[Gnso-epdp-team] Notes and action items - EPDP Phase 2A Meeting #22 - 13 May 2021
Caitlin Tubergen
caitlin.tubergen at icann.org
Thu May 13 15:48:09 UTC 2021
Dear EPDP Team,
Please find below the notes and action items<https://docs.google.com/spreadsheets/d/17qLMYb3HC7qGYPQveXbUq5ZSzvedrQ3t8AdVdrRIdrw/edit#gid=0> from today’s meeting.
The next EPDP Phase 2A meeting will be Tuesday, 18 March at 14:00 UTC.
Best regards,
Berry, Marika, and Caitlin
🚨🚨🚨 Action Items 🚨🚨🚨
Please refer to the project spreadsheet<https://docs.google.com/spreadsheets/d/17qLMYb3HC7qGYPQveXbUq5ZSzvedrQ3t8AdVdrRIdrw/edit#gid=0> for action items.
EPDP Phase 2A - Meeting #22
Proposed Agenda
Thursday 13 May 2021 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Welcome & Chair updates (Chair) (5 minutes)
3. Legal vs. natural (30 minutes)
1. Whether any updates are required to the EPDP Phase 1 recommendation on this topic (“Registrars and Registry Operators are permitted to differentiate between registrations of legal and natural persons, but are not obligated to do so“);
2. What guidance, if any, can be provided to Registrars and/or Registries who differentiate between registrations of legal and natural persons.
Guidance write up
* Remaining outstanding question:
From the latest version of the write up<https://docs.google.com/document/d/103kazmQlFxRmecNosslsZhg6u0MwxoZ5DiZj86j0JB8/edit>:
“For example, differentiation at the time of registration may not be possible or practical in all circumstances, including for certain registrar business models”.
And
“Registrars should convey this option for Registrants to self-identify as natural or legal persons at the time of registration, or at the first opportunity after registration that the Registrar interacts with the Registrant”.
* Are there any scenarios in which there is zero contact between the registrar and the registrant which would mean it would not be possible to differentiate if any of the scenarios are followed (as differentiation would happen either at the moment of registration or at the first contact opportunity between registrar and registrant)?
* Not sure if this is an edge case. In some cases, it is unclear who the registrar of record is since all of the interaction took place with the registrar. Trying to avoid a situation where an obligation can be avoided by subcontracting.
* One question – what are the obligations or is there a way for the obligations of a registrar to flow down to a reseller, and what is the ability to rely on the data provided to it from its reseller?
* The RAA makes it very clear that obligations must be passed down, and this concept shouldn’t be lost just because we are talking about guidance here.
* According to Article 16 of the GDPR, Contracted Parties will need to have a process in place to ensure data subjects can correct their information. Registrars or resellers need to be able to interact with their registrants. It doesn’t make sense for new registrations to have this happen later. Going forward, there needs to be an obligation for CPs to have contactability with their registrants, and this is in line with GDPR.
* This section is guidance, but the comments from ALAC reps seem to suggest obligations and new requirements. The language is designed to offer flexibility to different business models.
* If there is a reseller scenario, the ability to correct information would occur through the reseller. Not sure why this is being discussed further – the italicized text seems to cover this.
* Registrars are obligated to follow the RAA and Consensus Policies – they cannot get out of this just because they work with resellers – the 2009 and 2013 RAA make this explicit.
* Registrars could require their resellers to offer this option. Registrars should communicate their desire to make a distinction to their resellers.
* When providing guidance to CPs, it is important to provide text on the best way to do this. Information should be given to registrants as early as possible informing them of the consequences of this designation. It’s important to include this in the guidance for the benefit of the resellers.
* Suggestion to add “or at the first opportunity after registration”
* The whole point of this – obligations are passed down to resellers, such as the WDRP. Many members came into this exercise with the hope of having policy recommendations come out of this. Because this is not happening, need guidance to be as clear as possible.
* Registrars (or their resellers) should convey – this would guarantee an opportunity to interact with the registrant
* Registrars must ensure this option to self-identify as natural or legal persons is conveyed to Registrants at the time of registration or without undue delay after registration.
* Instead of Registrars or their resellers – Registrars should convey this option directly or through their resellers, - in order to take account of the business relationship and that the obligations flow downward. Strong preference for this to be at the time of registration – since the reseller does have an opportunity to convey this at the time of registration. Instead of “undue delay”, suggest putting in a particular timeframe.
* Propose “Registrars must ensure this option to self-identify as natural or legal persons is conveyed to Registrants at the time of registration or without undue delay after registration.” – This would allow the registrar to convey or to have the reseller convey – this is important – it may be preferable to convey this option with the option to consent. We should allow this option. Open to requiring this within 15 days – informing the domain name registrant within 15 days.
* At the time of registration, or in cases where this is not feasible, within 15 days after registration
* Express concern about allowing this to happen later and to not allow registrants to convey this information at the time of registration. It’s difficult to get registrants to engage after registration – would not rely on that to meet this legal obligation to allow self-designation.
* Important to listen to registrars here
* If the distinction is important, this needs to be made right at the time of registration.
* Do not understand the reticence to having this done at time of registration
* Check boxes do not denote understanding. The purchase path within a registrar – the effect that additional steps have must be looked at from a commercially reasonable point of view.
* Confirm next steps.
* Support Staff to take the discussion into account and proposed edited text in the guidance document.
4. Feasibility of unique contacts (30 minutes)
1. Whether or not unique contacts to have a uniform anonymized email address is feasible, and if feasible, whether it should be a requirement.
2. If feasible, but not a requirement, what guidance, if any, can be provided to Contracted Parties who may want to implement uniform anonymized email addresses.
* Review and consideration of input provided on write up – outstanding questions:
· A number of comments / questions were raised in relation to the legal committee team developed definitions which were reviewed and considered by the EPDP Team. Are updates necessary in the context of the Initial Report write up?
* Could consider adding across registries
* Support Staff could provide explanatory text in a footnote.
· A placeholder was added to consider possible guidance in relation to EPDP Phase 1 recommendation concerning expectations for web-forms. RrSG has indicated that this is not within scope for the EPDP Team while others have suggested that the recommendation #13 cannot be implemented as intended (note, Staff Support team is not aware of this being brought as an issue to the GNSO Council by the IRT). EPDP Team to consider further what, if anything, should be added to the Initial Report on this topic.
* Recommendation 13 somewhat innocently says anonymized contact or webform. This text was written over 2 years ago. Web forms today do not work, and when this was written, this was not envisioned. Need to specify which IRT. If we are going to allow web form, they need to be used. Recommend updating Recommendation 13.
* Have been referring to the Phase 1 IRT, which is in place to implement existing consensus policy language. There is a reference to a web form and contactability. If there is more work that needs to be done on the functionality of a web form, this is a topic for the Phase 1 IRT. This issue has not been raised within the IRT.
* Does the IRT have the authority to specify rules for web forms – this seems like a real far push.
* This issue will be raised in the Phase 1 IRT. If we do not have a unique email address that enables contact to a registrant, then what we should come to consensus on are some minimum requirements for web forms.
* Web forms are creating an avenue for abuse. It’s important that registrars have the flexibility with implementing this web form to prevent abuse.
* The Team does not have enough time to discuss the unique contacts since 80% of time has been taken up by legal v. natural. This should be captured at the beginning of the report.
* Thus far, there were no specific proposals put forward by the group on this topic.
* If CPs are willing to follow rules from an IRT, it is not sufficient to toss it back to Phase 1 that cannot make any rules. Concrete suggestions: there are two relevant recs in Phase 1 – recs. 6 and 13. Therefore it is within our scope.
* IRT Phase 1 keeps coming back – this is a slippery slope that an IRT is creating policy. IRTs and policy development have different functions.
* Contacting a registrant is useful – useful to resolve issues without having to go to outside council. In terms of the scope of Phase 2A, we are talking about contactability – if it is not working as is in the current environment, looking for meaningful requirements in terms of contactability.
* If there are challenges within ongoing implementation, this is an issue for ICANN compliance and the Phase 1 IRT.
* The group’s charter is to look at anonymized and pseudonymized is feasible. We cannot ignore that the webforms are not working; we should not be limited.
* A simple email forwarder would do the job – there is no need for a scrambled email address. Having trouble understanding why there is a web form/anonymized email address when there could be an email forwarder.
* Thought the group agreed that anonymized email was feasible and we were looking at different levels or risk for the types of emails.
* Confirm next steps – EPDP Team to review updated version of write up and flag any comments or suggested edits in the form of comments to the document by Friday 14 May.
5. Homework assignments reminder (5 minutes)
· By Friday 14 May, EPDP Team to review proposed LvN question i write up for the Initial Report (https://docs.google.com/document/d/1CBKYrgEOwxpLtZJbck4XMAnJcqEdOS6ObiSHio6y0n4/edit#heading=h.gjdgxs). Please provide comments, suggestions and proposed edits in the form of comments.
· By Friday 14 May, EPDP Team to review updated version of feasibility of unique contacts write up for the Initial Report (https://docs.google.com/document/d/1Dl-71SsX_OqDNpvN-rQ9K_wJnevEVW0V0oH32xYl2nA/edit) Please provide comments, suggestions and proposed edits in the form of comments.
6. Wrap and confirm next EPDP Team meeting (5 minutes):
1. EPDP Team Meeting #23 Tuesday 18 May at 14.00 UTC
2. Confirm action items
3. Confirm questions for ICANN Org, if any
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-epdp-team/attachments/20210513/16ec4835/attachment-0001.html>
More information about the Gnso-epdp-team
mailing list