[gnso-rds-pdp-wg] My notes from the discussion with the Data Protection Commissioners on 13 March 2017

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Tue Mar 21 00:24:08 UTC 2017 

Sorry John, I don't think I understand the question.  What do you mean 
by a *free* option, do you mean if proxy services were free, would that 
satisfy them?  My answer to that question would be no, because WHOIS is 
only one disclosure instrument.  There are still other issues that 
violate DP law, such as over-collection, over-disclosure upon request, 
failure to describe the purpose of processing, failure to explain 
subject access rights, illegal data retention, problematic transfer of 
personal data to jurisdictions which are not *adequate* according to 
Directive 95/46, etc.  Not to put words in their mouths or anything....

We only got through 1 of our questions.

Stephanie


On 2017-03-20 19:24, John Bambenek wrote:
> Was a question asked of the data protection authorities if whois 
> privacy where a *free* option, would that satisfy them?
>
> Sent from my iPhone
>
> On Mar 20, 2017, at 18:20, Stephanie Perrin 
> <stephanie.perrin at mail.utoronto.ca 
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
>> I agree, it could be useful.  Although one of the DP authorities 
>> (sadly I cannot remember which one) did point out that it was not a 
>> given that any ccTLD approach is necessarily  legally correct. But 
>> the point is, various among them have consulted their DPAs and have a 
>> different approach than ICANN.
>>
>> Stephanie
>>
>> On 2017-03-20 18:15, Deacon, Alex wrote:
>>>
>>> Hi,
>>>
>>> I seem to remember (through a haze of jetlag) a discussion regarding 
>>> getting input and thoughts from the ccTLD community – especially 
>>> those based in the EU.    Id like to suggest we pursue this.
>>>
>>> After an informal chat with a European ccTLD operator during one of 
>>> the breaks it was clear their input (based on concrete experience) 
>>> would be quite useful.
>>>
>>> Alex
>>>
>>> On 3/20/17, 12:12 PM, <gnso-rds-pdp-wg-bounces at icann.org 
>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org> on behalf of 
>>> stephanie.perrin at mail.utoronto.ca 
>>> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>>>
>>> I agree with Scott, gated access was an early agreement.   It is 
>>> worth noting that the data commissioners have asked for this before. 
>>> (Offhand I cannot remember which documents, but I think it was  a 
>>> rhetorical question from Buttarelli....they are aware of the tiered 
>>> access that some ccTLDs operate.)
>>>
>>> Regarding the numbers cited for COE's convention 108, I would have 
>>> to check the transcript, but I recall the mention of over a hundred 
>>> countries which have based their data protection laws on the COE 
>>> convention.  This number is different than countries who have 
>>> ratified the convention....Canada, for instance, relied on the 
>>> principles in both OECD Guidelines and Convention 108 for our 
>>> privacy legislation, but are only observers, and have not signed on 
>>> to the treaty.  This is doubtless the case for many other 
>>> countries.  The point here is that the basic principles have been 
>>> adopted in most data protection laws.
>>>
>>> Many countries of course based their legislation on the EU Directive 
>>> 95/46 because they wanted to be deemed adequate at the same time, 
>>> but 95/46 also was based on/congruent with COE 108.
>>>
>>> Stephanie Perrin
>>>
>>> On 2017-03-20 07:11, Hollenbeck, Scott via gnso-rds-pdp-wg wrote:
>>>
>>>     *From:*gnso-rds-pdp-wg-bounces at icann.org
>>>     <mailto:gnso-rds-pdp-wg-bounces at icann.org>
>>>     [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Gomes,
>>>     Chuck via gnso-rds-pdp-wg
>>>     *Sent:* Sunday, March 19, 2017 8:33 AM
>>>     *To:* icann at ferdeline.com <mailto:icann at ferdeline.com>;
>>>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>     *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] My notes from the
>>>     discussion with the Data Protection Commissioners on 13 March 2017
>>>
>>>     Thank you very much for doing this Ayden.  I found it very
>>>     helpful and share a few personal comments here.
>>>
>>>     “Data controllers should not fragment their policies depending
>>>     on the territory.  (GB, JC)”
>>>
>>>     ·While I do not question that this point was made, I suspect
>>>     that when we get into the policy and implementation phases we
>>>     will likely encounter some issues where different jurisdictions
>>>     have conflicting requirements and we may have to localize some
>>>     requirements by jurisdiction.  If I remember correctly, I think
>>>     the EWG addressed this and that RDAP makes this possible to do
>>>     from a technical point of view.
>>>
>>>     ““The major treaty on data protection is Convention 108. And
>>>     Convention 108 is open
>>>
>>>     for signature to countries across the world. Uruguay has signed
>>>     it. Tunisia has signed
>>>
>>>     it. And another ten countries are now observers. And it is that
>>>     convention [not the
>>>
>>>     European Union’s GDPR] which has actually provided the standard
>>>     with which more
>>>
>>>     than another 100 countries around the world have followed.” (JC)”
>>>
>>>     ·I could be mistaken but I thought that there were over 50
>>>     countries that signed on to Convention 108.  Am I mistaken on that?
>>>
>>>     [SAH] I found the list of signatories here, Chuck:
>>>     https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=fz15vACH
>>>
>>>     If I’m counting correctly there are 47 countries identified as
>>>     states that have signed and ratified the convention. Three
>>>     others are identified as “Non-Members of Council of Europe” who
>>>     have ratified.
>>>
>>>     ““Is there any other less intrusive method compared to mandatory
>>>     publication that
>>>
>>>     would serve the purpose of the WHOIS directories without all
>>>     data being directly
>>>
>>>     available online to everybody?” (GB)”
>>>
>>>     ·Isn’t this essentially a conclusion that the EWG arrived at?  I
>>>     would appreciate it if EWG members would comment on this.
>>>
>>>     [SAH] This EWG member’s recollection is that we recommended
>>>     implementation of gated access to serve the purpose “without all
>>>     data being directly available online to everybody”.
>>>
>>>     Scott
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>
>>>     gnso-rds-pdp-wg mailing list
>>>
>>>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>
>>>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>>
>>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170320/231ae5fb/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list