[IRT.RegDataPolicy] Rec19 IRT comments closing - DPA ICANN org & CP

Theo Geurts CIPP/E gtheo at xs4all.nl
Thu Oct 31 19:22:52 UTC 2019 

Good suggestions Marc.

Theo

Op 31-10-2019 om 19:23 schreef Anderson, Marc via IRT.RegDataPolicy:
>
> Dennis, IPT and IRT teams,
>
> I have some closing comments on Rec #19.  Early on there was an 
> attempt to bundle the phase 1 recommendations dealing with data 
> processing agreements.  I think since there has been agreement that 
> the data processing agreements between contracted parties (ICANN, 
> Registries and Registrars) should be separate from those dealing with 
> third parties (such as escrow or EBERO providers).  Rec #19 is 
> specific to contracted parties and I suggest the policy language stay 
> the same.  The current text referencing third parties should be 
> removed from this recommendation and covered in a separate section.
>
> I’m not sure that Rec #19 requires consensus policy language at all.  
> It recommends that contracted parties enter into required data 
> protection agreements as appropriate.  That can be accomplished 
> without consensus policy language.  If however language to this effect 
> is going to be included, the current language goes far beyond what is 
> in Rec #19.  Privacy law is evolving and varies across jurisdictions.  
> There is a danger in being to explicit in what is required in these 
> data processing agreements as contracted parties will need some 
> flexibility in implementing and maintaining them over time. This was a 
> factor in why Rec #19 states that due consideration should be given to 
> the related analysis done by the EPDP team, rather than including that 
> analysis directly in the recommendation.  We realized flexibility 
> would be needed.
>
> If it is decided that some language is needed for #19 in the policy, I 
> suggest something much more streamlined.  For example building on the 
> existing language and Rec #19:
>
> Policy:
>
> As part of processing gTLD registration data, ICANN Org, gTLD 
> registries and accredited registrars must enter into and maintain in 
> effect data processing terms and conditions concerning personal data 
> in gTLD registration data as appropriate. The data processing terms 
> and conditions will be provided in contractual language (in the form 
> of an annex to the applicable contract between ICANN and the 
> contracted party  specifications or addendum, for example).
>
> Implementation notes:
>
> In drafting these data protection agreements, ICANN Org, gTLD 
> registries and accredited registrars shall specify the 
> responsibilities of the respective parties for the processing 
> activities as described therein. Indemnification clauses should ensure 
> that the risk for certain data processing is borne, to the extent 
> appropriate, by the parties that are involved in the processing. Due 
> consideration should be given to the analysis carried out by the EPDP 
> Team in its Final Report.
>
> Best,
>
> Marc
>
> *From:*IRT.RegDataPolicy <irt.regdatapolicy-bounces at icann.org> *On 
> Behalf Of *Dennis Chang
> *Sent:* Monday, October 28, 2019 3:52 PM
> *To:* irt.regdatapolicy at icann.org
> *Subject:* [EXTERNAL] [IRT.RegDataPolicy] Rec19 IRT comments closing - 
> DPA ICANN org & CP
>
> Call to close IRT comment for Recommendation #19 Analysis regarding 
> DPA between ICANN and Contracted Parties
>
> 62
>
> 	
>
> _IRT review closing Recommendation #19 Analysis - DPA ICANN org & CP 
> <https://docs.google.com/document/d/1kJFdfch4WI-bE8zXW1EM8ioVOAg7BlPOimJkqYJrR_w/edit>_
>
> 	
>
> 20191101
>
> -- 
>
> Kind Regards,
>
> Dennis S. Chang
>
> GDD Programs Director
>
> Phone: +1 213 293 7889
>
> Sykpe: dennisSchang
>
> www.icann.org <http://www.icann.org> One World – One Internet
>
>
> _______________________________________________
> IRT.RegDataPolicy mailing list
> IRT.RegDataPolicy at icann.org
> https://mm.icann.org/mailman/listinfo/irt.regdatapolicy
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20191031/91e8e90e/attachment.html>

More information about the IRT.RegDataPolicy mailing list