Logo

051040043 - EPDP-Phase 2 Team Call
Terri Agnew
37:38
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en.
Terri Agnew
40:07
**Reminder for members to select all panelists and attendees for chat option.
Marc Anderson (RySG)
43:38
does someone have the link for the public comment wiki page handy?
Berry Cobb
44:44
https://community.icann.org/pages/viewpage.action?pageId=126430750
Marc Anderson (RySG)
44:51
thank you
Brian King (IPC)
49:15
I think that language is originally from case law
Brian King (IPC)
49:22
it's verbatim here: https://www.twobirds.com/~/media/pdfs/data-protection/uk--eu-data-protection-bulletin-february-2019.pdf
Mark Svancarek (BC)
54:38
Agree that DPA would be a bad arbiter for these disputes
Eleeza Agopian (ICANN Org)
55:39
My apologies, I have to leave our call early today. Dan is on the call. Thank you.
Amr Elsadr (NCSG)
57:52
I don’t think the existing appeals/DRPs are good examples. A Contracted Party subject to legal liability can’t be forced to disclose data by a panel like a UDRP panel. The decision ultimately needs to stay with the Contracted Party involved, even after an appeal is filed.
Amr Elsadr (NCSG)
58:25
@Volker: +1
Matt Serlin (RrSG)
58:39
+1 Amr and Volker
Matt Serlin (RrSG)
59:36
Good point Janis
Amr Elsadr (NCSG)
01:00:30
Even if we agree on an appeals process, the decision coming out of that process can’t be binding. Has to be in more of an advisory role.
Thomas Rickert (ISPCP)
01:00:36
Beth makes a good point. Maybe the solution is rather a reconsideration process.
Amr Elsadr (NCSG)
01:00:49
@Thomas: +1
James Bladel (RrSG)
01:01:03
+1 Beth. And it could prompt a legal authority to invalidate the entire SSAD
Thomas Rickert (ISPCP)
01:01:25
Resending to everyone Beth makes a good point. Maybe the solution is rather a reconsideration process.
Franck Journoud (IPC)
01:02:51
Thank you Stephanie! Appreciate the honesty.
James Bladel (RrSG)
01:03:30
Agree, Stephane. Nobody has a right to be a Registrar
Beth Bacon (RySG)
01:03:55
Thomas- yes perhaps that’s something to think on?
Milton Mueller (NCSG)
01:04:54
seems to me we are over-complicating the disclosure of registration data, which is but one element of a much bigger picture of accountability
Franck Journoud (IPC)
01:05:34
Agree with Stephanie: whoever decides is liable for decision - CP, CGM/ICANN, etc.
Milton Mueller (NCSG)
01:06:26
could there be an appeals process limited to CP’s perceived as systematic offenders?
Matt Serlin (RrSG)
01:07:07
Yeah that seems different…having a CP that constantly rejects legitimate requests is different
Beth Bacon (RySG)
01:07:32
I have concerns with the assumption that the person who makes the decision is liable. I think it’s the party that discloses is liable. Happy to be convinced otherwise however! :)
Amr Elsadr (NCSG)
01:08:02
Consistently rejecting disclosure requests is not a standard to brand a Registrar as a bad actor alone. It might be receiving large numbers of requests that need to be rejected.
Brian King (IPC)
01:08:02
Beth that kind of pragmatic nuance has no place here
Brian King (IPC)
01:08:09
/s :-)
Alan Woods (RySG)
01:08:20
agreed Matt. And this is the difference between the decision process and the procedural process. Seems rather straightforward really.
Georgios Tselentis (GAC)
01:08:22
As in any appeal we are talking about appeal about decision per se or appeal about fault at process Maybe appeals about process can be processed faster and at this level e.g. without getting to the substance of the rejection
Amr Elsadr (NCSG)
01:08:50
@Beth: +1. The action of disclosure results in liability, not just the decision to disclose.
Amr Elsadr (NCSG)
01:09:20
@Thomas: +1. I like this suggestion.
Brian King (IPC)
01:09:23
@Georgios it seems to me that ICANN compliance can and should handle appeals about process. I think the remaining concern to address is appeals about the decision.
Stephanie Perrin (NCSG)
01:10:08
It absolutely IS complicated
Hadia Elminiawi (ALAC)
01:10:08
@Thomas request for reconsideration is a good suggestion
Franck Journoud (IPC)
01:10:11
@Amr: either requests are repeatedly bad and the system (logging, data analysis, enforcement, accreditation) needs to deal with that, or the decisions are and the system needs to deal with that.
Volker Greimann (RrSG)
01:10:33
Thomas, you just took my words out of my mouth
Amr Elsadr (NCSG)
01:11:17
@Franck: That sounds sensible, but isn’t it missing requests with lawful bases that the controller (registrar) doesn’t agree with? There’s the matter of passing/failing the balancing test.
Amr Elsadr (NCSG)
01:11:58
@Thomas: Have one problem with something you were saying - Requestors have legitimate interests to registration data, not rights.
Margie Milam (BC)
01:13:01
Lawsuits take months or years — that’s not a solution
Thomas Rickert (ISPCP)
01:13:14
@Amr. I tried to express exactly what you wrote.
Stephanie Perrin (NCSG)
01:13:35
Courts are fine, but in the short term, Court backlogs in my country are going to be creating rather long waiting lists....
Stephanie Perrin (NCSG)
01:14:01
COVID is having a real impact on the courts
Alan Woods (RySG)
01:14:22
Either we treat all registrants the same … or we don't.
Hadia Elminiawi (ALAC)
01:14:35
also appeals in relation to process should be no problem
Stephanie Perrin (NCSG)
01:15:49
Note that the model I am proposing would also hear complaints from registrants who do not have access to a data protection authority.
Amr Elsadr (NCSG)
01:16:34
@Milton: +1
Brian King (IPC)
01:17:40
I think we can agree with Milton that we should have generalized recommendations here.
Milton Mueller (NCSG)
01:17:40
I don’t see an appeals process or reconsider process for every positive disclosure decision
Alan Woods (RySG)
01:18:14
that is procedural again Margie.
Matt Serlin (RrSG)
01:18:54
We did develop an entire SLA for that, no? Is that not accountability?
Alan Woods (RySG)
01:19:15
+1 Matt
Margie Milam (BC)
01:19:17
The SLA is not on disclosure rates - Im happy to consider an SLA on disclosure rates
Alan Greenberg (ALAC)
01:21:15
GDPR has no provision for the data subject giving permission for each request!
Mark Svancarek (BC)
01:21:28
Balancing tests do not require humans
Margie Milam (BC)
01:22:01
Unfortunately - many CPH are not following
Amr Elsadr (NCSG)
01:22:07
@Beth: +1
Margie Milam (BC)
01:22:09
And compliance isn’t stepping in
Alan Greenberg (ALAC)
01:22:36
But we need that Compliance WILL take action. My understanding is that they have said they will not do that.
Matt Serlin (RrSG)
01:22:43
If compliance isn’t acting, that’s a different problem that needs to be addressed with ICANN org
Milton Mueller (NCSG)
01:22:50
well one-off or systemic, Beth, there’s a big big difference
Alan Woods (RySG)
01:23:00
That is literally the ENTIRE point of the GDPR Alan. No it doesn't say they have to give permission …. but everything about the GDPR is protecting their right to have privacy. Surely that is not lost on you.
James Bladel (RrSG)
01:23:36
Balancing tests definitely require humans. For the same reasons we don’t write algorithms to replace judges & juries.
Amr Elsadr (NCSG)
01:23:55
@Margie: You’re making generalizations, while using an incorrect context. Registrars will be required to comply with a new policy, not what was previously called the Temp Spec. Also, wasn’t I chastised a few weeks ago for suggesting that all requestors are acting in bad faith (when I really wasn’t)?
Brian King (IPC)
01:24:00
I think you've really condensed the conversation well, Laureen.
Brian King (IPC)
01:24:45
It seems we need something for systemic compliance issues, plus something light for one-off "hey can you take another look"
Mark Svancarek (BC)
01:24:46
James, balancing tests can be performed algorithmically in many cases
Margie Milam (BC)
01:24:57
I’m not making generalizations - I said many CPH don’t comply - that’s not all — there are lots of responsible registrars and registries doing the right thing
Amr Elsadr (NCSG)
01:26:20
Ah…, so you weren’t making a generalization, just like I wasn’t a few weeks ago? Just suggesting safeguards against the few cases, where CPs are not complying with policy?
James Bladel (RrSG)
01:29:27
Even so, there should be password or key relayed via SSAD
Mark Svancarek (BC)
01:30:19
James: I *think* Domain Connect could be a good solution if we need to transmit data outside the SSAD boundary. Bonus is that GoDaddy and Microsoft already support it.
Tara Whalen (SSAC)
01:30:35
Apologies — I need to drop off the call early this week. Ben is covering for SSAC. Thanks!
Mark Svancarek (BC)
01:30:52
Also, please never say that secure data transmission isn't a "sexy topic" that's just crazy talk
Milton Mueller (NCSG)
01:33:31
LOL
Hadia Elminiawi (ALAC)
01:34:12
I was going to say that all the provided solutions are good ones 1) A high level system that addresses systematic abuse 2) A reconsideration path 3) A contractual provision that ensures CPs disclose the data when legally allowed
Hadia Elminiawi (ALAC)
01:35:04
The above is in relation to an appeal mechanism
Brian King (IPC)
01:41:24
This is literally in the PPSAI as bottom-up, board-approved policy
Stephanie Perrin (NCSG)
01:41:58
And the PPSAI policy was totally innocent of any serious consideration of privacy law
Mark Svancarek (BC)
01:42:41
Alan, your example does not match the concern raised
Milton Mueller (NCSG)
01:44:52
“…nor can approval or refusal to disclose be solely based on the fact that the request is founded on alleged IP infringement..”
Alan Woods (RySG)
01:44:53
ha tell that to the requestor I have today. I'd be happy to quote you guys on the response!
Mark Svancarek (BC)
01:45:34
Sounds like the requestor was sloppy :(
Margie Milam (BC)
01:46:35
The gateway will be checking for requests to ensure they have the appropriate information
Mark Svancarek (BC)
01:47:23
LOL
Amr Elsadr (NCSG)
01:47:27
Hahaha
Margie Milam (BC)
01:47:37
So at least the CPH will have the appropriate form;
Stephanie Perrin (NCSG)
01:47:39
With respect, I don’t think “absent any legal requirements to the contrary satisfies my objections about lack of transparency
Mark Svancarek (BC)
01:47:56
+1 Milton
Milton Mueller (NCSG)
01:48:05
right
Milton Mueller (NCSG)
01:48:14
it’s cheap price to pay!
Milton Mueller (NCSG)
01:49:45
no we are saying that there mere fact there is a IPR claim does not justify disclosure or refusal
Amr Elsadr (NCSG)
01:49:49
Agree with Hadia on the relevance of 50,000 political prisoners to the issue of TM infringement. Although the figure I’ve heard is 60,000, not 50. ;-)
Amr Elsadr (NCSG)
01:50:35
Sorry…, irrelevance, not relevance.
Milton Mueller (NCSG)
01:50:43
Margie, you are talking everyone out of accepting this language
Hadia Elminiawi (ALAC)
01:50:45
@Amr I see no relevance
Amr Elsadr (NCSG)
01:50:53
Neither do I, Hadia.
Milton Mueller (NCSG)
01:50:57
by suggesting that the mere existence of a trademark is sufficient to disclose
Stephanie Perrin (NCSG)
01:51:49
Sorry Hadia for the shortcut, I was referring to the recent and highly publicized petition to release 60K political prisoners which access now is circulating. Perhaps knowledge of this petition and the concern over the hunger strike of one of the leaders of the recent dissent [Arab spring]only circulates in the NGO community. It is all over the human rights news feeds today.
Milton Mueller (NCSG)
01:52:33
and you can’t ACCEPT is “solely”
Stephanie Perrin (NCSG)
01:52:49
My point was really that no-one should reject any request simply because it is IP related, political, etc
Amr Elsadr (NCSG)
01:53:13
@Stephanie: Yeah, I’ve seen them, and for a lot of people living here, this is an ongoing issue, not just because Access have decided to bring it up. But it’s still pretty irrelevant to our discussion. We’re discussing TM/IP issues, not political ones, aren’t we?
Milton Mueller (NCSG)
01:53:28
it doesn’t remove anything
Milton Mueller (NCSG)
01:53:35
that you have a right to
Alan Woods (RySG)
01:53:46
From the data protection viewpoint it is essential to determine in very clear termswhat is the purpose of the Whois and which purpose(s) can be considered aslegitimate and compatible to the original purpose ... This is an extremely delicate matteras the purpose of the Whois directories can not be extended to other purposes justbecause they are considered desirable by some potential users of the directories.Some purposes that could raise data protection (compatibility) issues are forexample the use of the data by private sector actors in the framework of selfpolice activities related to alleged breaches of their rights e.g. in the digital rightmanagement field.
Alan Woods (RySG)
01:53:52
From WP29
Alan Woods (RySG)
01:53:58
in 2003 -
Alan Woods (RySG)
01:54:10
https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2003/wp76_en.pdf
Hadia Elminiawi (ALAC)
01:54:15
@Stephanie I still can't see the relevance of the above mentioned topic to IP infringement
Stephanie Perrin (NCSG)
01:54:26
I think our posts crossed Amr….my point is that a refusal should not be theme based, it should be fact base.
Stephanie Perrin (NCSG)
01:54:29
based
Alan Woods (RySG)
01:54:46
literally points out the fact that it is a DP concern. I'm not saying it will always be the basis for a denial … but it remains valid.
Alan Greenberg (ALAC)
01:55:55
When did we start talking about AUTOMATED disclosure???
Amr Elsadr (NCSG)
01:59:22
@MarkSV: You keep suggesting that we assume that requestors are “bad”, when all we’re trying to do is develop policies/processes that safeguard the rights of registrants/data subjects. The intent of the requestor is irrelevant. Safeguarding against infringement of the rights of registrants is the issue.
Mark Svancarek (BC)
02:00:32
Sorry if I was unclear, that was not what I was suggesting here. I am merely pointing out that multiple interventions on this topic were in regard to incomplete requests, which is not what we are debating here
Stephanie Perrin (NCSG)
02:00:37
Hadia, I was not talking about IP infringement. I was talking about the use of specific theme based disclosure requests in a policy. Policy must be general absent specific fact based cases that deserve special treatment. If special treatment is requested, an entire case needs to be developed. Legislation has protocols in drafting to deal with these instances, policy is more loose, but the principles should be adhered to. However ICANN policy, as the product of compromise, and particularly in this instance, mixes implementation of legal requirements (or not) and specific stakeholder group treatment. This is an instance of both, in my view.
Alan Greenberg (ALAC)
02:01:06
Isn't release to UDRP /URS provider based solely on IP/Content?
Stephanie Perrin (NCSG)
02:02:15
Suggested language if you don’t like approval: “disposition of the request”. Very common in FOI and Privacy circles….
Stephanie Perrin (NCSG)
02:02:42
Of course you would have to delete “refusal”
Milton Mueller (NCSG)
02:03:40
no UDRP is not based on content, it’s based on the domain name
Amr Elsadr (NCSG)
02:03:51
@AlanG: No…, in URS/UDRP, there’s also the issue of bad faith on the part of the registrant.
Milton Mueller (NCSG)
02:04:20
good idea Stephanie
Mark Svancarek (BC)
02:04:34
is "disposition of request" term of art here?
Mark Svancarek (BC)
02:04:38
I am unfamiliar
Alan Greenberg (ALAC)
02:04:41
@Amr, bad faith is determined (among other things) based on content.
Milton Mueller (NCSG)
02:06:04
thanks Brian
Amr Elsadr (NCSG)
02:06:04
Yup. Among other things…, so not “solely”. ;-)
Mark Svancarek (BC)
02:06:04
hooray thanks everyone
Brian King (IPC)
02:06:10
thanks y'all
Mark Svancarek (BC)
02:07:42
Phase 1 was regarding Publication, not disclosure. different topics, don't conflate
James Bladel (RrSG)
02:07:55
Hey folks need to drop a bit early. Thanks!
Milton Mueller (NCSG)
02:08:10
drop or escape?
Margie Milam (BC)
02:08:40
+1 Alan G
Hadia Elminiawi (ALAC)
02:08:50
It was about Publication and not disclosure
Hadia Elminiawi (ALAC)
02:10:30
I mean by it the phase one recommendation
Matt Serlin (RrSG)
02:11:09
Agree with Marc that “may” gives us flexibility for things that aren’t GDPR
Matt Serlin (RrSG)
02:11:28
By “applicable law…”
Brian King (IPC)
02:11:39
I like the language Berry's putting on the screen
Brian King (IPC)
02:11:46
"by applicable law"
Mark Svancarek (BC)
02:11:54
I can accept Berry's text
Berry Cobb
02:12:11
Alan G's text ;-)
Hadia Elminiawi (ALAC)
02:12:11
+1 for the text on the screen
Marc Anderson (RySG)
02:12:13
yeah, I think that addresses my concern, and the points raised by the comments.
Mark Svancarek (BC)
02:16:41
Clarifying - lots of non-personal data is redacted.
Amr Elsadr (NCSG)
02:18:56
Isn’t the disclosure of data behind p/p a different matter?
Mark Svancarek (BC)
02:19:12
Not the data BEHIND the P/P - the P/P itself
Stephanie Perrin (NCSG)
02:19:13
Me
Amr Elsadr (NCSG)
02:20:32
@MarkSV: The p/p provider’s data is already dealt with in a recommendation in the Addendum, isn’t it?
Hadia Elminiawi (ALAC)
02:20:40
@Amr no one is referring to the data behind the P/P
Amr Elsadr (NCSG)
02:21:13
@Hadia: MarkSV mentioned P/P. Assumed he meant registrant info behind P/P, but he clarified that he meant the p/p data itself.
Thomas Rickert (ISPCP)
02:23:24
What about: Human Rights implications must be taken into account when making a decision on disclosure.
Margie Milam (BC)
02:23:51
+1 Brian
Hadia Elminiawi (ALAC)
02:24:02
+1 Brian
Margie Milam (BC)
02:24:52
+1 Alan G
Georgios Tselentis (GAC)
02:26:12
+1 Thomas
Brian King (IPC)
02:26:24
+1 Thomas
Stephanie Perrin (NCSG)
02:27:42
I will be happy to do that
Stephanie Perrin (NCSG)
02:27:54
Write the dissenting opinion, that is.
Brian King (IPC)
02:28:51
@Berry, I don't think that language belongs here - rather, it should go in the balancing test section
Matt Serlin (RrSG)
02:30:28
I don’t think that can work operationally…a flag for “human rights organizations…:”
Mark Svancarek (BC)
02:30:58
It's right next to the flag for "I am a lega; person" :-)
Milton Mueller (NCSG)
02:32:00
use the email list...
Matt Serlin (RrSG)
02:33:20
I need to drop for another call…thanks all
Margie Milam (BC)
02:33:56
I support the extra call
Margie Milam (BC)
02:34:01
We have a lot of imp issues
Brian King (IPC)
02:34:49
strong preference for finishing on time and spending the time we need between now and then
Stephanie Perrin (NCSG)
02:34:50
Many of us have important family issues as well, which mitigate against availability for a second call and the speeded up review requirements
Amr Elsadr (NCSG)
02:35:36
Thanks all. Bye.
Hadia Elminiawi (ALAC)
02:35:42
I also support the extra call
Hadia Elminiawi (ALAC)
02:36:13
Thank you all - bye for now
Marc Anderson (RySG)
02:36:13
thanks all
Brian King (IPC)
02:36:13
thanks all
Julf Helsingius (NCSG)
02:36:14
Many thanks, and bye!