[gnso-rds-pdp-wg] Mp3, Attendance & AC Chat for Next-Gen RDS PDP WG on 07, February 2017
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Wed Feb 8 15:33:12 UTC 2017
I did not use these slides, as I thought one set of slides was enough.
The references may be useful to those who are interested, so I attach
them now.
Stephanie Perrin
On 2017-02-08 09:20, Gomes, Chuck wrote:
>
> Thanks to everyone who participated in our WG call yesterday. We had
> one of our best turnouts in quite a while.
>
> For those who were unable to attend, I strongly encourage you to
> listen to the recording and/or read the transcript. While we didn’t
> come to any conclusions, there was a lot of excellent discussion about
> data protection principles and laws that will provide important
> background for our work the next few weeks and leading up to our
> meetings in Copenhagen.
>
> Chuck
>
> *From:*gnso-rds-pdp-wg-bounces at icann.org
> [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Michelle
> DeSmyter
> *Sent:* Tuesday, February 07, 2017 8:12 PM
> *To:* gnso-rds-pdp-wg at icann.org
> *Cc:* gnso-secs at icann.org
> *Subject:* [EXTERNAL] [gnso-rds-pdp-wg] Mp3, Attendance & AC Chat for
> Next-Gen RDS PDP WG on 07, February 2017
>
> Dear All,
>
> Please find the attendance of the call attached to this email and
> the MP3 recording below for the Next-Gen RDS PDP Working group call
> held on Tuesday, 7 February 2017 at 17:00 UTC.
>
> *MP3:*https://audio.icann.org/gnso/gnso-nextgen-rds-pdp-07feb17-en.mp3
> <https://audio.icann.org/gnso/gnso-nextgen-rds-pdp-07feb17-en.mp3%20>
> <http://audio.icann.org/gnso/gnso-nextgen-rds-13sep16-en.mp3><http://audio.icann.org/gnso/gnso-nextgen-rds-06sep16-en.mp3>
>
> The recordings and transcriptions of the calls are posted on the GNSO
> Master Calendar page:
>
> http://gnso.icann.org/en/group-activities/calendar
> <http://gnso.icann.org/en/group-activities/calendar#nov>
>
> ** Please let me know if your name has been left off the list **
>
> Mailing list archives:http://mm.icann.org/pipermail/gnso-rds-pdp-wg/
>
> Wiki page: https://community.icann.org/x/HIzRAw
>
> Thank you.
>
> Kind regards,
>
> Michelle DeSmyter
>
> ———————————————
>
> *_AC Chat Next-Gen RDS PDP WG _**_Tuesday_**_, 7 February 2017_*
>
> Michelle DeSmyter:Dear all, Welcome to the Next-Gen RDS PDP WG call
> on Tuesday, 7 February 2017 at 17:00 UTC.
>
> Michelle DeSmyter:Meeting page:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_HIzRAw&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=lc27DjD-rSaPdif3WmToWEno_eegMi7egqAgi_JeE_A&e=
>
> Chris Pelling:Afternoon all :)
>
> Chuck Gomes:Hello everyone
>
> Maryan Rizinski:Hello Chuck
>
> Benny Samuelsen / Nordreg AB:Afternoon all
>
> Pitinan Kooarmornpatana:Hello everyone :)
>
> Alex Deacon:good morning
>
> Theo Geurts:Good evening
>
> Maxim Alzoba (FAITID):good evening
>
> Marika Konings:Peter, you can move the slides by using the arrows in
> the slide pod.
>
> Norbert Komlan GLAKPE:Hello all
>
> Marika Konings:Unless you prefer staff to do it for you
>
> Peter Kimpian:thanks, Peter
>
> Peter Kimpian:I am here
>
> Peter Kimpian:I am here
>
> Michelle DeSmyter:he is a presenter
>
> Lisa Phifer:Slides can be downloaded from
> https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_64064540_Kimpian-5Fpdp-5Frds-5F2-5F2-5F17.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=I_NeBoC3gWnsk0-svUCTUNOA2jo8Nc40Eo4d_d3pL8I&e=
>
> Marika Konings:Peter, have you enabled your audio in Adobe connect
> or are you connected by phone?
>
> Marika Konings:We can dial out to you if that is easier
>
> Michelle DeSmyter:I will send him a private chat
>
> Benny Samuelsen / Nordreg AB:someone need to mut
>
> Vaibhav Aggarwal (NCSG):Hello Guys
>
> Benny Samuelsen / Nordreg AB:mut
>
> Vaibhav Aggarwal (NCSG):Sorry I was Late
>
> Vaibhav Aggarwal (NCSG):A Special Hello to Peter Kimpian :-)
>
> Alan Greenberg:I will be in CPH, but may not be able to participate
> in meeting due to conflicts.
>
> Benny Samuelsen / Nordreg AB:A problem for several of us Alan
>
> Lisa Phifer:Stephanie you may need to mute your speakers when your
> mic is open and others speak
>
> Maxim Alzoba (FAITID):some countries have no common law, only legal
> acts and written laws
>
> Lisa Phifer:Greenleaf's book - more info at
> https://urldefense.proofpoint.com/v2/url?u=http-3A__papers.ssrn.com_sol3_papers.cfm-3Fabstract-5Fid-3D2603502&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=-Wso0eREbIZgQv8o11RTkjPT0POsZFAzhV3nT6se5_Q&e=
>
> Stephanie Perrin:"Common law" and "civil law" refer to two different
> styles of legislation. In Canada we draft federal laws in both
> traditions, because Quebec is a civil law jurisdiction, the rest of
> Canada is common law.
>
> Kal Feher:is this slide deck downloadable at the moment?
>
> Lisa
> Phifer:https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_64064540_Kimpian-5Fpdp-5Frds-5F2-5F2-5F17.pdf&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=I_NeBoC3gWnsk0-svUCTUNOA2jo8Nc40Eo4d_d3pL8I&e=
>
> Kal Feher:thank you
>
> Sara Bockey:Hello all... apologies for joining late
>
> Stephanie Perrin:So in Canada lawyers are trained in common law or
> civil law, some qualify in both (takes extra year)
>
> Alex Deacon:Dumb question - Is ICANN the "data controller" in our
> world? Or is it the registries/registrars?
>
> Chuck Gomes:@ Alex: Please ask that question in Q&A if it is not
> answered sooner.
>
> Alex Deacon:will do
>
> Stephanie Perrin:ICANN is the data controller, because it sets the
> RAA which defines collection, use and discolosure. Registrars and
> registries are data processors WRT the data that ICANN tells them to
> collect and display, including all relevant policies. THey are data
> controllers with respect to their own business operations, data they
> gather to sell other services for which ICANN does not set policy. So
> they are hybrid.
>
> Alex Deacon:got it. thanks.
>
> Chuck Gomes:Thanks Stephanie. Very helpful.
>
> Stephanie Perrin:That means, by the way, that ICANN would get the
> fines under the new regulation.
>
> Fabricio Vayra:Note, this data collector definition was hotly
> debated during the EWG and I believe we never concluded as such
>
> Stephanie Perrin:There are Art 29 documents on the concept of data
> controller and data processor on their website. Also on purpose
> specification.
>
> Fabricio Vayra:So you noted, and we reviewed and considered during
> the EWG
>
> Fabricio Vayra:Just saying, the collective groups reading of that
> didn't land on the same conclusion ... as I recall
>
> Chuck Gomes:@ Fabricio: Please raise your hand at an appropriate
> point to share more about the conflict in the EWG.
>
> Susan Kawaguchi:domain:
>
> facebook.huregistrant:
>
> FACEBOOK INC.registrant:
>
> FACEBOOK INC.address:
>
> 1601 Willow Roadaddress:
>
> CA 94025 Menlo Parkaddress:
>
> USphone:+1.650 543 4801fax-no:
>
> +1.650 543 4800hun-id:
>
> 1004461405admin-c: 2004663199tech-c:2004659621zone-c:
>
> 3000101177name server:
>
> ns4.lovellsnames.orgname server:
>
> ns1.lovellsnames.orgname server:
>
> ns2.lovellsnames.orgname server:
>
> ns3.lovellsnames.orgregistered:
>
> 2006-04-11 23:11:28changed:
>
> 2014-02-06 11:14:02registrar:
>
> 1990917022 admin-c:Dr. Partos László, Partos & Nobletaddress:
>
> Szent István tér 11/B.address:
>
> 1051 Budapestaddress:
>
> HUphone:+36 1 505 4480fax-no:
>
> +36 1 505 4485hun-id:
>
> 2004663199 tech-c:Hogan Lovells LLPaddress:
>
> 17 avenue Matignon, CS30027address:
>
> 75378 Parisaddress:
>
> FRphone:+33.153674747fax-no:
>
> +33.153674748e-mail:
>
> hostmaster at lovellsnames.orghun-id
> <mailto:hostmaster at lovellsnames.orghun-id>:
>
> 2004659621 zone-c:KiberNet Zone Adminaddress:
>
> Victor Hugo 18-22.address:
>
> 1132 Budapestaddress:
>
> HUphone:(1) 4384567fax-no:
>
> hun-id:3000101177
>
> registrar: CyberNet Ltd.registrar: KiberNet Kft. (Re
>
> Alex Deacon:I was under the impression most of these applied only to
> "natural persons".
>
> Fabricio Vayra:@Chuck, there's not much to say other than what I've
> written. I think the group should read and discuss rather than just
> take one conclusion as dicta
>
> Stephanie Perrin:While I am crushed by the fact that you guys were
> unconvinced by my arguments, and those of the experts I cited, we
> should in my view not push the matter to the point where a Max SChrems
> has to pop up and take a case to Court.
>
> Holly Raiche:What about situations where the contact details of an
> individual are gathered in their capacity as a contact point for a
> registry/registrar
>
> Maxim Alzoba (FAITID):companies register in an open register of
> legal bodies , and info is availble there, so what is the reason to
> protect it in some other place? (if is already available)
>
> Fabricio Vayra:Article 29 WP 76 Opinion 2/2003 "registration of
> domain names by individuals raises different legal considerations than
> that of companies or other legal persons registering domain names" ...
> "the publication of certain information about the company or
> organisation (such as their identification and their physical address)
> is often a requirement by law in the framework of the commercial or
> professional activities they perform"
>
> Alan Greenberg:I thought w were talking only about THIN DATA today.
>
> Fabricio Vayra:Happy to have further input, Stephanie.
>
> Fabricio Vayra:@Alan, agreed.
>
> Theo Geurts:Susan, this applies only to personal data.
>
> Chris Pelling:COMMENT: Sorry but the PPSAI WG already deliberated
> this and it was understood that companies could use privacy protection
> if they so wished
>
> Chris Pelling:as sites would have to have their name and address on
> anyway if they were selling
>
> Susan Kawaguchi:@Theo thanks so we have two categories of data
> personal and commercial
>
> Alan Greenberg:@Chris, that is not always the case, Many merchants
> on the Internet provide NO contact ot identity information.
>
> Susan Kawaguchi:@Chris proxy is a different issue
>
> Chris Pelling:@Alan - but ultimately we already dealt with this on PPSAI
>
> Theo Geurts:yes commercial data has to be displayed in most EU
> countries. . commercial as for example a compay Susan
>
> Chris Pelling:we speent 2 years doing PPSAI
>
> Theo Geurts:but this is not part of a commercial use discussion,
>
> Susan Kawaguchi:no this is a discussion of commercial registration
> of domain names
>
> Greg Aaron:I think the question was a bit confusing. My
> udnerstanding is that if domain is registered by a company, then the
> names etc. of individuals may appear in whois in the domain
> record. That's expliclty .UK's policy, which has been vetted quite
> extensively for compliance with EU law.
>
> Greg Aaron:So in Susan's example, -- Facebook.hu -- there's the name
> of a person.
>
> Stephanie Perrin:the matter of what a business has to provide on the
> internet to identify itself varies enormously from jurisdiction to
> jurisdiction and is set by local law.
>
> Susan Kawaguchi:@Greg yes our outside counsel consented to the use
> of the information as part of the requirement to register the domain name
>
> Susan Kawaguchi:@Stephanie I agree but since one of the
> possibilities for the new RDS system is to display by jurisdiction we
> need to look at each and everyone
>
> steve metalitz:@Stephanie but are those "other rights" for small
> organizations privacy or data protection rights?
>
> Maxim Alzoba (FAITID):in the provided example the secretary should
> have used the church address
>
> Maxim Alzoba (FAITID):there is no way to distinguish private address
> from the public one unthil there is no flag in place
>
> Maxim Alzoba (FAITID):Are we suggesting introduction of private
> person data flag on the top of the current DNS set ?
>
> Maxim Alzoba (FAITID):currently Registries recieve Privacy
> protection service as a text field of the name of the person
>
> steve metalitz:@Stephanie, thanks, the last point about your
> registration agreement may be a compliance issue --- because
> disclosure and obtaining consent ("a.k.a. notice and choice"?) is
> required under RAA 3.7.7.4 and 3.7.7.5.
>
> Greg Aaron:Notice of use of data is required in the RAA,
> Stephanie. If you say you can't find them in your registration
> contract, then please write into ICANN's complinace department.
>
> Fabricio Vayra:I thought the requirement wasn't to inform about
> rights, but to provide information sufficient to obtain "specific and
> informed consent of the subscriber ... prior to the inclusion of his
> personal data into all kinds of public directories (traditional
> telephony, mobile telephony, electronic mail, electronic signatures
> etc.) used for reverse or multi-criteria searches." Article 29 WP 33
> Opinion 5/2000
>
> Fabricio Vayra:@Steve. Thanks, and Registrars are required to
> "3.7.7.5 The Registered Name Holder shall consent to the data
> processing referred to in Subsection 3.7.7.4."
>
> Susan Kawaguchi:I would think that a ccTld registry would review the
> legal collection and display of data in their country.
>
> Stephanie Perrin:What I am talking about is the requirement under
> PIPEDA to inform me of my rights under that law....
>
> Theo Geurts:Most ccTLD registries comply perfectly when it comes to
> personal data and data regulation/law in combination of whois output
>
> Susan Kawaguchi:Thanks Theo
>
> Stephanie Perrin:In Europe they do. NOt sure about elsewhere.
>
> steve metalitz:@Maxim, good question. Is anything that we have
> referred to as "thin data" PII? And if not, how do these general
> principles (as presetned by Peter and Stephanie) apply?
>
> Benny Samuelsen / Nordreg AB:Well said Theo... its a wormhole
>
> Maxim Alzoba (FAITID):in case where a director (or CEO) by mistake
> used his home address and phone instead of the office one for a
> company domains ...it could be seen as a parsonal data (despite the
> fact that the particular person is not very advanced in
> understanding of personal data, local personal data regulator might
> say that is has to be protected)
>
> Theo Geurts:@stephanie a lot of ccTLDs outside the EU also do not
> display personal data in a WHOIS, though most of them are thick registries
>
> steve metalitz:@Ste[hanie can you give an example of thin data that
> is "personal data" as you use the term?
>
> Maxim Alzoba (FAITID):the question of personal identification might
> have different answers (for example Police might say - that this set
> is enough for us to identify with 99% weight, where some ministry
> might say that is not a personal data)
>
> Maxim Alzoba (FAITID):so it is very dependent on a particular
> governmental agency/Law Enforcement/Data Regulator
>
> steve metalitz:Just FYI, "personal data" is a defined term in RAA
> "data about about any identified or identifiable natural person."
>
> Scott Hollenbeck (Verisign):THin data for domain
> example.com: Domain Name: EXAMPLE.COM Registrar: RESERVED-INTERNET
> ASSIGNED NUMBERS AUTHORITY Sponsoring Registrar IANA ID: 376 Whois
> Server: whois.iana.org Referral URL:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__res-2Ddom.iana.org&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=td5M9ZFdZEFYDnx4caKGtuOfOI8_Qt7_7r6bQGgmHbc&e= Name
> Server: A.IANA-SERVERS.NET Name Server: B.IANA-SERVERS.NET Status:
> clientDeleteProhibited
> https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.org_epp-23clientDeleteProhibited&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=AC6Y7Rf1VKtDfFZq3PEU_2LPfrFdDnKD7P9CaIU1JeA&e= Status:
> clientTransferProhibited
> https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.org_epp-23clientTransferProhibited&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=Uy2DKpPGhKqJ9HRS4qJLQ98TdBNDjE0M9gYyLmea5Kk&e= Status:
> clientUpdateProhibited
> https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.org_epp-23clientUpdateProhibited&d=DwIFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=oq1gcB9v_hPVs7u_EgoL-woVPpSg6ll-onpLgLlzUnY&s=fl4n7firUWvQFiW_YqcGkCwAbhX3ldcmpbzFm3vEmow&e= Updated
> Date: 14-aug-2016 Creation Date: 14-aug-1995 Expiration Date:
> 13-aug-2017
>
> Maxim Alzoba (FAITID): Registries have to comply with the local law
> , and it has own definitions
>
> Scott Hollenbeck (Verisign):I don't see anything tjhere that can be
> loinked to an individual.
>
> Theo Geurts:@Steve I think the RAA should not be leading for RDS
>
> Fabricio Vayra:@Scott. Agreed
>
> Alex Deacon:@Theo - but i think we need to be consistent in the use
> of "defined terms".
>
> Theo Geurts:@Alex I agree there, I guess I am not just happy with
> the RAA one ;)
>
> Alex Deacon::)
>
> steve metalitz:@Theo, agree the RAA definition is not
> controlling. But it is the status quo and it can be helpful to be
> clear on that starting point.
>
> Alex Deacon:@Chuck - I think Peter K wanted to join the debate.
>
> Theo Geurts:@Steve, agreed
>
> Maxim Alzoba (FAITID):in case of thin whois ... I am not sure where
> can we find personal data ... if we have a REgistrar named as a
> personal address of a person ... ?
>
> Fabricio Vayra:+1 Greg. Thanks.
>
> Theo Geurts:+1 Greg Aaron, agreed
>
> Maxim Alzoba (FAITID):professional legal advice about personal data
> legislation in all countires might cost 10th Millions USD
>
> Theo Geurts:Maxim, auction funds ;)
>
> Stephanie Perrin:Do you use thin data to find me? answer yes.
>
> Maxim Alzoba (FAITID):if the current top audit companies used ...
> most probably
>
> Alex Deacon:@ stephanie - I'm not sure the logic you are using is
> sound. perhaps we need to study the property of transitivity for
> this use case.
>
> Scott Hollenbeck (Verisign):@Stephanie: I would use thin data to
> find your registrar, and then your registrar to find you.
>
> Stephanie Perrin:Right. But the data you started with pertains to me.
>
> Maxim Alzoba (FAITID):asking GAC will not help (GAC is more about
> telecom ministries , non necesary personal data regulators)
>
> Chris Pelling:we can hear you :)
>
> Scott Hollenbeck (Verisign):You and thousands of other people
>
> Susan Kawaguchi:@stephanie does an updated data really exclusively
> pertain to you?
>
> Greg Aaron:I don't believe that "anything" an be considered personal
> information.
>
> steve metalitz:+1 Greg A and I still have not heard an example of
> which of the data elements listed in Thin Whois record is personal data.
>
> Fabricio Vayra:Or address the gating question of informed consent.
>
> Sara Bockey:I need to drop for another call. thanks all
>
> Kal Feher:I think that regardless of your position on: thin =
> personal data or thin != personal data, there are good reasons
> directly related to domain management to disclose it
>
> Susan Kawaguchi:+ 1 Kal
>
> Maxim Alzoba (FAITID):it was a good confcall, thanks all
>
> Fabricio Vayra:thanks, Chuck and tema
>
> Fabricio Vayra:team
>
> Maxim Alzoba (FAITID):bye all
>
> Chris Pelling:Thansks all
>
> Alex Deacon:thanks everyone....
>
> Farell FOLLY (Africa 2.0):It was great
>
> Nathalie Coupet:Bye all
>
> Stephanie Perrin:Thanks!
>
> Vaibhav Aggarwal (NCSG):Thanks guys
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170208/68ffcfc2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Perrin RDS purpose discussion 2017.potx
Type: application/vnd.openxmlformats-officedocument.presentationml.template
Size: 578393 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170208/68ffcfc2/PerrinRDSpurposediscussion2017.potx>
More information about the gnso-rds-pdp-wg
mailing list