[gnso-rds-pdp-wg] GNSO Next-Gen RDS PDP Working Group teleconference

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Sat Mar 19 02:21:19 UTC 2016 

I think Holly has summarized this issue well.  I would add that the 
problem with running through "requirements" first before agreeing 
purpose, is that the very act of discussing and refining requirements 
before defining purpose adulterates the process of defining purpose.  
One issue that we never really dealt with, in my view, on the EWG, was 
the "value added services" that depend on harvesting robust WHOIS data 
sets. I would hate to accept those practices and businesses, which in my 
view likely violate data protection law, before we define purpose.
I would also add that data retention is part of the data life cycle, and 
cannot be abandoned to some other PDP process, or the next RAA. 
Registration data and the purpose of its collection, use, disclosure, 
and retention, has to be examined in its entirety.
Stephanie Perrin

On 2016-03-18 21:48, Holly Raiche wrote:
>>
>> Folks
>>
>> I still have very  real questions about the order of discussion topics in Phase 1 of the work plan.
>>
>> In item 8, the main topic is ‘develop initial possible requirements lis’t, starting from Questions posed by the Charter.  Yet it isn’t until item 12 that we deliberate on possible fundamental requirements.
>>
>> I am guessing that, to make sense of the order listed, we are to start with a list of all possible requirements (item 8) and by item 12, have the discussion as to what of the possible requirements should be accepted and what ‘requirements' will not be.
>>
>>  From a data protection perspective (that governs all EU countries, Canada, Australia and many other countries), the place to start is to ask what information - particularly personal information - an individual/organisation NEEDS to collect in order to carry out their task/business.  And ONLY that data is collected.  Other data protection steps follow: the personal information that is collected must only be used for the purpose(s) for which it was collected, and the information is only disclosed to the individuals/organisations that should have access.
>>
>> So I am assuming that, at item 12 at the latest, those of us living under data protection legislation will look at the list of possible ‘requirements' and insist that only that information that is required for carrying on the business of a registrar or registry is gathered.  The questions that follow are then about how that limited information is used, and how that limited information is disclosed.
>>
>> If that is not what is intended by the Work Plan, then we must have the discussion on what information is collected at item 8.
>>
>> And while the EWG is a very useful report and a good place, amongst others, to start, we will not necessarily wind up in the same place that it did - and let’s not assume we will.
>>
>> Cheers
>>
>> Holly
>>
>>
>>
>>
>>
>>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list