[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 3 October
Lisa Phifer
lisa at corecom.com
Tue Oct 3 19:32:49 UTC 2017
Dear all,
Below please find notes from today's RDS PDP WG meeting.
To recap Action Items from today's call:
. Action Item: Staff to incorporate WG agreement in working draft.
. Action Item: WG leadership team to consider input received during
today's meeting and consider how to move forward as today's meeting did not
achieve the goal of moving forward on these questions.
Best regards,
Lisa
Action Items and Notes from RDS PDP WG Call - 3 October 2017
These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki here: https://community.icann.org/x/bWfwAw
1. Roll Call/SOI Updates
. No SOI updates identified
2. Apply results from last week's poll to working document
.
<https://community.icann.org/download/attachments/66086765/AnnotatedResults-
Poll-from-26SeptCall.pdf>
https://community.icann.org/download/attachments/66086765/AnnotatedResults-P
oll-from-26SeptCall.pdf
. 22 members participated in poll
. 77% still don't think Original Registration Date should be a new
data element
. Record in working document as tentative agreement
WG Agreement: There is no requirement for the Original Registration Date as
proposed by the EWG Final Report
Action Item: Staff to incorporate WG agreement in working draft.
3. General questions about WSGR memo
.
<https://gnso.icann.org/en/drafts/wsgr-icann-memorandum-25sep17-en.pdf>
https://gnso.icann.org/en/drafts/wsgr-icann-memorandum-25sep17-en.pdf
. Leadership in consultation with legal advisors within WG have been
working to extract principles from WSGR memo and also answers previously
supplied by senior EU privacy experts, to be applied to our work going
forward
. How was the law firm selected? Several candidates with expertise
identified by staff and augmented with suggestions from legal advisors
within WG. Using that input, candidates were evaluated and chosen based on
experience, reputation, etc. Selection was ultimately made by leadership
team not advisory group, with group's input on two finalists.
. Do we intend to go back to the law firm to ask for more typical
legal advice - that is, tell them what we propose doing, and ask for advice
on legal risks associated with proposal? Yes, we can seek legal advice in
the future, from this firm or another firm, at appropriate points in our
work - that will incur additional cost to seek answers to new questions.
. Were discussions with law firm recorded, or can a transcript be
provided? The leadership team and legal advisors reviewed a confidential
draft for the purpose of identifying any items required clarification,
enabling finalization of the memo.
. The law firm explicitly asked that draft not be shared and be
treated as confidential; they prefer to share only final work product. In
some cases, they asked for clarification of the questions that were asked by
WG. We can share questions that were asked, but those questions focused on
clarification and not questioning views or opinions expressed by WSGR.
. How much did the advisory team feedback impact the ultimate
questions? Not at all. The questions were developed by the WG prior to
ICANN58 meeting, and then presented to full WG for review/edit/approval.
Those questions were then published and asked of senior EU privacy experts
in CPH. We intentionally gave WSGR the same questions (exactly) as were
given to experts at CPH.
. Now it's time to take inputs received from two sources and use it
to address work outlined in our charter...
4. Introduce methodology to be used to apply memo to our work
. Charter questions: Users/Purposes, Gated Access, Data Accuracy,
Data Elements, and Privacy - fundamental questions to be addressed in Phase
1
. We have already examined all but Accuracy to some degree, mostly
for MPDS
. What we're going to do today is to start with Charter question on
Privacy and look at how inputs from senior EU privacy experts AND WSGR help
us answer or move forward in addressing that question/sub-questions
5. Starting with charter question on Privacy for deliberation
a. Introduce DP/Privacy principles related to the charter question on
Privacy
.
<https://community.icann.org/download/attachments/66086765/Handout-RDS-WG-Ca
ll-3Oct2017.pdf>
https://community.icann.org/download/attachments/66086765/Handout-RDS-WG-Cal
l-3Oct2017.pdf
. Copied extracted principles in handout, mapped to the charter
question on privacy and associated sub-questions, to facilitate reference
during deliberation on those questions
. Note that at end of handout there appears the one WG agreement thus
far under the Privacy charter question, which was limited to MPDS: 14. [For
MPDS] Existing gTLD RDS policies do NOT sufficiently address compliance with
applicable data protection, privacy, and free speech laws about purpose
. Review of principles mapped to this charter question/sub question:
. 5.1 Do existing gTLD registration directory services policies
sufficiently address compliance with applicable data protection, privacy,
and free speech laws within each jurisdiction?
b. Starting with Privacy sub-question 5.1, discuss impact on WG agreements
. We are not restricted to EU focus of this input; the input does
provide guidance with respect to that jurisdiction. Our task is to provide
requirements for RDS that takes into consideration all jurisdictions.
. "Within each jurisdiction" = within ALL jurisdictions of the world
. Re: 3.e. The GDPR applies to all personal data, comments that GDPR
does NOT apply to all personal data
. Answer could be "yes" if taking into account procedure for dealing
with conflicts with local law
. Conflating two different issues: policy and implementation. Reading
RAA it matches up with GDPR, but the way it's been implemented does not
(e.g., purpose, consent). Need to ask whether policies address compliance or
whether implementation of those policies do or do not
. Comment: The policy as it is written is tightly bound to the
extreme limitations of whois-the-protocol, which is part of the problem
. For example, from RAA: 3.7.7.4 Registrar shall provide notice to
each new or renewed Registered Name Holder stating:3.7.7.4.1 The purposes
for which any Personal Data collected from the applicant are
intended;3.7.7.4.2 The intended recipients or categories of recipients of
the data (including the Registry Operator and others who will receive the
data from Registry Operator);3.7.7.4.3 Which data are obligatory and which
data, if any, are voluntary; and 3.7.7.4.4 How the Registered Name Holder or
data subject can access and, if necessary, rectify the data held about
them.3.7.7.5 The Registered Name Holder shall consent to the data processing
referred to in Subsection 3.7.7.4.
. Is data escrow within the RDS's scope?
. Do questions not line up with existing policy, producing answers
that are not useful? This is why people are concerned about questions - if
you ask the wrong question, you don't get helpful answers
. Maybe the question should be "Do the existing implementations of
gTLD policy sufficient address compliance....?
. Comment: Current policies violate GDPR for EU citizens - example
CL&D
. Need to distinguish policies from implementation, which is informed
by decisions about who the data controller is
. Note that WSGR did not respond to the questions that are in this
document - these are questions that the WG identified as sub-questions to
help address the overarching charter questions. The principles that you see
were derived from the memo as aiming to assist in responding to these
questions.
. Possible reframing of sub-question 5.1: Do existing gTLD
registration directory services policies and/or implementations PREVENT
compliance with applicable data protection, privacy, and free speech laws
within each jurisdiction?
. Would re-applying existing policy, using RDAP instead of WHOIS,
shed any light on whether it's the policy or the implementation that prevent
compliance with applicable laws?
Action Item: WG leadership team to consider input received during today's
meeting and consider how to move forward as today's meeting did not achieve
the goal of moving forward on these questions.
6. Confirm action items and proposed decision points
. WG Agreement: There is no requirement for the Original Registration
Date as proposed by the EWG Final Report
. Action Item: Staff to incorporate WG agreement in working draft.
. Action Item: WG leadership team to consider input received during
today's meeting and consider how to move forward as today's meeting did not
achieve the goal of moving forward on these questions.
7. Confirm next WG meeting (Tuesday 10 October at 16.00 UTC)
Meeting Materials (all posted at https://community.icann.org/x/bWfwAw)
. 26 September Call poll (closed COB Saturday 30 September)
. Link to participate: <https://www.surveymonkey.com/r/JM679DR>
https://www.surveymonkey.com/r/JM679DR
. PDF of Poll Questions:
<https://community.icann.org/download/attachments/66086762/Poll-from-26Septe
mberCall.pdf?version=1&modificationDate=1506462198000&api=v2>
Poll-from-26SeptemberCall.pdf
. SurveyMonkey Summary Poll Results:
<https://community.icann.org/download/attachments/66086765/SummaryResults-Po
ll-from-26SeptCall.pdf?version=1&modificationDate=1506882150000&api=v2>
SummaryResults-Poll-from-26SeptCall.pdf
. SurveyMonkey Raw Data Poll Results:
<https://community.icann.org/download/attachments/66086765/RawDataResults-Po
ll-from-26SeptCall.zip?version=1&modificationDate=1506882171000&api=v2>
RawDataResults-Poll-from-26SeptCall.zip and
<https://community.icann.org/download/attachments/66086765/RawDataResults-Po
ll-from-26SeptCall.xlsx?version=1&modificationDate=1506882190000&api=v2> XLS
. Annotated Survey Results:
<https://community.icann.org/download/attachments/66086765/AnnotatedResults-
Poll-from-26SeptCall.pdf?version=1&modificationDate=1506963736000&api=v2>
AnnotatedResults-Poll-from-26SeptCall.pdf
. WSGR memorandum:
<https://gnso.icann.org/en/drafts/wsgr-icann-memorandum-25sep17-en.pdf>
https://gnso.icann.org/en/drafts/wsgr-icann-memorandum-25sep17-en.pdf
.
<https://community.icann.org/download/attachments/66086765/Principles%20from
%20DP%20Expert%20and%20WSGR%20-%2029%20Sept%202017.docx?version=1&modificati
onDate=1506964656000&api=v2> Principles from DP Expert and WSGR - 29 Sept
2017.docx
.
<https://community.icann.org/download/attachments/66086765/Handout-RDS-WG-Ca
ll-3Oct2017.pdf?version=1&modificationDate=1506979314000&api=v2>
Handout-RDS-WG-Call-3Oct2017.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171003/c23874d1/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list