[gnso-rds-pdp-wg] a suggestion for "purpose in detail"

John Bambenek jcb at bambenekconsulting.com
Wed Mar 22 13:46:29 UTC 2017 

The legal review previously discussed seemed pretty clear. What data protection law requires changes greatly if data elements are optional and/or can be masked. 

Facebook doesn't have to consider every piece of information it collects and each field because all of them are optional. 

We very clearly DO need to consider whether fields are optional and/or they can be masked if we are going to consider data protection laws as a requirement. 

For instance, we can't say DP laws say we don't need phone number and can't collect it if we aren't considering consent and whether its an option or requirement. 

Sent from my iPhone

> On Mar 22, 2017, at 04:02, David Cake <dave at davecake.net> wrote:
> 
> I agree with Stephanie strongly here.
> Free privacy services and similar might make a lot of the practical design issues go away, or might not, But I think that is an issue for Phase 2, in which we construct what a new RDS looks like (presuming we conclude that one is needed). 
> 
> Phase 1 concentrates on fundamental requirements, and knowing which data elements we collect and why is necessary, even if that data is not generally made available to the public. Ant this will impact data protection law even if the data that is collected and retained is not widely accessible. Even if we decided that certain data was only accessible with a warrant, we would still need to justify collecting it. 
> 
> Regards
> 
> 	David
> 
>> On 22 Mar 2017, at 3:49 am, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca> wrote:
>> 
>> Indeed, the WHOIS disclosure instrument may be the thing that sticks in everybody's mind, but it is not the first place to start in addressing a comprehensive approach to RDS privacy.  First you have to address why you are collecting each data element.  Is the core purpose justifiable and proportionate? etc, we spent an hour on it with Mr. Canatacci and we are not done yet....
>> 
>> Yes, privacy proxy services have been the stop gap over the years.  The data is still being collected without a clear statement of purpose, disclosed in a variety of ways that may not pass muster, retained in violation of at least EU law and likely others, data subject access and disclosure rights inadequately addressed......
>> 
>> Lets wait till we get our answers to the questions before we start discussing possible solutions.  I think we are jumping ahead quite a bit.
>> 
>> Stephanie Perrin
>> 
>>> On 2017-03-21 15:18, allison nixon wrote:
>>> I find myself in agreement with the free whois privacy idea. It renders a lot of these privacy concerns moot, and it isn't a big leap to make because many registrars already offer it for free. It also won't break the many security systems used by companies and law enforcement every day. It will also resolve the spam issue. And it does seem that giving users a true, zero-cost, choice as to how they want their data disseminated will resolve a lot of the legal issues as well.
>>> 
>>>> On Tue, Mar 21, 2017 at 3:06 PM, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:
>>>> And part of the "if so" includes whether the individual chooses to protect it in some free privacy regime. It's the same question.
>>>> 
>>>> Its why Twitter can exist. If you post publicly knowing you are doing so and having a true choice, then privacy issues become greatly reduced.
>>>> 
>>>> Here we have (1) you MUST provide "all this stuff" and (2) you MUST pay extra or we broadcast it to the world.
>>>> 
>>>> It isn't an ancillary question. Its the fundamental one.
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>> > On Mar 21, 2017, at 13:55, "ajs at anvilwalrusden.com" <ajs at anvilwalrusden.com> wrote:
>>>> >
>>>> >> On Tue, Mar 21, 2017 at 01:22:18PM -0500, John Bambenek wrote:
>>>> >> I think we should also discuss at a higher level that if privacy services were free from the                 registrars if that would largely resolve all of this.
>>>> >
>>>> > I don't see how.  The experts last week were quite clear that the
>>>> > first question is about collection, and our PDP is chartered to talk
>>>> > about that too, so we have to discuss whether some of this data should
>>>> > be collected at all, and if so by whom.
>>>> >
>>>> > A
>>>> >
>>>> > --
>>>> > Andrew Sullivan
>>>> > ajs at anvilwalrusden.com
>>>> > _______________________________________________
>>>> > gnso-rds-pdp-wg mailing list
>>>> > gnso-rds-pdp-wg at icann.org
>>>> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>> 
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>> 
>>> 
>>> 
>>> -- 
>>> _________________________________
>>> Note to self: Pillage BEFORE burning.
>>> 
>>> 
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> 
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170322/c57526dc/attachment.html>

More information about the gnso-rds-pdp-wg mailing list