[gnso-rds-pdp-wg] FW: IMPORTANT
jonathan matkowsky
jonathan.matkowsky at riskiq.net
Tue Oct 17 08:58:12 UTC 2017
Thanks- I meant do you know which provision of the ePrivacy Directive makes
an exception for public databases so I can take a look at why some think it
may apply to Whois?
On Tue, Oct 17, 2017 at 1:53 AM Volker Greimann <vgreimann at key-systems.net>
wrote:
> Sure although I doubt there is a need to waste money on a legal review as
> the below is self-evident.
>
> To collect, store (and publish, in some cases) certain information, there
> has to be a legal requirement or a legal right to do so. For example, car
> ownership legislation usually requires the registration of the owner of the
> car in a public register, but there is no requirement to register the
> actual driver. Incorporating a legal entity requires by law certain data to
> be entered into a register that may be public or not, depending on
> jurisdiction. Gun ownership in some jurisdiction requires registration of
> the gun, the owner or both in a usually non-public register. In some
> jurisdictions, criminals that have served their time will have to register
> when moving into areas where such jurisdition applies. In Europe, the
> operator of the website is required to publish certain information about
> himself in an easy-to-find section of the website. Internet service
> providers may be required by law to keep connection data of their customers
> for longer than actually needed for business practices.
>
> All these rules impact the right of private individuals to their own data,
> but this impact is permitted due to the legal basis (I am not going into
> the many cases where legal requirements have been overturned in court as
> the impact on the rights was unjustified or overly deep).
>
> No such legal requirement exists for domain ownership. There are private
> policies, agreements between parties, but none of these are actually
> allowed to supersede legal requirements for the protection of such data. In
> other words, these do not create an exception to the legal requirements but
> have to work within their limits.
>
> So, concluding, whatever we discuss, it cannot violate data privacy
> rights. If it did, the policy would be unenforceable or even void. Let's
> not fool ourselves into believing such legal rights can be waived, as the
> legal protections against that are rather strong. For example, while a data
> subject can provide consent, the GDPR puts very significant constraints on
> this, how it can be obtained, how it can be revoked and what the
> consequences of either are. For example, we cannot require consent as a
> contractual condition and we cannot revoke the registration if consent is
> revoked as that would violate the requirement that consent must be "freely
> given".
>
> Volker
>
> Am 17.10.2017 um 03:09 schrieb jonathan matkowsky:
>
> I respect that may be the case but can we get some unbiased analysis in
> this regard similar to what we’ve done recently? I’m not saying I’m any
> less biased here than you are. I’m just trying to gather the relevant
> facts. Can you elaborate on below please?
>
> On Mon, Oct 16, 2017 at 2:07 AM Volker Greimann <vgreimann at key-systems.net>
> wrote:
>
>> We will also have to differentiate etween public directories that exist
>> due to a legislatory requirement and those that have come into being
>> without any such justification due to "reasons".
>>
>> Best,
>>
>> Volker
>>
>> Am 15.10.2017 um 09:42 schrieb jonathan matkowsky:
>>
>> Hi, Ayden. I am catching up. The thing I don't get is that we need to
>> look at whether there is an exception made for public directories in the
>> ePrivacy Directive. If there is such an exception, and it is also the case
>> that GDPR doesn't supersede the ePrivacy Directive, than I am having
>> difficulty reconciling that. I think we should ask ICANN staff if they have
>> looked into this issue or come across it--so we have taken this into
>> consideration without having to guess.
>>
>> On Fri, Oct 13, 2017 at 2:04 PM, Ayden Férdeline <icann at ferdeline.com>
>> wrote:
>>
>>> Hi Jonathan,
>>>
>>> It might indeed be a Regulation if adopted, but this is just a proposal
>>> for now. Paragraph 30 of the European Commission's proposed text states,
>>> "The right to privacy and to protection of the personal data of a natural
>>> person requires that end-users that are natural persons are asked for
>>> consent before their personal data are included in a directory. The
>>> legitimate interest of legal entities requires that end-users that are
>>> legal entities have the right to object to the data related to them being
>>> included in a directory."
>>>
>>> I do not think it is appropriate for us as a Working Group to try to
>>> predict what the outcome will be here; will the proposed text change [this
>>> clause hasn't changed over the past 12 months...], will it be adopted at
>>> all? I think it will be more productive if we stick with what is
>>> definitive; that GDPR has been adopted and enforcement begins in May 2018,
>>> and yes, the e-Privacy Directive from 2002 (and again, not a Regulation)
>>> has been transposed into national laws in EU member states.
>>>
>>> I think the best thing we can do is rely on the legal advice that was
>>> commissioned for us, and tailored to respond to the questions that we as a
>>> working group sought answers to. Among them, I draw your attention to the
>>> answer to question 9. I think the final paragraph, which discusses
>>> proportionality in the context of publicly accessible databases, is very
>>> relevant when you cite the e-Privacy Directive's references to subscriber
>>> directories. Thanks.
>>>
>>> Best wishes,
>>>
>>> Ayden Férdeline
>>> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>>>
>>>
>>> -------- Original Message --------
>>> Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
>>> Local Time: 13 October 2017 9:23 PM
>>> UTC Time: 13 October 2017 20:23
>>> From: jonathan.matkowsky at riskiq.net
>>> To: Ayden Férdeline <icann at ferdeline.com>, Stephanie Perrin <
>>> stephanie.perrin at mail.utoronto.ca>, gnso-rds-pdp-wg at icann.org, theo
>>> geurts <gtheo at xs4all.nl>
>>>
>>> I think the proposed amendment to the eprivacy directive in effect is
>>> being debated as a regulation
>>>
>>>
>>> http://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_comments_on_the_proposal_for_an_eprivacy_regulation_final_draft_11_september_2017.pdf
>>>
>>> On Fri, Oct 13, 2017 at 1:05 PM Ayden Férdeline <icann at ferdeline.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Please remember that there is a difference between a Regulation (which
>>>> GDPR is) and a Directive (which is what e-Privacy is). I think this
>>>> distinction is important in this conversation. Thanks
>>>>
>>>> Best wishes,
>>>>
>>>> Ayden Férdeline
>>>> Sent from ProtonMail Mobile
>>>>
>>>>
>>>> On Fri, Oct 13, 2017 at 8:59 pm, jonathan matkowsky <
>>>> jonathan.matkowsky at riskiq.net> wrote:
>>>>
>>>> So I am trying to piece this all together. It seems like there may be a
>>>> possibility that the eprivacy directive will eventually be updated by the
>>>> regulation but that there is still intense debates over the regulation,
>>>> that GDPR doesn’t trump the directive itself, and that there may be
>>>> exceptions in the directive for a public database when GDPR comes into
>>>> effect.
>>>>
>>>> If the above is true than GDPR may not actually cover the public Whois
>>>> when it comes into effect unless and until the regulation comes into effect
>>>> (which is still being debated and likely won’t be resolved by the time GDPR
>>>> comes into effect) reconciling inconsistencies between GDPR and the
>>>> applicable privacy directive that has some kind of exception for a public
>>>> directory?
>>>>
>>>> Again, it’s imperative we get clarity around this issue to do our work
>>>> properly.
>>>> Thanks
>>>>
>>>> On Fri, Oct 13, 2017 at 11:29 AM theo geurts <gtheo at xs4all.nl> wrote:
>>>>
>>>>>
>>>>>
>>>>> https://www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html
>>>>>
>>>>> Eprivacy seems to be delayed though
>>>>>
>>>>> https://iapp.org/news/a/libe-eprivacy-vote-delayed-juri-itre-and-edps-weigh-in/
>>>>>
>>>>>
>>>>> Theo
>>>>>
>>>>>
>>>>> On 13-10-2017 20:22, Stephanie Perrin wrote:
>>>>>
>>>>> I believe the Art 29 group has commented on this matter, please check
>>>>> their website for the relevant documents, as I don't believe we have
>>>>> included them in our document respository.
>>>>>
>>>>> Stephanie Perrin
>>>>>
>>>>> On 2017-10-13 14:16, Ayden Férdeline wrote:
>>>>>
>>>>> Hi Jonathan,
>>>>>
>>>>> the Privacy Directive, as I understand it is not superseded by GDPR
>>>>>
>>>>>
>>>>> I presume you are referring to the European Union's e-Privacy
>>>>> Directive (2002/58/EC). If so, from what I understand it is currently being
>>>>> updated so to be consistent with the GDPR. As of last month the proposed
>>>>> revisions were with the Council of the European Union. I'm not sure what
>>>>> movement there has been since then.
>>>>>
>>>>> Best wishes,
>>>>>
>>>>> Ayden Férdeline
>>>>> linkedin.com/in/ferdeline <http://www.linkedin.com/in/ferdeline>
>>>>>
>>>>>
>>>>> -------- Original Message --------
>>>>> Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
>>>>> Local Time: 13 October 2017 1:51 PM
>>>>> UTC Time: 13 October 2017 12:51
>>>>> From: jonathan.matkowsky at riskiq.net
>>>>> To: Chuck <consult at cgomes.com> <consult at cgomes.com>,
>>>>> gnso-rds-pdp-wg at icann.org
>>>>>
>>>>> Chuck, I don’t understand how anyone can share government perspective,
>>>>> and not represent a group in doing so.
>>>>>
>>>>> I wanted to know whether leadership team has decided to conduct a
>>>>> DPIA, and if so, whether you are using the UK’s guide. I would think while
>>>>> it makes sense to be looking at the purposes of collection, what is primary
>>>>> and secondary cannot be the focus because that presupposes knowing who the
>>>>> controller is. We have not yet decided that as a working group. The memo
>>>>> did not necessarily take into account the role of offering accreditation
>>>>> services and ICANN’s mission.
>>>>>
>>>>> But it appears whether it’s primary or secondary doesn’t matter for
>>>>> purposes of defining purposes of collecting each data element.
>>>>>
>>>>> We are not defining the purposes of collecting Whois data but the data
>>>>> elements of the next generation of Whois. That’s what I meant the other day
>>>>> regarding RDS.
>>>>>
>>>>> To do that, we are not limited to the data elements that currently
>>>>> exist as when we go through this exercise to fulfill ICANN’s mission from
>>>>> ICANN’s perspective including all those involved in cybersecurity, or to
>>>>> offer accredited registration services. The primary purpose of accredited
>>>>> services is to fulfill the mission, and to provide that staple of a service
>>>>> to those that register names with an accredited registrar. It seems we need
>>>>> to carefully consider not only Spec 3 to the 2013 RAA but also Paragraph 14
>>>>> to the 2017 global amendment to the registry agreement which says unique
>>>>> DNS records may be supportable in the RDS if RDAP supports it. We therefore
>>>>> need to know what RDAP can support, and at the very least need to consider
>>>>> all elements from RFC 7485. This is not a simple exercise, and will take
>>>>> **significant** time.
>>>>>
>>>>> As we undertake this, we must know from WS law firm what role the
>>>>> public directory service plays in the Privacy Directive, as I understand it
>>>>> is not superseded by GDPR, and Whois is a public directory. This is
>>>>> critical analysis we are possibly missing. Can you ask them to address this
>>>>> ASAP please?
>>>>>
>>>>> Thanks
>>>>> Jonathan
>>>>>
>>>>> On Wed, Oct 11, 2017 at 11:35 AM Chuck <consult at cgomes.com> wrote:
>>>>>
>>>>>> We have 34 volunteers at present; it would help a lot if we could get
>>>>>> a lot more so that teams will not have to cover more than one of the nine
>>>>>> purposes.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks much to the 34 of you who have volunteered. I hope many more
>>>>>> will complete the poll and volunteer in the remaining 6 or so hours of the
>>>>>> poll.
>>>>>>
>>>>>>
>>>>>>
>>>>>> We are particularly low for the government perspective. Remember,
>>>>>> team members are not being asked to represent any group but rather to share
>>>>>> their understanding of the perspective.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Chuck
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:
>>>>>> gnso-rds-pdp-wg-bounces at icann.org] *On Behalf Of *Lisa Phifer
>>>>>> *Sent:* Tuesday, October 10, 2017 10:19 AM
>>>>>> *To:* gnso-rds-pdp-wg at icann.org
>>>>>> *Subject:* [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 10
>>>>>> October Meeting
>>>>>> *Importance:* High
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Dear all,
>>>>>>
>>>>>>
>>>>>>
>>>>>> In follow-up to this week’s WG meeting, *all RDS PDP WG Members* are
>>>>>> encouraged to participate in the following poll:
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://www.surveymonkey.com/r/5LXJRF3
>>>>>>
>>>>>>
>>>>>>
>>>>>> Responses should be submitted through the above URL. For offline
>>>>>> reference, a PDF of poll questions can also be found at:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://community.icann.org/download/attachments/66086772/Poll-from-10OctoberCall.pdf
>>>>>>
>>>>>>
>>>>>>
>>>>>> *This poll will close at COB Wednesday 11 October. Expressions of
>>>>>> interest gathered through this poll will be used form drafting teams.*
>>>>>>
>>>>>>
>>>>>>
>>>>>> Please note that you *must be a WG Member* to participate in polls.
>>>>>> If you are a WG Observer wishing to participate in polls, you must first
>>>>>> contact gnso-secs at icann.org to upgrade to WG Member.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Lisa
>>>>>> _______________________________________________
>>>>>> gnso-rds-pdp-wg mailing list
>>>>>> gnso-rds-pdp-wg at icann.org
>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>>
>>>>> --
>>>>> Jonathan Matkowsky
>>>>>
>>>>> ****************************** ****************************** *******
>>>>> This message was sent from RiskIQ, and is intended only for the
>>>>> designated recipient(s). It may contain confidential or proprietary
>>>>> information and may be subject to confidentiality protections. If you are
>>>>> not a designated recipient, you may not review, copy or distribute this
>>>>> message. If you receive this in error, please notify the sender by reply
>>>>> e-mail and delete this message. Thank you.
>>>>>
>>>>>
>>>>> ****************************** ****************************** *******
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> gnso-rds-pdp-wg mailing list
>>>>> gnso-rds-pdp-wg at icann.org
>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>>>>
>>>> --
>>>> Jonathan Matkowsky
>>>>
>>>> ************************************************************ *******
>>>>
>>>> This message was sent from RiskIQ, and is intended only for the
>>>> designated recipient(s). It may contain confidential or proprietary
>>>> information and may be subject to confidentiality protections. If you are
>>>> not a designated recipient, you may not review, copy or distribute this
>>>> message. If you receive this in error, please notify the sender by reply
>>>> e-mail and delete this message. Thank you.
>>>>
>>>>
>>>> ************************************************************ *******
>>>>
>>>> --
>>> Jonathan Matkowsky
>>>
>>> *******************************************************************
>>> This message was sent from RiskIQ, and is intended only for the
>>> designated recipient(s). It may contain confidential or proprietary
>>> information and may be subject to confidentiality protections. If you are
>>> not a designated recipient, you may not review, copy or distribute this
>>> message. If you receive this in error, please notify the sender by reply
>>> e-mail and delete this message. Thank you.
>>>
>>>
>>> *******************************************************************
>>>
>>>
>>>
>>
>> *******************************************************************
>> This message was sent from RiskIQ, and is intended only for the
>> designated recipient(s). It may contain confidential or proprietary
>> information and may be subject to confidentiality protections. If you are
>> not a designated recipient, you may not review, copy or distribute this
>> message. If you receive this in error, please notify the sender by reply
>> e-mail and delete this message. Thank you.******************************
>> *************************************
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>>
>> --
>> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>>
>> Mit freundlichen Grüßen,
>>
>> Volker A. Greimann
>> - Rechtsabteilung -
>>
>> Key-Systems GmbHIm Oberen Werk 1
>> 66386 St. Ingbert <https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>>
>> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
>>
>> Geschäftsführer: Alexander Siffrin
>> Handelsregister Nr.: HR B 18835 - Saarbruecken
>> Umsatzsteuer ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUPwww.keydrive.lu
>>
>> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>>
>> --------------------------------------------
>>
>> Should you have any further questions, please do not hesitate to contact us.
>>
>> Best regards,
>>
>> Volker A. Greimann
>> - legal department -
>>
>> Key-Systems GmbHIm Oberen Werk 1
>> 66386 St. Ingbert <https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>
>> Tel.: +49 (0) 6894 - 9396 901
>> Fax.: +49 (0) 6894 - 9396 851
>> Email: vgreimann at key-systems.net
>>
>> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>>
>> Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
>>
>> CEO: Alexander Siffrin
>> Registration No.: HR B 18835 - Saarbruecken
>> V.A.T. ID.: DE211006534
>>
>> Member of the KEYDRIVE GROUPwww.keydrive.lu
>>
>> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>>
>>
>>
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> --
> Jonathan Matkowsky
>
> *******************************************************************
> This message was sent from RiskIQ, and is intended only for the designated
> recipient(s). It may contain confidential or proprietary information and
> may be subject to confidentiality protections. If you are not a designated
> recipient, you may not review, copy or distribute this message. If you
> receive this in error, please notify the sender by reply e-mail and delete
> this message. Thank you.******************************
> *************************************
>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbHIm Oberen Werk 1
> 66386 St. Ingbert <https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUPwww.keydrive.lu
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbHIm Oberen Werk 1
> 66386 St. Ingbert <https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUPwww.keydrive.lu
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
> --
Jonathan Matkowsky
--
*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated
recipient(s). It may contain confidential or proprietary information and
may be subject to confidentiality protections. If you are not a designated
recipient, you may not review, copy or distribute this message. If you
receive this in error, please notify the sender by reply e-mail and delete
this message. Thank you.
*******************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171017/7671ed3a/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list