[gnso-rds-pdp-wg] FW: IMPORTANT

Michele Neylon - Blacknight michele at blacknight.com
Tue Oct 17 12:25:46 UTC 2017 

I’d recommend you read the letters from Article 29 as they make clear references to multiple directives etc



--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of jonathan matkowsky <jonathan.matkowsky at riskiq.net>
Date: Tuesday 17 October 2017 at 09:58
To: Volker Greimann <vgreimann at key-systems.net>, "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT

Thanks- I meant do you know which provision of the ePrivacy Directive makes an exception for public databases so I can take a look at why some think it may apply to Whois?

On Tue, Oct 17, 2017 at 1:53 AM Volker Greimann <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:

Sure although I doubt there is a need to waste money on a legal review as the below is self-evident.

To collect, store (and publish, in some cases) certain information, there has to be a legal requirement or a legal right to do so. For example, car ownership legislation usually requires the registration of the owner of the car in a public register, but there is no requirement to register the actual driver. Incorporating a legal entity requires by law certain data to be entered into a register that may be public or not, depending on jurisdiction. Gun ownership in some jurisdiction requires registration of the gun, the owner or both in a usually non-public register. In some jurisdictions, criminals that have served their time will have to register when moving into areas where such jurisdition applies. In Europe, the operator of the website is required to publish certain information about himself in an easy-to-find section of the website. Internet service providers may be required by law to keep connection data of their customers for longer than actually needed for business practices.

All these rules impact the right of private individuals to their own data, but this impact is permitted due to the legal basis (I am not going into the many cases where legal requirements have been overturned in court as the impact on the rights was unjustified or overly deep).

No such legal requirement exists for domain ownership. There are private policies, agreements between parties, but none of these are actually allowed to supersede legal requirements for the protection of such data. In other words, these do not create an exception to the legal requirements but have to work within their limits.

So, concluding, whatever we discuss, it cannot violate data privacy rights. If it did, the policy would be unenforceable or even void. Let's not fool ourselves into believing such legal rights can be waived, as the legal protections against that are rather strong. For example, while a data subject can provide consent, the GDPR puts very significant constraints on this, how it can be obtained, how it can be revoked and what the consequences of either are. For example, we cannot require consent as a contractual condition and we cannot revoke the registration if consent is revoked as that would violate the requirement that consent must be "freely given".

Volker

Am 17.10.2017 um 03:09 schrieb jonathan matkowsky:
I respect that may be the case but can we get some unbiased analysis in this regard similar to what we’ve done recently? I’m not saying I’m any less biased here than you are. I’m just trying to gather the relevant facts. Can you elaborate on below please?

On Mon, Oct 16, 2017 at 2:07 AM Volker Greimann <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:

We will also have to differentiate etween public directories that exist due to a legislatory requirement and those that have come into being without any such justification due to "reasons".

Best,

Volker

Am 15.10.2017 um 09:42 schrieb jonathan matkowsky:
Hi, Ayden. I am catching up. The thing I don't get is that we need to look at whether there is an exception made for public directories in the ePrivacy Directive. If there is such an exception, and it is also the case that GDPR doesn't supersede the ePrivacy Directive, than I am having difficulty reconciling that. I think we should ask ICANN staff if they have looked into this issue or come across it--so we have taken this into consideration without having to guess.

On Fri, Oct 13, 2017 at 2:04 PM, Ayden Férdeline <icann at ferdeline.com<mailto:icann at ferdeline.com>> wrote:
Hi Jonathan,

It might indeed be a Regulation if adopted, but this is just a proposal for now. Paragraph 30 of the European Commission's proposed text states, "The right to privacy and to protection of the personal data of a natural person requires that end-users that are natural persons are asked for consent before their personal data are included in a directory. The legitimate interest of legal entities requires that end-users that are legal entities have the right to object to the data related to them being included in a directory."

I do not think it is appropriate for us as a Working Group to try to predict what the outcome will be here; will the proposed text change [this clause hasn't changed over the past 12 months...], will it be adopted at all? I think it will be more productive if we stick with what is definitive; that GDPR has been adopted and enforcement begins in May 2018, and yes, the e-Privacy Directive from 2002 (and again, not a Regulation) has been transposed into national laws in EU member states.

I think the best thing we can do is rely on the legal advice that was commissioned for us, and tailored to respond to the questions that we as a working group sought answers to. Among them, I draw your attention to the answer to question 9. I think the final paragraph, which discusses proportionality in the context of publicly accessible databases, is very relevant when you cite the e-Privacy Directive's references to subscriber directories. Thanks.

Best wishes,

Ayden Férdeline
linkedin.com/in/ferdeline<http://www.linkedin.com/in/ferdeline>


-------- Original Message --------
Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
Local Time: 13 October 2017 9:23 PM
UTC Time: 13 October 2017 20:23
From: jonathan.matkowsky at riskiq.net<mailto:jonathan.matkowsky at riskiq.net>
To: Ayden Férdeline <icann at ferdeline.com<mailto:icann at ferdeline.com>>, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>>, gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>, theo geurts <gtheo at xs4all.nl<mailto:gtheo at xs4all.nl>>

I think the proposed amendment to the eprivacy directive in effect is being debated as a regulation

http://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_comments_on_the_proposal_for_an_eprivacy_regulation_final_draft_11_september_2017.pdf

On Fri, Oct 13, 2017 at 1:05 PM Ayden Férdeline <icann at ferdeline.com<mailto:icann at ferdeline.com>> wrote:
Hi,

Please remember that there is a difference between a Regulation (which GDPR is) and a Directive (which is what e-Privacy is). I think this distinction is important in this conversation. Thanks

Best wishes,

Ayden Férdeline
Sent from ProtonMail Mobile


On Fri, Oct 13, 2017 at 8:59 pm, jonathan matkowsky <jonathan.matkowsky at riskiq.net<mailto:jonathan.matkowsky at riskiq.net>> wrote:
So I am trying to piece this all together. It seems like there may be a possibility that the eprivacy directive will eventually be updated by the regulation but that there is still intense debates over the regulation, that GDPR doesn’t trump the directive itself, and that there may be exceptions in the directive for a public database when GDPR comes into effect.

If the above is true than GDPR may not actually cover the public Whois when it comes into effect unless and until the regulation comes into effect (which is still being debated and likely won’t be resolved by the time GDPR comes into effect) reconciling inconsistencies between GDPR and the applicable privacy directive that has some kind of exception for a public directory?

Again, it’s imperative we get clarity around this issue to do our work properly.
Thanks

On Fri, Oct 13, 2017 at 11:29 AM theo geurts <gtheo at xs4all.nl<mailto:gtheo at xs4all.nl>> wrote:



https://www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html

Eprivacy seems to be delayed though
https://iapp.org/news/a/libe-eprivacy-vote-delayed-juri-itre-and-edps-weigh-in/


Theo


On 13-10-2017 20:22, Stephanie Perrin wrote:

I believe the Art 29 group has commented on this matter, please check their website for the relevant documents, as I don't believe we have included them in our document respository.

Stephanie Perrin

On 2017-10-13 14:16, Ayden Férdeline wrote:
Hi Jonathan,

the Privacy Directive, as I understand it is not superseded by GDPR

I presume you are referring to the European Union's e-Privacy Directive (2002/58/EC). If so, from what I understand it is currently being updated so to be consistent with the GDPR. As of last month the proposed revisions were with the Council of the European Union. I'm not sure what movement there has been since then.

Best wishes,

Ayden Férdeline
linkedin.com/in/ferdeline<http://www.linkedin.com/in/ferdeline>


-------- Original Message --------
Subject: Re: [gnso-rds-pdp-wg] FW: IMPORTANT
Local Time: 13 October 2017 1:51 PM
UTC Time: 13 October 2017 12:51
From: jonathan.matkowsky at riskiq.net<mailto:jonathan.matkowsky at riskiq.net>
To: Chuck <consult at cgomes.com><mailto:consult at cgomes.com>, gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>

Chuck, I don’t understand how anyone can share government perspective, and not represent a group in doing so.

I wanted to know whether leadership team has decided to conduct a DPIA, and if so, whether you are using the UK’s guide. I would think while it makes sense to be looking at the purposes of collection, what is primary and secondary cannot be the focus because that presupposes knowing who the controller is. We have not yet decided that as a working group. The memo did not necessarily take into account the role of offering accreditation services and ICANN’s mission.

But it appears whether it’s primary or secondary doesn’t matter for purposes of defining purposes of collecting each data element.

We are not defining the purposes of collecting Whois data but the data elements of the next generation of Whois. That’s what I meant the other day regarding RDS.

To do that, we are not limited to the data elements that currently exist as when we go through this exercise to fulfill ICANN’s mission from ICANN’s perspective including all those involved in cybersecurity, or to offer accredited registration services. The primary purpose of accredited services is to fulfill the mission, and to provide that staple of a service to those that register names with an accredited registrar. It seems we need to carefully consider not only Spec 3 to the 2013 RAA but also Paragraph 14 to the 2017 global amendment to the registry agreement which says unique DNS records may be supportable in the RDS if RDAP supports it. We therefore need to know what RDAP can support, and at the very least need to consider all elements from RFC 7485. This is not a simple exercise, and will take **significant** time.

As we undertake this, we must know from WS law firm what role the public directory service plays in the Privacy Directive, as I understand it is not superseded by GDPR, and Whois is a public directory. This is critical analysis we are possibly missing. Can you ask them to address this ASAP please?

Thanks
Jonathan

On Wed, Oct 11, 2017 at 11:35 AM Chuck <consult at cgomes.com<mailto:consult at cgomes.com>> wrote:
We have 34 volunteers at present; it would help a lot if we could get a lot more so that teams will not have to cover more than one of the nine purposes.

Thanks much to the 34 of you who have volunteered.  I hope many more will complete the poll and volunteer in the remaining 6 or so hours of the poll.

We are particularly low for the government perspective.  Remember, team members are not being asked to represent any group but rather to share their understanding of the perspective.

Chuck



From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>] On Behalf Of Lisa Phifer
Sent: Tuesday, October 10, 2017 10:19 AM
To: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: [gnso-rds-pdp-wg] IMPORTANT: Invitation for Poll from 10 October Meeting
Importance: High



Dear all,

In follow-up to this week’s WG meeting, all RDS PDP WG Members are encouraged to participate in the following poll:

https://www.surveymonkey.com/r/5LXJRF3

Responses should be submitted through the above URL. For offline reference, a PDF of poll questions can also be found at:

https://community.icann.org/download/attachments/66086772/Poll-from-10OctoberCall.pdf

This poll will close at COB Wednesday 11 October.  Expressions of interest gathered through this poll will be used form drafting teams.

Please note that you must be a WG Member to participate in polls. If you are a WG Observer wishing to participate in polls, you must first contact gnso-secs at icann.org<mailto:gnso-secs at icann.org> to upgrade to WG Member.

Regards,
Lisa
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
Jonathan Matkowsky

****************************** ****************************** *******
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.


****************************** ****************************** *******




_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg




_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
Jonathan Matkowsky

************************************************************ *******
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.


************************************************************ *******
--
Jonathan Matkowsky

*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.


*******************************************************************



*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.*******************************************************************


_______________________________________________

gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg


--

Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.



Mit freundlichen Grüßen,



Volker A. Greimann

- Rechtsabteilung -



Key-Systems GmbH

Im Oberen Werk 1<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

66386 St. Ingbert<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

Tel.: +49 (0) 6894 - 9396 901

Fax.: +49 (0) 6894 - 9396 851

Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>



Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>

www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>



Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:

www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>

www.twitter.com/key_systems<http://www.twitter.com/key_systems>



Geschäftsführer: Alexander Siffrin

Handelsregister Nr.: HR B 18835 - Saarbruecken

Umsatzsteuer ID.: DE211006534



Member of the KEYDRIVE GROUP

www.keydrive.lu<http://www.keydrive.lu>



Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.



--------------------------------------------



Should you have any further questions, please do not hesitate to contact us.



Best regards,



Volker A. Greimann

- legal department -



Key-Systems GmbH

Im Oberen Werk 1<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

66386 St. Ingbert<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

Tel.: +49 (0) 6894 - 9396 901

Fax.: +49 (0) 6894 - 9396 851

Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>



Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>

www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>



Follow us on Twitter or join our fan community on Facebook and stay updated:

www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>

www.twitter.com/key_systems<http://www.twitter.com/key_systems>



CEO: Alexander Siffrin

Registration No.: HR B 18835 - Saarbruecken

V.A.T. ID.: DE211006534



Member of the KEYDRIVE GROUP

www.keydrive.lu<http://www.keydrive.lu>



This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.






_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
Jonathan Matkowsky

*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.*******************************************************************



--

Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.



Mit freundlichen Grüßen,



Volker A. Greimann

- Rechtsabteilung -



Key-Systems GmbH

Im Oberen Werk 1<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

66386 St. Ingbert<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

Tel.: +49 (0) 6894 - 9396 901

Fax.: +49 (0) 6894 - 9396 851

Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>



Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>

www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>



Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:

www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>

www.twitter.com/key_systems<http://www.twitter.com/key_systems>



Geschäftsführer: Alexander Siffrin

Handelsregister Nr.: HR B 18835 - Saarbruecken

Umsatzsteuer ID.: DE211006534



Member of the KEYDRIVE GROUP

www.keydrive.lu<http://www.keydrive.lu>



Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.



--------------------------------------------



Should you have any further questions, please do not hesitate to contact us.



Best regards,



Volker A. Greimann

- legal department -



Key-Systems GmbH

Im Oberen Werk 1<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

66386 St. Ingbert<https://maps.google.com/?q=Im+Oberen+Werk+1%0D+66386+St.+Ingbert&entry=gmail&source=g>

Tel.: +49 (0) 6894 - 9396 901

Fax.: +49 (0) 6894 - 9396 851

Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>



Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>

www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>



Follow us on Twitter or join our fan community on Facebook and stay updated:

www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>

www.twitter.com/key_systems<http://www.twitter.com/key_systems>



CEO: Alexander Siffrin

Registration No.: HR B 18835 - Saarbruecken

V.A.T. ID.: DE211006534



Member of the KEYDRIVE GROUP

www.keydrive.lu<http://www.keydrive.lu>



This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.






--
Jonathan Matkowsky

*******************************************************************
This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.
*******************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171017/4f4d0639/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list