[ODP-SSAD] Request for verification/feedback on SSAD recommendations

[Yuko Yokoyama]

Dear Janis,

We identified 2 additional questions/assumptions that we would like GNSO Council’s confirmation and/or clarifications.

Question 1:
Recommendation 9.4 states: Per the legal guidance obtained (see Advice on use cases re automation in the context of disclosure of non-public registrant data<https://community.icann.org/download/attachments/111388744/ICANN_Automation%20memo%2023%20April%202020%5B1%5D.pdf?version=1&modificationDate=1588031170000&api=v2> - April 2020), the EPDP Team recommends that the following types of disclosure requests, for which legal permissibility has been indicated under GDPR for full automation (in-take as well as processing of disclosure decision) MUST be automated from the time of the launch of the SSAD:

Recommendation 9.4.4 states: No personal data on registration record that has been previously disclosed by the Contracted Party.

ICANN org understands this mandatory automated use case 4 to apply only when a contracted party has notified the central gateway operator that this use case applies for a specific domain name, as the central gateway operator would not know which domain names’ registration data contain no persona data, or if the CPs have previously disclosed the data on the ground of use case 4. Can you please confirm this is the intent of the Policy Recommendation?

Question 2:
As you can see in our briefing from ICANN72 presentation concerning identity verification, ICANN org understands the EPDP recommendations to contemplate two different types of accredited SSAD users who may be associated with a legal person: (a) individuals who are affiliated with an org (e.g. an employee), and (b) individuals who represent an org (such as an outside counsel, brand management firm, etc).

For each of these types of individuals, we are expecting that the accreditation authority will first verify the individual’s identity, and then the individual’s association with the legal person. The individual’s association with the legal person would be a “declaration” tied to the individual’s accreditation, which takes into account that one individual could be associated with more than one legal entity who has individuals using the SSAD. This is the “signed assertion” concept referenced in the EPDP Team’s Final Report.

One issue we will need to resolve during implementation is how to manage multiple individuals’ associations with the same legal entity. Can you let us know if the approaches we’ve identified are aligned with the community expectations in this regard, if not, can you share any additional thinking regarding the community expectations?

The first approach we identified was that each individual’s association with a legal entity will need to be individually verified (so that even if one person has demonstrated an association with an entity, the second, third, fourth, etc individuals will also need to do the same).   Alternatively, a second, alternative, approach would be that once one person is accredited and associated with a legal entity in the SSAD, additional individuals claiming association with the legal entity could be added (or verified) by the initial individual to gain accreditation and be associated with the entity. However, this approach may raise operational challenges, particularly in large, global entities that may have many individuals seeking SSAD accreditation. This also may not work in cases where the first individual accredited and associated with an organization is an organizational representative, since a representative may not be able to verify individuals within the org, or other individuals who represent the org.

We look forward to discussing this matter during our next call with you.

Regards,

Yuko Yokoyama
Program Director
Strategic Initiatives, Global Domains & Strategy
Internet Corporation for Assigned Names and Numbers (ICANN)
 E-mail:  yuko.green at icann.org<mailto:yuko.green at icann.org>
www.icann.org<http://www.icann.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/odp-ssad/attachments/20211112/ca0f24b0/attachment.html>