to
> determine whether the registrant is a legal vs a natural person. Second, it
> includes procedures for verifying the accuracy of the data for legal
> persons.  The procedure is unnecessary for determining whether the
> registrant is a legal person.  If the eventual policy requires a high
> degree of accuracy of a legal person's name and address, that's a separate
> matter and should be dealt with in that part of the policy.
>
>
>
> The attached memo suggests a simpler and more comprehensive approach.
>
>
>
> Thanks,
>
>
>
> Steve
>
>
>
>
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
> <https://urldefense.com/v3/__https:/mm.icann.org/mailman/listinfo/gnso-epdp-team__;!!DOxrgLBm!QLaJJAgxLCncaOTRibshBFoWs4A7m2R5CAe4PqZIyk3cldtLhiVkYpuKMVICbdA5hJ_REMos$>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy
> <https://urldefense.com/v3/__https:/www.icann.org/privacy/policy__;!!DOxrgLBm!QLaJJAgxLCncaOTRibshBFoWs4A7m2R5CAe4PqZIyk3cldtLhiVkYpuKMVICbdA5hKqRmHUw$>)
> and the website Terms of Service (https://www.icann.org/privacy/tos
> <https://urldefense.com/v3/__https:/www.icann.org/privacy/tos__;!!DOxrgLBm!QLaJJAgxLCncaOTRibshBFoWs4A7m2R5CAe4PqZIyk3cldtLhiVkYpuKMVICbdA5hF8pyzEJ$>).
> You can visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>
> _______________________________________________
> Gnso-epdp-team mailing list
> Gnso-epdp-team at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210224/ec41595a/attachment-0001.html>