[IRT.RegDataPolicy] Recommendation 8

Sarah Wyld swyld at tucows.com
Fri Sep 20 14:56:56 UTC 2019 

Thanks to Roger for bringing this up, and to Dennis for that helpful
explanation.

There are four recommendations pertaining to DPAs (8, 19, 22, 26, see
attached); they're each worded slightly differently but with ultimately
the same effect. As such, I'd think that we should address them
similarly here in the IRT, so if we are writing policy language for
Rec's 19 and 22 shouldn't we also do the same for Rec's 8 and 26?

I'm also still not quite sure that it's ideal to combine the Rec's 19
and 22 into one policy section, since they are for agreements between
different sets of parties (19 is between ICANN and the CP, 22 is between
ICANN and the dispute resolution provider). 

Thanks,



-- 
Sarah Wyld
Domains Product Team
Tucows
+1.416 535 0123 Ext. 1392

 

On 9/19/2019 1:44 PM, Dennis Chang wrote:
>
> Hi Roger,
>
>  
>
> You are correct that the IRT was assigned to review 8.3 only.
>
>  
>
> For 8.1 and 82, I communicate to the IRT by using the Rec Analysis
> sheet in the IRT workbook.
>
> https://docs.google.com/spreadsheets/d/1r8yMMEFIFS-KHGMsnLdVbdn0O_GWhf7vNLlNIZYP47U/edit#gid=0
>
> See Cell E9: IPT action for Rec 8.
>
> “8.1 & 8.2 Ensure DPAs, as appropriate, are entered into with data
> escrow agents.
>
> 8.3 draft policy language: provided by the link in D7”
>
>  
>
> This was the process I was using back in June.
>
> We switched to creating separate docs for each recommendations per
> Theo’s suggestion in July.
>
> I’ll see if I can make this more clear for the IRT in terms of
> assignments.
>
>  
>
> As of now, no IRT assignments for the 8.1 and 8.2 so you didn’t miss
> anything.
>
>  
>
> Thanks f0r being vigilant and the question.
>
>  
>
> Dennis Chang
>
>  
>
> *From: *"IRT.RegDataPolicy" <irt.regdatapolicy-bounces at icann.org> on
> behalf of Roger D Carney <rcarney at godaddy.com>
> *Date: *Wednesday, September 18, 2019 at 11:52 AM
> *To: *"irt.regdatapolicy at icann.org" <irt.regdatapolicy at icann.org>
> *Subject: *[IRT.RegDataPolicy] Recommendation 8
>
>  
>
> Good Afternoon,
>
>  
>
> Marc brought up a point about Data Escrow providers today on the call
> that made me go back and look at recommendation 8 and I realized that
> we may have missed parts of this recommendation in our IRT work. Line
> 19 (#18) of our Task List covers recommendation 8 sub item 3 but I
> don’t see where we scheduled/reviewed sub items 1 and 2 of
> recommendation 8.
>
>  
>
> Dennis, are these items covered somewhere else that I am missing?
>
>  
>
>  
>
> Thanks
>
> Roger
>
>  
>
>
> _______________________________________________
> IRT.RegDataPolicy mailing list
> IRT.RegDataPolicy at icann.org
> https://mm.icann.org/mailman/listinfo/irt.regdatapolicy
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20190920/ee5aaa1b/attachment.html>
-------------- next part --------------
EPDP Team Recommendation #8.
1. The EPDP Team recommends that ICANN Org enters into legally-compliant data protection agreements with the data escrow providers

EPDP Team Recommendation #19.
The EPDP Team recommends that ICANN Org negotiates and enters into required data protection agreements, as appropriate, with the Contracted Parties. In addition to the legally required components of such agreement, the agreement shall specify the responsibilities of the respective parties for the processing activities as described therein. Indemnification clauses should ensure that the risk for certain data processing is borne, to the extent appropriate, by the parties that are involved in the processing. Due consideration should be given to the analysis carried out by the EPDP Team in its Final Report.

EPDP Team Recommendation #22.
The EPDP Team recommends that ICANN Org must enter into appropriate data protection agreements with dispute resolution providers in which, amongst other items, the data retention period is specifically addressed.

EPDP Team Recommendation #26.
The EPDP Team recommends that ICANN Org enters into required data protection agreements such as a Data Processing Agreement (GDPR Art. 28) or Joint Controller Agreement (Art. 26), as appropriate, with the non-Contracted Party entities involved in registration data processing such as data escrow providers and EBERO providers. These agreements are expected to set out the relationship obligations and instructions for data processing between the different parties.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/irt.regdatapolicy/attachments/20190920/ee5aaa1b/signature.asc>

More information about the IRT.RegDataPolicy mailing list