[registrars] [Ext] Re: RRA Amendment Notification for .BANK & .INSURANCE

Robert Gomez robert.gomez at icann.org
Tue Jan 29 23:54:56 UTC 2019 

Hi Graeme,

Do you have any further comments regarding the .bank and .insurance RRA Amendments? Please note that comments were due back yesterday.

Kind regards,

Rob Gomez
Operations Specialist
Global Domains Division
Internet Corporation for Assigned Names and Numbers (ICANN)

Direct Line:  +1 310 578 8951
E-mail:  robert.gomez at icann.org<mailto:robert.gomez at icann.org>
www.icann.org<http://www.icann.org/>


From: Heather Diaz <heather at ftld.com>
Date: Friday, January 25, 2019 at 8:05 AM
To: Graeme Bunton <gbunton at tucows.com>
Cc: Robert Gomez <robert.gomez at icann.org>, "secretariat at icannregistrars.org" <secretariat at icannregistrars.org>, Carlos Chavoya <carlos.chavoya at icann.org>, "registrars at icann.org" <registrars at icann.org>, Karla Hakansson <karla.hakansson at icann.org>, Andee Hill <andee.hill at icann.org>, Craig Schwartz <craig at ftld.com>
Subject: [Ext] Re: RRA Amendment Notification for .BANK & .INSURANCE


Hi Graeme,


Thanks very much for your patience of my reply. I was out of the office last week, and have been playing some catch up this week.


While the Registry-Registrar Agreement (RRA) Amendment Procedure involves the entire RrSG, surely the opinions of fTLD’s contracted Registrars should be particularly pertinent to this step of the review. We have engaged our Registrar channel and those representing 75% of domains under management expressed no issue with our proposed RRA/Data Processing Addendum (DPA); and some have not yet had a chance to fully evaluate the documents with their legal counsel. One of our largest registrars said, “Your RRA amendments are appropriate in the new climate of post GDPR domain registrations” and another “I don’t see any problem with your RRA/DPA. Your business model/registrant community is very specific and proven and I think it’s appropriate given that.”

While fTLD does not wish to publicly vet the legal basis for our amendments, to facilitate the review process, we submit the below additional information relevant to your question, which we hope will address any concerns and believe justifies our changes to the DPA which identifies ICANN as a controller.


When fTLD made a business decision to migrate Registrant verification from an external vendor to an in-house process, ICANN mandated we file an RSEP. While fTLD complied with this demand from ICANN we specifically noted our objection in the first paragraph of our RSEP which stated (highlighting added):


fTLD Registry Services (fTLD) respectfully submits the following courtesy notification regarding its migration from a Static Registration Verification process to a Dynamic Registration Verification process. This is neither a Service, nor the proposed offering of an Additional Service, as defined in the Registry Agreement. Although fTLD finds no contractual basis for filing this request, fTLD is doing so at the request of ICANN GDD staff who directed fTLD to this process. fTLD reserves all rights and claims concerning ICANN’s request for an RSEP.


Numerous Registry Operators have also had to comply with the demands of ICANN in connection with operational changes regarding the collecting, processing and/or display of data elements in WHOIS.


With this DPA, fTLD is identifying that with respect to WHOIS/registration data, ICANN is, through its repeated practice and contractual requirements, a controller as defined under GDPR. As a highly restricted, community-based Registry Operator with specific requirements to support our mandatory Registrant verification process, and pass-through obligations to our Registrars, we find it necessary to customize the DPA to suit our business and operations. While we appreciate the community’s effort to create a one-size-fits-all DPA, registries who operate verified, Community gTLDs, which necessitate highly specialized Agreements (e.g., RRA, Registration Agreement), may also find themselves in the same position as fTLD requiring a more tailored DPA.

We trust this additional information is responsive to your question and respectfully request the RrSG expeditiously complete its review of our RRA/DPA.

Best regards,


Heather Diaz

Sr. Director, Compliance and Policy

fTLD Registry Services | www.fTLD.com [ftld.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ftld.com_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=uzvYfkhDxo3rDSm64Xx2qxBobVoQntMLGYPRlVboMNI&m=8MXD64yTaShXsxDYQDKAPl2-innKtEV2adu4rVQ2-M4&s=xzKf3Xo2zBbO-wX8PnM0QUnm2qwlP-7WRbW2dal17ZY&e=>

Office: +1 202 589 2404

Mobile: +1 408 316 7202



On Tue, Jan 15, 2019 at 5:07 PM Graeme Bunton <gbunton at tucows.com<mailto:gbunton at tucows.com>> wrote:

Hi Heather,

The process for amending RRAs includes (for better or worse) the entire RrSG, so I'm not inclined to indicate if the concerns are from your partners or not.

Could you elaborate on how your data processing agreement differs because of the business model?

Thanks

Graeme


On 2019-01-10 11:51 AM, Heather Diaz wrote:
Hi Graeme,

Thank you for your inquiry.  In response to your concerns about sections 2.12.1 and 3.5, I have provided a revised cover letter to ICANN detailing why fTLD did not initially include these two non-material changes in our original submission.  I would like to note that in the rush to submit this revised cover letter, I unintentionally referenced the “2013 Registry Accreditation Agreement” instead of “2013 Registrar Accreditation Agreement.”  Hopefully, this notification avoids any further confusion on this issue.

Turning to your inquiry for why we did not use ICANN’s standard Data Processing Agreement. fTLD, in consultation with our internal and external advisors, believe that the proposed Data Processing Agreement is in fTLD’s best legal interest considering our business model as a verified community registry.

In the interest of being proactive to these concerns, please identify those specific Registrars that have raised concerns about the Addendum.  We would like to distinguish any concerns among our fTLD Registrar partners versus those of non-partnered Registrars.

Best regards,


Heather Diaz

Sr. Director, Compliance and Policy

fTLD Registry Services | www.fTLD.com [ftld.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ftld.com_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=uzvYfkhDxo3rDSm64Xx2qxBobVoQntMLGYPRlVboMNI&m=8MXD64yTaShXsxDYQDKAPl2-innKtEV2adu4rVQ2-M4&s=xzKf3Xo2zBbO-wX8PnM0QUnm2qwlP-7WRbW2dal17ZY&e=>

Office: +1 202 589 2404

Mobile: +1 408 316 7202



On Tue, Jan 8, 2019 at 10:16 AM Graeme Bunton <gbunton at tucows.com<mailto:gbunton at tucows.com>> wrote:

Hi All,

I've had questions back as to why these RRAs don't use the standard ICANN data processing addendum.  Could we get an explanation of that please?

As well, it sounds like 2.12.1 and 3.5 are not listed as changes in the cover letter.  Are there any other changes we should be looking for?

Thanks

Graeme
On 2019-01-07 1:12 PM, Robert Gomez wrote:
Hello Graeme,

Attached, please find the cover letter and the red-lined RRA Amendment for .BANK & .INSURANCE submitted by fTLD Registry Services LLC to be shared with your Stakeholder Group.

Per the RRA Amendment Procedure, the RrSG has up to 21 days to review the proposed changes. If the registrars have concerns, please advise ICANN by responding to this message no later than 23:59 UTC on 28 January 2019. If there is no response by this time, ICANN will assume there are no concerns and will continue processing the request. If the RrSG responds with concerns, ICANN will continue to the next step of the RRA Amendment Procedure which is to consult with the RrSG and the Registry Operator.

If you have any further inquiries, please let me know.

Kind regards,

Rob Gomez
Operations Specialist
Global Domains Division
Internet Corporation for Assigned Names and Numbers (ICANN)

Direct Line:  +1 310 578 8951
E-mail:  robert.gomez at icann.org<mailto:robert.gomez at icann.org>
www.icann.org [icann.org]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.icann.org_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=uzvYfkhDxo3rDSm64Xx2qxBobVoQntMLGYPRlVboMNI&m=8MXD64yTaShXsxDYQDKAPl2-innKtEV2adu4rVQ2-M4&s=HbVBzx_loUGkJegRxR4uUXJknhcGGUCjvD5lYzShWWA&e=>


--

_________________________

Graeme Bunton

Director, Analytics & Policy

Tucows Inc.

PH: 416 535 0123 ext 1634

--

_________________________

Graeme Bunton

Director, Analytics & Policy

Tucows Inc.

PH: 416 535 0123 ext 1634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/registrars/attachments/20190129/f76c893f/attachment.html>

More information about the registrars mailing list