[gnso-rds-pdp-wg] Mp3, Attendance & AC Chat for Next-Gen RDS PDP WG on 07, February 2017
Gomes, Chuck
cgomes at verisign.com
Wed Feb 8 14:20:29 UTC 2017
Thanks to everyone who participated in our WG call yesterday. We had one of our best turnouts in quite a while.
For those who were unable to attend, I strongly encourage you to listen to the recording and/or read the transcript. While we didn't come to any conclusions, there was a lot of excellent discussion about data protection principles and laws that will provide important background for our work the next few weeks and leading up to our meetings in Copenhagen.
Chuck
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Michelle DeSmyter
Sent: Tuesday, February 07, 2017 8:12 PM
To: gnso-rds-pdp-wg at icann.org
Cc: gnso-secs at icann.org
Subject: [EXTERNAL] [gnso-rds-pdp-wg] Mp3, Attendance & AC Chat for Next-Gen RDS PDP WG on 07, February 2017
Dear All,
Please find the attendance of the call attached to this email and the MP3 recording below for the Next-Gen RDS PDP Working group call held on Tuesday, 7 February 2017 at 17:00 UTC.
MP3: https://audio.icann.org/gnso/gnso-nextgen-rds-pdp-07feb17-en.mp3 <https://audio.icann.org/gnso/gnso-nextgen-rds-pdp-07feb17-en.mp3%20>
<http://audio.icann.org/gnso/gnso-nextgen-rds-13sep16-en.mp3> <http://audio.icann.org/gnso/gnso-nextgen-rds-06sep16-en.mp3>
The recordings and transcriptions of the calls are posted on the GNSO Master Calendar page:
http://gnso.icann.org/en/group-activities/calendar<http://gnso.icann.org/en/group-activities/calendar#nov>
** Please let me know if your name has been left off the list **
Mailing list archives:http://mm.icann.org/pipermail/gnso-rds-pdp-wg/
Wiki page: https://community.icann.org/x/HIzRAw
Thank you.
Kind regards,
Michelle DeSmyter
---------------
AC Chat Next-Gen RDS PDP WG Tuesday, 7 February 2017
Michelle DeSmyter:Dear all, Welcome to the Next-Gen RDS PDP WG call on Tuesday, 7 February 2017 at 17:00 UTC.
Michelle DeSmyter:Meeting page: https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_HIzRAw&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=lc27DjD-rSaPdif3WmToWEno_eegMi7egqAgi_JeE_A&e=
Chris Pelling:Afternoon all :)
Chuck Gomes:Hello everyone
Maryan Rizinski:Hello Chuck
Benny Samuelsen / Nordreg AB:Afternoon all
Pitinan Kooarmornpatana:Hello everyone :)
Alex Deacon:good morning
Theo Geurts:Good evening
Maxim Alzoba (FAITID):good evening
Marika Konings:Peter, you can move the slides by using the arrows in the slide pod.
Norbert Komlan GLAKPE:Hello all
Marika Konings:Unless you prefer staff to do it for you
Peter Kimpian:thanks, Peter
Peter Kimpian:I am here
Peter Kimpian:I am here
Michelle DeSmyter:he is a presenter
Lisa Phifer:Slides can be downloaded from https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_64064540_Kimpian-5Fpdp-5Frds-5F2-5F2-5F17.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=I_NeBoC3gWnsk0-svUCTUNOA2jo8Nc40Eo4d_d3pL8I&e=
Marika Konings:Peter, have you enabled your audio in Adobe connect or are you connected by phone?
Marika Konings:We can dial out to you if that is easier
Michelle DeSmyter:I will send him a private chat
Benny Samuelsen / Nordreg AB:someone need to mut
Vaibhav Aggarwal (NCSG):Hello Guys
Benny Samuelsen / Nordreg AB:mut
Vaibhav Aggarwal (NCSG):Sorry I was Late
Vaibhav Aggarwal (NCSG):A Special Hello to Peter Kimpian :-)
Alan Greenberg:I will be in CPH, but may not be able to participate in meeting due to conflicts.
Benny Samuelsen / Nordreg AB:A problem for several of us Alan
Lisa Phifer:Stephanie you may need to mute your speakers when your mic is open and others speak
Maxim Alzoba (FAITID):some countries have no common law, only legal acts and written laws
Lisa Phifer:Greenleaf's book - more info at https://urldefense.proofpoint.com/v2/url?u=http-3A__papers.ssrn.com_sol3_papers.cfm-3Fabstract-5Fid-3D2603502&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=-Wso0eREbIZgQv8o11RTkjPT0POsZFAzhV3nT6se5_Q&e=
Stephanie Perrin:"Common law" and "civil law" refer to two different styles of legislation. In Canada we draft federal laws in both traditions, because Quebec is a civil law jurisdiction, the rest of Canada is common law.
Kal Feher:is this slide deck downloadable at the moment?
Lisa Phifer:https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_64064540_Kimpian-5Fpdp-5Frds-5F2-5F2-5F17.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=I_NeBoC3gWnsk0-svUCTUNOA2jo8Nc40Eo4d_d3pL8I&e=
Kal Feher:thank you
Sara Bockey:Hello all... apologies for joining late
Stephanie Perrin:So in Canada lawyers are trained in common law or civil law, some qualify in both (takes extra year)
Alex Deacon:Dumb question - Is ICANN the "data controller" in our world? Or is it the registries/registrars?
Chuck Gomes:@ Alex: Please ask that question in Q&A if it is not answered sooner.
Alex Deacon:will do
Stephanie Perrin:ICANN is the data controller, because it sets the RAA which defines collection, use and discolosure. Registrars and registries are data processors WRT the data that ICANN tells them to collect and display, including all relevant policies. THey are data controllers with respect to their own business operations, data they gather to sell other services for which ICANN does not set policy. So they are hybrid.
Alex Deacon:got it. thanks.
Chuck Gomes:Thanks Stephanie. Very helpful.
Stephanie Perrin:That means, by the way, that ICANN would get the fines under the new regulation.
Fabricio Vayra:Note, this data collector definition was hotly debated during the EWG and I believe we never concluded as such
Stephanie Perrin:There are Art 29 documents on the concept of data controller and data processor on their website. Also on purpose specification.
Fabricio Vayra:So you noted, and we reviewed and considered during the EWG
Fabricio Vayra:Just saying, the collective groups reading of that didn't land on the same conclusion ... as I recall
Chuck Gomes:@ Fabricio: Please raise your hand at an appropriate point to share more about the conflict in the EWG.
Susan Kawaguchi:domain:
facebook.huregistrant:
FACEBOOK INC.registrant:
FACEBOOK INC.address:
1601 Willow Roadaddress:
CA 94025 Menlo Parkaddress:
USphone: +1.650 543 4801fax-no:
+1.650 543 4800hun-id:
1004461405admin-c: 2004663199tech-c: 2004659621zone-c:
3000101177name server:
ns4.lovellsnames.orgname server:
ns1.lovellsnames.orgname server:
ns2.lovellsnames.orgname server:
ns3.lovellsnames.orgregistered:
2006-04-11 23:11:28changed:
2014-02-06 11:14:02registrar:
1990917022 admin-c: Dr. Partos László, Partos & Nobletaddress:
Szent István tér 11/B.address:
1051 Budapestaddress:
HUphone: +36 1 505 4480fax-no:
+36 1 505 4485hun-id:
2004663199 tech-c: Hogan Lovells LLPaddress:
17 avenue Matignon, CS30027address:
75378 Parisaddress:
FRphone: +33.153674747fax-no:
+33.153674748e-mail:
hostmaster at lovellsnames.orghun-id<mailto:hostmaster at lovellsnames.orghun-id>:
2004659621 zone-c: KiberNet Zone Adminaddress:
Victor Hugo 18-22.address:
1132 Budapestaddress:
HUphone: (1) 4384567fax-no:
hun-id: 3000101177
registrar: CyberNet Ltd.registrar: KiberNet Kft. (Re
Alex Deacon:I was under the impression most of these applied only to "natural persons".
Fabricio Vayra:@Chuck, there's not much to say other than what I've written. I think the group should read and discuss rather than just take one conclusion as dicta
Stephanie Perrin:While I am crushed by the fact that you guys were unconvinced by my arguments, and those of the experts I cited, we should in my view not push the matter to the point where a Max SChrems has to pop up and take a case to Court.
Holly Raiche:What about situations where the contact details of an individual are gathered in their capacity as a contact point for a registry/registrar
Maxim Alzoba (FAITID):companies register in an open register of legal bodies , and info is availble there, so what is the reason to protect it in some other place? (if is already available)
Fabricio Vayra:Article 29 WP 76 Opinion 2/2003 "registration of domain names by individuals raises different legal considerations than that of companies or other legal persons registering domain names" ... "the publication of certain information about the company or organisation (such as their identification and their physical address) is often a requirement by law in the framework of the commercial or professional activities they perform"
Alan Greenberg:I thought w were talking only about THIN DATA today.
Fabricio Vayra:Happy to have further input, Stephanie.
Fabricio Vayra:@Alan, agreed.
Theo Geurts:Susan, this applies only to personal data.
Chris Pelling:COMMENT: Sorry but the PPSAI WG already deliberated this and it was understood that companies could use privacy protection if they so wished
Chris Pelling:as sites would have to have their name and address on anyway if they were selling
Susan Kawaguchi:@Theo thanks so we have two categories of data personal and commercial
Alan Greenberg:@Chris, that is not always the case, Many merchants on the Internet provide NO contact ot identity information.
Susan Kawaguchi:@Chris proxy is a different issue
Chris Pelling:@Alan - but ultimately we already dealt with this on PPSAI
Theo Geurts:yes commercial data has to be displayed in most EU countries. . commercial as for example a compay Susan
Chris Pelling:we speent 2 years doing PPSAI
Theo Geurts:but this is not part of a commercial use discussion,
Susan Kawaguchi:no this is a discussion of commercial registration of domain names
Greg Aaron:I think the question was a bit confusing. My udnerstanding is that if domain is registered by a company, then the names etc. of individuals may appear in whois in the domain record. That's expliclty .UK's policy, which has been vetted quite extensively for compliance with EU law.
Greg Aaron:So in Susan's example, -- Facebook.hu -- there's the name of a person.
Stephanie Perrin:the matter of what a business has to provide on the internet to identify itself varies enormously from jurisdiction to jurisdiction and is set by local law.
Susan Kawaguchi:@Greg yes our outside counsel consented to the use of the information as part of the requirement to register the domain name
Susan Kawaguchi:@Stephanie I agree but since one of the possibilities for the new RDS system is to display by jurisdiction we need to look at each and everyone
steve metalitz:@Stephanie but are those "other rights" for small organizations privacy or data protection rights?
Maxim Alzoba (FAITID):in the provided example the secretary should have used the church address
Maxim Alzoba (FAITID):there is no way to distinguish private address from the public one unthil there is no flag in place
Maxim Alzoba (FAITID):Are we suggesting introduction of private person data flag on the top of the current DNS set ?
Maxim Alzoba (FAITID):currently Registries recieve Privacy protection service as a text field of the name of the person
steve metalitz:@Stephanie, thanks, the last point about your registration agreement may be a compliance issue --- because disclosure and obtaining consent ("a.k.a. notice and choice"?) is required under RAA 3.7.7.4 and 3.7.7.5.
Greg Aaron:Notice of use of data is required in the RAA, Stephanie. If you say you can't find them in your registration contract, then please write into ICANN's complinace department.
Fabricio Vayra:I thought the requirement wasn't to inform about rights, but to provide information sufficient to obtain "specific and informed consent of the subscriber ... prior to the inclusion of his personal data into all kinds of public directories (traditional telephony, mobile telephony, electronic mail, electronic signatures etc.) used for reverse or multi-criteria searches." Article 29 WP 33 Opinion 5/2000
Fabricio Vayra:@Steve. Thanks, and Registrars are required to "3.7.7.5 The Registered Name Holder shall consent to the data processing referred to in Subsection 3.7.7.4."
Susan Kawaguchi:I would think that a ccTld registry would review the legal collection and display of data in their country.
Stephanie Perrin:What I am talking about is the requirement under PIPEDA to inform me of my rights under that law....
Theo Geurts:Most ccTLD registries comply perfectly when it comes to personal data and data regulation/law in combination of whois output
Susan Kawaguchi:Thanks Theo
Stephanie Perrin:In Europe they do. NOt sure about elsewhere.
steve metalitz:@Maxim, good question. Is anything that we have referred to as "thin data" PII? And if not, how do these general principles (as presetned by Peter and Stephanie) apply?
Benny Samuelsen / Nordreg AB:Well said Theo... its a wormhole
Maxim Alzoba (FAITID):in case where a director (or CEO) by mistake used his home address and phone instead of the office one for a company domains ...it could be seen as a parsonal data (despite the fact that the particular person is not very advanced in understanding of personal data, local personal data regulator might say that is has to be protected)
Theo Geurts:@stephanie a lot of ccTLDs outside the EU also do not display personal data in a WHOIS, though most of them are thick registries
steve metalitz:@Ste[hanie can you give an example of thin data that is "personal data" as you use the term?
Maxim Alzoba (FAITID):the question of personal identification might have different answers (for example Police might say - that this set is enough for us to identify with 99% weight, where some ministry might say that is not a personal data)
Maxim Alzoba (FAITID):so it is very dependent on a particular governmental agency/Law Enforcement/Data Regulator
steve metalitz:Just FYI, "personal data" is a defined term in RAA "data about about any identified or identifiable natural person."
Scott Hollenbeck (Verisign):THin data for domain example.com: Domain Name: EXAMPLE.COM Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY Sponsoring Registrar IANA ID: 376 Whois Server: whois.iana.org Referral URL: https://urldefense.proofpoint.com/v2/url?u=http-3A__res-2Ddom.iana.org&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=td5M9ZFdZEFYDnx4caKGtuOfOI8_Qt7_7r6bQGgmHbc&e= Name Server: A.IANA-SERVERS.NET Name Server: B.IANA-SERVERS.NET Status: clientDeleteProhibited https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.org_epp-23clientDeleteProhibited&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=AC6Y7Rf1VKtDfFZq3PEU_2LPfrFdDnKD7P9CaIU1JeA&e= Status: clientTransferProhibited https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.org_epp-23clientTransferProhibited&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=Uy2DKpPGhKqJ9HRS4qJLQ98TdBNDjE0M9gYyLmea5Kk&e= Status: clientUpdateProhibited https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.org_epp-23clientUpdateProhibited&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=fl4n7firUWvQFiW_YqcGkCwAbhX3ldcmpbzFm3vEmow&e= Updated Date: 14-aug-2016 Creation Date: 14-aug-1995 Expiration Date: 13-aug-2017
Maxim Alzoba (FAITID): Registries have to comply with the local law , and it has own definitions
Scott Hollenbeck (Verisign):I don't see anything tjhere that can be loinked to an individual.
Theo Geurts:@Steve I think the RAA should not be leading for RDS
Fabricio Vayra:@Scott. Agreed
Alex Deacon:@Theo - but i think we need to be consistent in the use of "defined terms".
Theo Geurts:@Alex I agree there, I guess I am not just happy with the RAA one ;)
Alex Deacon::)
steve metalitz:@Theo, agree the RAA definition is not controlling. But it is the status quo and it can be helpful to be clear on that starting point.
Alex Deacon:@Chuck - I think Peter K wanted to join the debate.
Theo Geurts:@Steve, agreed
Maxim Alzoba (FAITID):in case of thin whois ... I am not sure where can we find personal data ... if we have a REgistrar named as a personal address of a person ... ?
Fabricio Vayra:+1 Greg. Thanks.
Theo Geurts:+1 Greg Aaron, agreed
Maxim Alzoba (FAITID):professional legal advice about personal data legislation in all countires might cost 10th Millions USD
Theo Geurts:Maxim, auction funds ;)
Stephanie Perrin:Do you use thin data to find me? answer yes.
Maxim Alzoba (FAITID):if the current top audit companies used ... most probably
Alex Deacon:@ stephanie - I'm not sure the logic you are using is sound. perhaps we need to study the property of transitivity for this use case.
Scott Hollenbeck (Verisign):@Stephanie: I would use thin data to find your registrar, and then your registrar to find you.
Stephanie Perrin:Right. But the data you started with pertains to me.
Maxim Alzoba (FAITID):asking GAC will not help (GAC is more about telecom ministries , non necesary personal data regulators)
Chris Pelling:we can hear you :)
Scott Hollenbeck (Verisign):You and thousands of other people
Susan Kawaguchi:@stephanie does an updated data really exclusively pertain to you?
Greg Aaron:I don't believe that "anything" an be considered personal information.
steve metalitz:+1 Greg A and I still have not heard an example of which of the data elements listed in Thin Whois record is personal data.
Fabricio Vayra:Or address the gating question of informed consent.
Sara Bockey:I need to drop for another call. thanks all
Kal Feher:I think that regardless of your position on: thin = personal data or thin != personal data, there are good reasons directly related to domain management to disclose it
Susan Kawaguchi:+ 1 Kal
Maxim Alzoba (FAITID):it was a good confcall, thanks all
Fabricio Vayra:thanks, Chuck and tema
Fabricio Vayra:team
Maxim Alzoba (FAITID):bye all
Chris Pelling:Thansks all
Alex Deacon:thanks everyone....
Farell FOLLY (Africa 2.0):It was great
Nathalie Coupet:Bye all
Stephanie Perrin:Thanks!
Vaibhav Aggarwal (NCSG):Thanks guys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170208/d7743db3/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list