[gnso-rds-pdp-wg] FW: IMPORTANT

Ayden Férdeline icann at ferdeline.com
Fri Oct 13 21:04:09 UTC 2017


Hi Jonathan,

It might indeed be a Regulation if adopted, but this is just a proposal for now. Paragraph 30 of the European Commission's proposed text states, "The right to privacy and to protection of the personal data of a natural person requires that end-users that are natural persons are asked for consent before their personal data are included in a directory. The legitimate interest of legal entities requires that end-users that are legal entities have the right to object to the data related to them being included in a directory."

I do not think it is appropriate for us as a Working Group to try to predict what the outcome will be here; will the proposed text change [this clause hasn't changed over the past 12 months...], will it be adopted at all? I think it will be more productive if we stick with what is definitive; that GDPR has been adopted and enforcement begins in May 2018, and yes, the e-Privacy Directive from 2002 (and again, not a Regulation) has been transposed into national laws in EU member states.

I think the best thing we can do is rely on the legal advice that was commissioned for us, and tailored to respond to the questions that we as a working group sought answers to. Among them, I draw your attention to the answer to question 9. I think the final paragraph, which discusses proportionality in the context of publicly accessible databases, is very relevant when you cite the e-Privacy Directive's references to subscriber directories. Thanks.

Best wishes,

Ayden Férdeline
[linkedin.com/in/ferdeline](http://www.linkedin.com/in/ferdeline)

> -------- Original Message --------
> Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
> Local Time: 13 October 2017 9:23 PM
> UTC Time: 13 October 2017 20:23
> From: jonathan.matkowsky at riskiq.net
> To: Ayden Férdeline <icann at ferdeline.com>, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca>, gnso-rds-pdp-wg at icann.org, theo geurts <gtheo at xs4all.nl>
>
> I think the proposed amendment to the eprivacy directive in effect is being debated as a regulation
>
> http://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_comments_on_the_proposal_for_an_eprivacy_regulation_final_draft_11_september_2017.pdf
>
> On Fri, Oct 13, 2017 at 1:05 PM Ayden Férdeline <icann at ferdeline.com> wrote:
>
>> Hi,
>>
>> Please remember that there is a difference between a Regulation (which GDPR is) and a Directive (which is what e-Privacy is). I think this distinction is important in this conversation. Thanks
>>
>> Best wishes,
>>
>> Ayden Férdeline
>> Sent from ProtonMail Mobile
>>
>> On Fri, Oct 13, 2017 at 8:59 pm, jonathan matkowsky <jonathan.matkowsky at riskiq.net> wrote:
>>
>>> So I am trying to piece this all together. It seems like there may be a possibility that the eprivacy directive will eventually be updated by the regulation but that there is still intense debates over the regulation, that GDPR doesn’t trump the directive itself, and that there may be exceptions in the directive for a public database when GDPR comes into effect.
>>>
>>> If the above is true than GDPR may not actually cover the public Whois when it comes into effect unless and until the regulation comes into effect (which is still being debated and likely won’t be resolved by the time GDPR comes into effect) reconciling inconsistencies between GDPR and the applicable privacy directive that has some kind of exception for a public directory?
>>>
>>> Again, it’s imperative we get clarity around this issue to do our work properly.
>>> Thanks
>>>
>>> On Fri, Oct 13, 2017 at 11:29 AM theo geurts <gtheo at xs4all.nl> wrote:
>>>
>>>> https://www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html
>>>>
>>>> Eprivacy seems to be delayed though
>>>> https://iapp.org/news/a/libe-eprivacy-vote-delayed-juri-itre-and-edps-weigh-in/
>>>>
>>>> Theo
>>>>
>>>> On 13-10-2017 20:22, Stephanie Perrin wrote:
>>>>
>>>>> I believe the Art 29 group has commented on this matter, please check their website for the relevant documents, as I don't believe we have included them in our document respository.
>>>>>
>>>>> Stephanie Perrin
>>>>>
>>>>> On 2017-10-13 14:16, Ayden Férdeline wrote:
>>>>>
>>>>>> Hi Jonathan,
>>>>>>
>>>>>>> the Privacy Directive, as I understand it is not superseded by GDPR
>>>>>>
>>>>>> I presume you are referring to the European Union's e-Privacy Directive (2002/58/EC). If so, from what I understand it is currently being updated so to be consistent with the GDPR. As of last month the proposed revisions were with the Council of the European Union. I'm not sure what movement there has been since then.
>>>>>>
>>>>>> Best wishes,
>>>>>>
>>>>>> Ayden Férdeline
>>>>>> [linkedin.com/in/ferdeline](http://www.linkedin.com/in/ferdeline)
>>>>>>
>>>>>>> -------- Original Message --------
>>>>>>> Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
>>>>>>> Local Time: 13 October 2017 1:51 PM
>>>>>>> UTC Time: 13 October 2017 12:51
>>>>>>> From: jonathan.matkowsky at riskiq.net
>>>>>>> To: Chuck [<consult at cgomes.com>](mailto:consult at cgomes.com), gnso-rds-pdp-wg at icann.org
>>>>>>>
>>>>>>> Chuck, I don’t understand how anyone can share government perspective, and not represent a group in doing so.
>>>>>>>
>>>>>>> I wanted to know whether leadership team has decided to conduct a DPIA, and if so, whether you are using the UK’s guide. I would think while it makes sense to be looking at the purposes of collection, what is primary and secondary cannot be the focus because that presupposes knowing who the controller is. We have not yet decided that as a working group. The memo did not necessarily take into account the role of offering accreditation services and ICANN’s mission.
>>>>>>>
>>>>>>> But it appears whether it’s primary or secondary doesn’t matter for purposes of defining purposes of collecting each data element.
>>>>>>>
>>>>>>> We are not defining the purposes of collecting Whois data but the data elements of the next generation of Whois. That’s what I meant the other day regarding RDS.
>>>>>>>
>>>>>>> To do that, we are not limited to the data elements that currently exist as when we go through this exercise to fulfill ICANN’s mission from ICANN’s perspective including all those involved in cybersecurity, or to offer accredited registration services. The primary purpose of accredited services is to fulfill the mission, and to provide that staple of a service to those that register names with an accredited registrar. It seems we need to carefully consider not only Spec 3 to the 2013 RAA but also Paragraph 14 to the 2017 global amendment to the registry agreement which says unique DNS records may be supportable in the RDS if RDAP supports it. We therefore need to know what RDAP can support, and at the very least need to consider all elements from RFC 7485. This is not a simple exercise, and will take **significant** time.
>>>>>>>
>>>>>>> As we undertake this, we must know from WS law firm what role the public directory service plays in the Privacy Directive, as I understand it is not superseded by GDPR, and Whois is a public directory. This is critical analysis we are possibly missing. Can you ask them to address this ASAP please?
>>>>>>>
>>>>>>> Thanks
>>>>>>> Jonathan
>>>>>>>
>>>>>>> On Wed, Oct 11, 2017 at 11:35 AM Chuck <consult at cgomes.com> wrote:
>>>>>>>
>>>>>>>> We have 34 volunteers at present; it would help a lot if we could get a lot more so that teams will not have to cover more than one of the nine purposes.
>>>>>>>>
>>>>>>>> Thanks much to the 34 of you who have volunteered.  I hope many more will complete the poll and volunteer in the remaining 6 or so hours of the poll.
>>>>>>>>
>>>>>>>> We are particularly low for the government perspective.  Remember, team members are not being asked to represent any group but rather to share their understanding of the perspective.
>>>>>>>>
>>>>>>>> Chuck
>>>>>>>>
>>>>>>>> [ ]
>>>>>>>>
>>>>>>>> From: gnso-rds-pdp-wg-bounces at icann.org [mailto: gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Lisa Phifer
>>>>>>>> Sent: Tuesday, October 10, 2017 10:19 AM
>>>>>>>> To: gnso-rds-pdp-wg at icann.org
>>>>>>>> Subject: [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 10 October Meeting
>>>>>>>> Importance: High
>>>>>>>>
>>>>>>>> Dear all,
>>>>>>>>
>>>>>>>> In follow-up to this week’s WG meeting, all RDS PDP WG Members are encouraged to participate in the following poll:
>>>>>>>>
>>>>>>>> https://www.surveymonkey.com/r/5LXJRF3
>>>>>>>>
>>>>>>>> Responses should be submitted through the above URL. For offline reference, a PDF of poll questions can also be found at:
>>>>>>>>
>>>>>>>> https://community.icann.org/download/attachments/66086772/Poll-from-10OctoberCall.pdf
>>>>>>>>
>>>>>>>> This poll will close at COB Wednesday 11 October.  Expressions of interest gathered through this poll will be used form drafting teams.
>>>>>>>>
>>>>>>>> Please note that you must be a WG Member to participate in polls. If you are a WG Observer wishing to participate in polls, you must first contact gnso-secs at icann.org to upgrade to WG Member.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Lisa
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>>
>>>>>>> --
>>>>>>> Jonathan Matkowsky
>>>>>>>
>>>>>>> ****************************** ****************************** ******* This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
>>>>>>>
>>>>>>> ****************************** ****************************** *******
>>>>>>
>>>>>> _______________________________________________
>>>>>> gnso-rds-pdp-wg mailing list
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>>
>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>> _______________________________________________
>>>>> gnso-rds-pdp-wg mailing list
>>>>> gnso-rds-pdp-wg at icann.org
>>>>>
>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>
>>>> _______________________________________________
>>>> gnso-rds-pdp-wg mailing list
>>>> gnso-rds-pdp-wg at icann.org
>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>>> --
>>> Jonathan Matkowsky
>>
>>> ************************************************************  *******
>>
>>> This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
>>>
>>> ************************************************************  *******
>
> --
> Jonathan Matkowsky
>
> *******************************************************************
> This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
>
> *******************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171013/7bfa8a01/attachment-0001.html>


More information about the gnso-rds-pdp-wg mailing list