[gnso-rds-pdp-wg] FW: IMPORTANT

jonathan matkowsky jonathan.matkowsky at riskiq.net
Sun Oct 15 07:33:07 UTC 2017


I'm sorry but I don't follow why we are having a conversation about the
difference between a directive and regulation. The point is that the
ePrivacy Directive is not superseded by GDPR. And there are those that are
saying that the ePrivacy Directive, which is in effect unless and until
amended by the regulation, supposedly has an exception for public
directories. So the question is whether that is true under the ePrivacy
Directive. Is there an exception for public directories? If so, how is that
reconcilable with the GDPR? If the ePrivacy Directive makes an exception
for public directories, and Whois is a public directory, than that seems to
be relevant since the GDPR doesn't supersede the Directive. I am not
claiming to know the law in this regard. I am merely saying that it seems
important that we find out.

On Sat, Oct 14, 2017 at 3:46 AM, Ayden Férdeline <icann at ferdeline.com>
wrote:

> I do not think we as a Working Group need to have this conversation; there
> are many resources online that can help one understand delegation, agency,
> agenda setting, and law making in the European Community. But I raised the
> point of the difference between a Directive and a Regulation because it was
> my perception that they were being treated as equivalent when (and please
> correct me if I am wrong, because I am not a lawyer) actually I think this
> is a question of legal hierarchy. From what I understand a Regulation can
> amend a Directive, and there are precedents of that happening, but I do not
> think the opposite is true (i.e. a Directive cannot supersede or amend a
> Regulation). Thanks.
>
> Ayden Férdeline
> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>
>
> -------- Original Message --------
> Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
> Local Time: 14 October 2017 10:47 AM
> UTC Time: 14 October 2017 09:47
> From: paul at law.es
> To: Ayden Férdeline <icann at ferdeline.com>
> jonathan matkowsky <jonathan.matkowsky at riskiq.net>, Stephanie Perrin <
> stephanie.perrin at mail.utoronto.ca>, gnso-rds-pdp-wg at icann.org, theo
> geurts <gtheo at xs4all.nl>
>
> A *directive* is a legal act of the *European* Union, which requires
> member states to achieve a particular result without dictating the means of
> achieving that result. It can be distinguished from *regulations* which
> are self-executing and do not require any implementing measures.
>
>
> Sent from my iPad
>
> On 13 Oct 2017, at 22:05, Ayden Férdeline <icann at ferdeline.com> wrote:
>
> Hi,
>
> Please remember that there is a difference between a Regulation (which
> GDPR is) and a Directive (which is what e-Privacy is). I think this
> distinction is important in this conversation. Thanks
>
> Best wishes,
>
> Ayden Férdeline
> Sent from ProtonMail Mobile
>
>
> On Fri, Oct 13, 2017 at 8:59 pm, jonathan matkowsky <
> jonathan.matkowsky at riskiq.net> wrote:
>
> So I am trying to piece this all together. It seems like there may be a
> possibility that the eprivacy directive will eventually be updated by the
> regulation but that there is still intense debates over the regulation,
> that GDPR doesn’t trump the directive itself, and that there may be
> exceptions in the directive for a public database when GDPR comes into
> effect.
>
> If the above is true than GDPR may not actually cover the public Whois
> when it comes into effect unless and until the regulation comes into effect
> (which is still being debated and likely won’t be resolved by the time GDPR
> comes into effect) reconciling inconsistencies between GDPR and the
> applicable privacy directive that has some kind of exception for a public
> directory?
>
> Again, it’s imperative we get clarity around this issue to do our work
> properly.
> Thanks
>
> On Fri, Oct 13, 2017 at 11:29 AM theo geurts <gtheo at xs4all.nl> wrote:
>
>>
>>
>> https://www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html
>>
>> Eprivacy seems to be delayed though
>> https://iapp.org/news/a/libe-eprivacy-vote-delayed-juri-
>> itre-and-edps-weigh-in/
>>
>>
>> Theo
>>
>>
>> On 13-10-2017 20:22, Stephanie Perrin wrote:
>>
>> I believe the Art 29 group has commented on this matter, please check
>> their website for the relevant documents, as I don't believe we have
>> included them in our document respository.
>>
>> Stephanie Perrin
>>
>> On 2017-10-13 14:16, Ayden Férdeline wrote:
>>
>> Hi Jonathan,
>>
>> the Privacy Directive, as I understand it is not superseded by GDPR
>>
>>
>> I presume you are referring to the European Union's e-Privacy Directive
>> (2002/58/EC). If so, from what I understand it is currently being updated
>> so to be consistent with the GDPR. As of last month the proposed revisions
>> were with the Council of the European Union. I'm not sure what movement
>> there has been since then.
>>
>> Best wishes,
>>
>> Ayden Férdeline
>> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>>
>>
>> -------- Original Message --------
>> Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
>> Local Time: 13 October 2017 1:51 PM
>> UTC Time: 13 October 2017 12:51
>> From: jonathan.matkowsky at riskiq.net
>> To: Chuck <consult at cgomes.com> <consult at cgomes.com>,
>> gnso-rds-pdp-wg at icann.org
>>
>> Chuck, I don’t understand how anyone can share government perspective,
>> and not represent a group in doing so.
>>
>> I wanted to know whether leadership team has decided to conduct a DPIA,
>> and if so, whether you are using the UK’s guide. I would think while it
>> makes sense to be looking at the purposes of collection, what is primary
>> and secondary cannot be the focus because that presupposes knowing who the
>> controller is. We have not yet decided that as a working group. The memo
>> did not necessarily take into account the role of offering accreditation
>> services and ICANN’s mission.
>>
>> But it appears whether it’s primary or secondary doesn’t matter for
>> purposes of defining purposes of collecting each data element.
>>
>> We are not defining the purposes of collecting Whois data but the data
>> elements of the next generation of Whois. That’s what I meant the other day
>> regarding RDS.
>>
>> To do that, we are not limited to the data elements that currently exist
>> as when we go through this exercise to fulfill ICANN’s mission from ICANN’s
>> perspective including all those involved in cybersecurity, or to offer
>> accredited registration services. The primary purpose of accredited
>> services is to fulfill the mission, and to provide that staple of a service
>> to those that register names with an accredited registrar. It seems we need
>> to carefully consider not only Spec 3 to the 2013 RAA but also Paragraph 14
>> to the 2017 global amendment to the registry agreement which says unique
>> DNS records may be supportable in the RDS if RDAP supports it. We therefore
>> need to know what RDAP can support, and at the very least need to consider
>> all elements from RFC 7485. This is not a simple exercise, and will take
>> **significant** time.
>>
>> As we undertake this, we must know from WS law firm what role the public
>> directory service plays in the Privacy Directive, as I understand it is not
>> superseded by GDPR, and Whois is a public directory. This is critical
>> analysis we are possibly missing. Can you ask them to address this ASAP
>> please?
>>
>> Thanks
>> Jonathan
>>
>> On Wed, Oct 11, 2017 at 11:35 AM Chuck <consult at cgomes.com> wrote:
>>
>>> We have 34 volunteers at present; it would help a lot if we could get a
>>> lot more so that teams will not have to cover more than one of the nine
>>> purposes.
>>>
>>>
>>>
>>> Thanks much to the 34 of you who have volunteered.  I hope many more
>>> will complete the poll and volunteer in the remaining 6 or so hours of the
>>> poll.
>>>
>>>
>>>
>>> We are particularly low for the government perspective.  Remember, team
>>> members are not being asked to represent any group but rather to share
>>> their understanding of the perspective.
>>>
>>>
>>>
>>> Chuck
>>>
>>>
>>>
>>>
>>> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:
>>> gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Lisa Phifer
>>> *Sent:* Tuesday, October 10, 2017 10:19 AM
>>> *To:* gnso-rds-pdp-wg at icann.org
>>> *Subject:* [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 10
>>> October Meeting
>>> *Importance:* High
>>>
>>>
>>>
>>>
>>> Dear all,
>>>
>>>
>>>
>>> In follow-up to this week’s WG meeting, *all RDS PDP WG Members* are
>>> encouraged to participate in the following poll:
>>>
>>>
>>>
>>> https://www.surveymonkey.com/r/5LXJRF3
>>>
>>>
>>>
>>> Responses should be submitted through the above URL. For offline
>>> reference, a PDF of poll questions can also be found at:
>>>
>>>
>>>
>>> https://community.icann.org/download/attachments/66086772/
>>> Poll-from-10OctoberCall.pdf
>>>
>>>
>>>
>>> *This poll will close at COB Wednesday 11 October.  Expressions of
>>> interest gathered through this poll will be used form drafting teams.*
>>>
>>>
>>>
>>> Please note that you *must be a WG Member* to participate in polls. If
>>> you are a WG Observer wishing to participate in polls, you must first
>>> contact gnso-secs at icann.org to upgrade to WG Member.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Lisa
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>
>> --
>> Jonathan Matkowsky
>>
>> ****************************** ****************************** *******
>> This message was sent from RiskIQ, and is intended only for the
>> designated recipient(s). It may contain confidential or proprietary
>> information and may be subject to confidentiality protections. If you are
>> not a designated recipient, you may not review, copy or distribute this
>> message. If you receive this in error, please notify the sender by reply
>> e-mail and delete this message. Thank you.
>>
>>
>> ****************************** ****************************** *******
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
> --
> Jonathan Matkowsky
>
> ************************************************************ *******
> This message was sent from RiskIQ, and is intended only for the designated
> recipient(s). It may contain confidential or proprietary information and
> may be subject to confidentiality protections. If you are not a designated
> recipient, you may not review, copy or distribute this message. If you
> receive this in error, please notify the sender by reply e-mail and delete
> this message. Thank you.
>
>
> ************************************************************ *******
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>

-- 
*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated 
recipient(s). It may contain confidential or proprietary information and 
may be subject to confidentiality protections. If you are not a designated 
recipient, you may not review, copy or distribute this message. If you 
receive this in error, please notify the sender by reply e-mail and delete 
this message. Thank you.

*******************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171015/3063f581/attachment-0001.html>


More information about the gnso-rds-pdp-wg mailing list