[gnso-rds-pdp-wg] another document that might be of interest

David Cake dave at davecake.net
Sun Oct 22 19:33:40 UTC 2017 

> On 22 Oct 2017, at 9:38 pm, John Bambenek <jcb at bambenekconsulting.com> wrote:
> 
> I would argue that their views are uninformed on other points of view or other changes that could be made that would satisfy their objectives which is similar but has important differences. So I disagree we are at the point we are violating EU law. 

	Lets just say that two law firms with significant GDPR experience have now commented, and you seem to disagree with both, and the DPAs. 

> 
> EU DPAs may never change their mind. I’ll just get US law changed so that US entities offering domains have to list ownership information which means most if not all of the gTLDs I care about if not ICANN also.

	I think it would be for the best if the working group, and you, proceeded with current law until you have succeeded in getting US law changed. Please let us know when you have achieved that. 


> We aren’t there yet because the DPAs are only starting to hear from us. Until now these discussions were populated by ICANN and registrars/registries who want whois to go away anyway. 

	The idea that ICANN wants whois to go away does not accord with observed behaviour. 
> 
> This solitary focus on EU law presupposes that people believe that of the laws of the ~200 countries in the world, it is EU law that should be the controlling force of internet governance. Is that what you are saying?

	Privacy law in most of the world tends to follow the EU, and it is likely that if we designed a system that functioned under EU law it would work under the law of the vast majority of the world, Until you get US law changed, So you’d better get onto that. 

David

> 
> --
> John Bambenek
> 
> On Oct 22, 2017, at 01:13, David Cake <dave at davecake.net <mailto:dave at davecake.net>> wrote:
> 
>> John, if that is you acknowledging that the current advice from DPAs (and legal advice) does not concur with the position the abuse and security community (or at least, the part of it that you represent) that is at least a step forward. 
>> 
>> You may be significantly more optimistic about the chances of the DPAs changing their position in response to hearing your concerns than others are. If you could, perhaps, set out some future circumstances under which you might might acknowledge that this effort had failed and we could proceed to move discussion forward under the basis of current EU law rather than a possible future in which you are able to change it to suit your preferences, that would be helpful. 
>> 
>> Davud
>> 
>> 
>>> On 21 Oct 2017, at 8:41 am, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>> wrote:
>>> 
>>> Not the last few items discussed, no. That said I have been traveling from the past few weeks and need to read them side by side for a definitive synthesis. That aside, my primary concern is that said officials are not hearing enough from the anti-abuse and security community on these tools to have a more fully informed discussion. We are working to rectify that. 
>>> 
>>> Sent from my iPad
>>> 
>>> On Oct 21, 2017, at 2:35 AM, Ayden Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com>> wrote:
>>> 
>>>> My apologies, John. It was not clear to me that you had read the memo. I am glad to hear that you have. Particularly in relation to consent, I thought the advice that the memo contained (along with the Hamilton memo) was consistent with the advice that we received from the European Data Protection Commissioners earlier this year. Would you agree?
>>>> 
>>>> —Ayden
>>>> 
>>>> 
>>>>> -------- Original Message --------
>>>>> Subject: Re: [gnso-rds-pdp-wg] another document that might be of interest
>>>>> Local Time: 21 October 2017 1:27 AM
>>>>> UTC Time: 21 October 2017 00:27
>>>>> From: jcb at bambenekconsulting.com <mailto:jcb at bambenekconsulting.com>
>>>>> To: Ayden Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com>>
>>>>> Victoria Sheckler <vsheckler at riaa.com <mailto:vsheckler at riaa.com>>, GNSO RDS PDP <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>> 
>>>>> Yes, I believe I pointed out on this very list that among other things, the notion the EU law should reign supreme globally even when it conflicts with local laws as patently offensive, among other things. 
>>>>> 
>>>>> Is there a particular outcome that you are trying to achieve by insinuating that I am ignorant and not reading the mounds of paperwork generated by this group? I mean besides the continual, consistent, and vigorous disrespect shown to those who work in anti-abuse or security?
>>>>> 
>>>>> And if you’d like an analysis of the legal memo it is this: it is always better to take the word of the regulators over merely that of some lawfirm. Which is what I thought we were actually talking about in the first place. 
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> John Bambenek
>>>>> 
>>>>> On Oct 20, 2017, at 19:10, Ayden Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com>> wrote:
>>>>>> John,
>>>>>> 
>>>>>> Have you read the legal memo that we received from Wilson Sonsini Goodrich & Rosati? 
>>>>>> 
>>>>>> It states on page 14, "asking for consent would not be simple, would not solve all data protection issues, and would pose a number of organizational challenges."
>>>>>> 
>>>>>> The rationale behind this statement is contained within the memo.
>>>>>> 
>>>>>> —Ayden
>>>>>> 
>>>>>> 
>>>>>>> -------- Original Message --------
>>>>>>> Subject: Re: [gnso-rds-pdp-wg] another document that might be of interest
>>>>>>> Local Time: 21 October 2017 1:06 AM
>>>>>>> UTC Time: 21 October 2017 00:06
>>>>>>> From: jcb at bambenekconsulting.com <mailto:jcb at bambenekconsulting.com>
>>>>>>> To: Ayden Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com>>
>>>>>>> Victoria Sheckler <vsheckler at riaa.com <mailto:vsheckler at riaa.com>>, GNSO RDS PDP <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>> 
>>>>>>> So, in short, if we create a consent system, we are fine. 
>>>>>>> 
>>>>>>> Am I missing something?
>>>>>>> 
>>>>>>> --
>>>>>>> John Bambenek
>>>>>>> 
>>>>>>> On Oct 20, 2017, at 17:31, Ayden Férdeline <icann at ferdeline.com <mailto:icann at ferdeline.com>> wrote:
>>>>>>>> I would like to flag two extracts from this Regulation that may be relevant to our work:
>>>>>>>> "The Registry should also comply with the relevant data protection rules, principles, guidelines and best practices, notably concerning the amount and type of data displayed in the WHOIS database." (page 3)
>>>>>>>> "The WHOIS database shall contain information about the holder of a domain name that is relevant and not excessive in relation to the purpose of the database. In as far as the information is not strictly necessary in relation to the purpose of the database, and if the domain name holder is a natural person, the information that is to be made publicly available shall be subject to the unambiguous consent of the domain name holder." (page 10 - emphasis added)
>>>>>>>> Thank you, 
>>>>>>>> 
>>>>>>>> Ayden Férdeline
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> -------- Original Message --------
>>>>>>>>> Subject: [gnso-rds-pdp-wg] another document that might be of interest
>>>>>>>>> Local Time: 20 October 2017 10:47 PM
>>>>>>>>> UTC Time: 20 October 2017 21:47
>>>>>>>>> From: vsheckler at riaa.com <mailto:vsheckler at riaa.com>
>>>>>>>>> To: GNSO RDS PDP <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> I think we missed this document when we were reviewing documents for this WG back in the day, and thought some of you might find it of interest given our current discussions on GDPR
>>>>>>>>> 
>>>>>>>>>  
>>>>>>>>> 
>>>>>>>>> COMMISSION REGULATION (EC) No 874/2004 of 28 April 2004 laying down public policy rules concerning the implementation and functions of the .eu Top Level Domain and the principles governing registration, available athttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2004R0874:20051011:EN:PDF <http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2004R0874:20051011:EN:PDF>
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> gnso-rds-pdp-wg mailing list
>>>>>>>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>>>>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>>>>>> 
>>>> 
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171023/9cba0797/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list