[gnso-rds-pdp-wg] Joint Controller / Article 26 / Hamilton Memo
michael at palage.com
michael at palage.com
Wed Oct 25 21:55:17 UTC 2017
Hello All,
I must admit it has been hard to keep up with the flood of recent list traffic. However, I would like to interject a legal issue raised in the Hamilton Memo which I do not believe has been properly discussed to date. Specifically, Hamilton’s determination that both ICANN and Registration Authorities (Registries and Registrars) are Joint Controllers, see Paragraph 3.4.4 of Hamilton Memo.
Article 26 of the GDPR on the issue of Joint Controller states that “Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.” For the purpose of this analysis I will focus exclusively on Registries as well as the fact that there seems to have been a lot of list traffic in connection with the recent actions of .AMSTERDAM and .FRL. Prior to ICANN, the legacy gTLDs were thin registries. Over the years ICANN has mandated through various RFPs/Applicant Guidebooks the requirement that a TLD be operated in a thick format. But for a Consensus Policy mandating VeriSign to convert .COM and .NET from thin to thick there was no desire or need for Verisign to have access to this data. How can parties be “joint” controllers, when one party has the unilateral right to impose its will on the other?
I am puzzled why Hamilton made this legal determination and whether it knew of these historical data points. I am also puzzled why Hamilton believes that ICANN as a Joint Controller can unilaterally undertake a DPIA without consultation with the other joint controllers. I would submit that history and this action, point toward ICANN being the sole Data Controller, and “most” registries being a Data Processor. As evidenced by VeriSign, most gTLD registries do not need thick data to perform their core business functions. They are only deemed a Joint Controller because ICANN has mandated that they collect and process the PII of registrants.
I would welcome any additional insight on this Article 26 issue.
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171025/3f14bd2d/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list