[gnso-rds-pdp-wg] My notes from the discussion with the Data Protection Commissioners on 13 March 2017

[Gomes, Chuck]

Thank you very much for doing this Ayden.  I found it very helpful and share a few personal comments here.



“Data controllers should not fragment their policies depending on the territory.  (GB, JC)”

•••••••• While I do not question that this point was made, I suspect that when we get into the policy and implementation phases we will likely encounter some issues where different jurisdictions have conflicting requirements and we may have to localize some requirements by jurisdiction.  If I remember correctly, I think the EWG addressed this and that RDAP makes this possible to do from a technical point of view.



““The major treaty on data protection is Convention 108. And Convention 108 is open

for signature to countries across the world. Uruguay has signed it. Tunisia has signed

it. And another ten countries are now observers. And it is that convention [not the

European Union’s GDPR] which has actually provided the standard with which more

than another 100 countries around the world have followed.” (JC)”

•••••••• I could be mistaken but I thought that there were over 50 countries that signed on to Convention 108.  Am I mistaken on that?



““Is there any other less intrusive method compared to mandatory publication that

would serve the purpose of the WHOIS directories without all data being directly

available online to everybody?” (GB)”

•••••••• Isn’t this essentially a conclusion that the EWG arrived at?  I would appreciate it if EWG members would comment on this.



““We would like to have more accountable data controllers. Controllers should do

more homework and identify a sustainable policy, have an answer to different

problems, identify relevant risk, allocate responsibilities, demonstrated [they] comply

with the law and [they] have a suitable policy.” (GB)”

•••••••• If we assume that ICANN is the data controller for much of the registration data, isn’t our task as a WG to help ICANN be more accountable?



I suspect that it will be helpful for us to come back to most if not all of your notes as we move forward.  In most cases, we are going to deliberate on the DC statements made and evaluate them in light of information from other sources.



Chuck



From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Ayden Férdeline
Sent: Saturday, March 18, 2017 1:28 PM
To: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] [gnso-rds-pdp-wg] My notes from the discussion with the Data Protection Commissioners on 13 March 2017



Greetings all,

I took some notes during the Cross-Community Discussion with the Data Protection Commissioners on Monday, and thought I would share them as an informal resource in case you find them useful. Please find attached.

Best wishes,



Ayden Férdeline

linkedin.com/in/ferdeline<http://www.linkedin.com/in/ferdeline>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170319/d66a8d04/attachment.html>