Logo

Julie Bisland's Personal Meeting Room - Shared screen with speaker view
Marc Anderson (Verisign / RySG)
41:23
Happy Birthday James!
Brian King (IPC)
41:24
HBD James!
Mark Svancarek (BC) (marksv)
41:31
HBD!
Laureen Kapin (GAC)
41:31
Many happy returns James!
Eleeza Agopian (ICANN Org Liaison (MSSI))
41:34
Happy birthday, James!
James Bladel
41:34
Yikes ! Thanks!
Chris Lewis-Evans (GAC)
41:37
Happy Birthday !
Hadia Elminiawi (ALAC)
41:55
Happy Birthday James
James Bladel
41:56
As a kid, this is exactly how I pictured it would be when I was a grown up. :)
Mark Svancarek (BC) (marksv)
42:02
ha
Amr Elsadr (NCSG)
42:05
Hi all…, and happy b-day, James.
Matt Serlin (RrSG)
42:14
All I want for my bday is a 2 hour ePDP call :)
Stephanie Perrin (NCSG)
42:47
Indeed, we will don our party hats for this call, happy b-day James.
Margie Milam (BC)
42:47
Happy Birthday!
Amr Elsadr (NCSG)
43:07
I will likely need to drop off the call about 30 minutes early today.
Amr Elsadr (NCSG)
46:07
Speaking for myself, option “b” sounds good.
Stephanie Perrin (NCSG)
48:47
Peter Kimpian says hi to everybody, by the way. Happy data protection week!
Thomas Rickert
49:50
Hi all, sorry for being late!
Milton Mueller (NCSG)
52:12
there is no doubt about that question, Becky
Milton Mueller (NCSG)
52:18
accuracy is a data subject right
Milton Mueller (NCSG)
52:39
this has been clear even in US law for 30 years
Becky Burr (ICANN Board Liaison)
56:11
@Milton, I understand that accuracy in the context of the FCRA has been clear in the US for quite a long time.
Margie Milam (BC)
59:24
We are ok with removing the prohibition of reverse lookups
Amr Elsadr (NCSG)
59:57
@Alan: +1
Brian King (IPC)
01:00:01
+1, If reverse lookups are not in scope, we shouldn't spend the money to ask the question. We could support approach b).
Amr Elsadr (NCSG)
01:00:24
@Margie: Thanks, and Brian had suggested the same during the last call (I think). Seems like the sensible thing to do to me.
Amr Elsadr (NCSG)
01:00:42
@Brian: +1
Matt Serlin (RrSG)
01:00:52
Seems like we are all in agreement
Alan Woods (RYSG)
01:02:42
indeed
Amr Elsadr (NCSG)
01:03:02
Wether it’s a useful tool, or not, isn’t the point. At least, not on this EPDP.
Alan Woods (RYSG)
01:03:09
+1 Amr
James Bladel (RrSG)
01:03:21
Agree, Amr
Stephanie Perrin (NCSG)
01:03:22
Has anyone reviewed the existing advice from the data protection commissioners (dating back to 2000 and 2003) saying NOT to do reverse lookup?
Brian King (IPC)
01:03:42
CONSENSUS ALERT: looks like we're nearing consensus on approach b) for Q1. No cause for alarm.
Amr Elsadr (NCSG)
01:03:53
@Brian: +1
Stephanie Perrin (NCSG)
01:03:54
Perhaps it would actually be useful to seek further guidance on this if it would put a stake through the heart of this issue….
James Bladel (RrSG)
01:03:55
If it is incompatible, we should prohibit it. If it is compatible, then the scope question remains.
Brian King (IPC)
01:04:13
@Stephanie I'd love to read that! Can you share on the list please?
Stephanie Perrin (NCSG)
01:04:35
I certainly don’t support punting this to an IRT to muddle through.
Stephanie Perrin (NCSG)
01:04:46
Sure Brian I will send you the links.
Stephanie Perrin (NCSG)
01:05:09
We have it in the RDS repository of documents.
Stephanie Perrin (NCSG)
01:05:32
Agree with Alan on that point…
Stephanie Perrin (NCSG)
01:05:51
Alan G that is
Thomas Rickert (ISPCP)
01:05:56
@Alan G - it is not a question of preference to have it dealt with in a future PDP. If it is out of scope, we MUST NOT deal with it.
Matt Serlin (RrSG)
01:07:04
+1 Thomas
Alan Woods (RYSG)
01:07:28
+1 Thomas
Matt Serlin (RrSG)
01:08:27
Seems like we have our hands full with everything else we are trying to sort out without tackling reverse lookups…
Amr Elsadr (NCSG)
01:10:02
There isn’t full consensus, but likely there is some measure of consensus.
Alan Woods (RYSG)
01:10:42
+1 Amr
Laureen Kapin (GAC)
01:10:56
Yes to legal/natural
Brian King (IPC)
01:11:01
Amr you'll note above that we're close enough to trigger a consensus alert :-)
Becky Burr (ICANN Board Liaison)
01:12:53
Isn’t it easier to actually focus on the policy issues if you know the answer to the legal questions?
Laureen Kapin (GAC)
01:13:12
+1 Becky.
Becky Burr (ICANN Board Liaison)
01:13:27
Otherwise we are just fighting about whether or not it is legal, as opposed to whether the policy is a good idea or not?
Georgios Tselentis (GAC)
01:13:31
+1 Becky that's what I thought is the whole exercise with the legal questions
Margie Milam (BC)
01:13:34
+1 Becky
Hadia Elminiawi (ALAC)
01:13:47
+1 Becky makes sense
Amr Elsadr (NCSG)
01:16:14
This reminds me of a principle followed by healthcare practitioners (from a previous life). Sometimes, investigations like imaging studies or lab tests can be helpful in nailing down the specifics of a pathology, but will not affect the prescribed treatment, one way or the other. In cases like these, physicians are not supposed to have patients (or their insurance providers) bare these costs. Just sayin’. :-)
Becky Burr (ICANN Board Liaison)
01:17:47
Actually, on the legal v. Natural issue - my understanding is that the feeling that it has been impractical to make this distinction. The questions proposed by legal committee revolve around whether and under what circumstances you can rely on representations, instructions, etc.
Becky Burr (ICANN Board Liaison)
01:18:27
To me the legal v natural question is different from the territorial scope
Stephanie Perrin (NCSG)
01:19:22
I will once more point out that bona fide companies and corporations can set up an accreditation scheme based on their local laws (corp number, bus registration number etc) which will allow them to exercise their rights to differentiate themselvs.
Brian King (IPC)
01:19:24
There is nuance in the questions that we think can be quite helpful in our deliberations. Please read the questions closely. We're not simply reasking whether we can make a legal/natural or geographic distinction.
Amr Elsadr (NCSG)
01:19:27
@Becky: Also cost - wether making the distinction between legal/natural is worth the costs incurred.
Caitlin Tubergen
01:19:39
Will do - thank you, Janis.
Stephanie Perrin (NCSG)
01:21:46
Absent a way to authenticate companies, I thought we had agreed that the cost of differentiating is going to be crippling to this SSAD endeavour.
Stephanie Perrin (NCSG)
01:22:46
I have yet to see a response to the company authentication concept, despite repeating it regularly over the past seven years here. Very curious in my opinion.
Milton Mueller (NCSG)
01:23:37
it does not include third party access, Alan, cite me the part of GDPR that says that
Stephanie Perrin (NCSG)
01:23:48
you beat me to it Milton
Milton Mueller (NCSG)
01:24:00
Alan, you can't make up things about a written law
Amr Elsadr (NCSG)
01:24:07
I don’t recall third-party access along with accuracy being a purpose?
Becky Burr (ICANN Board Liaison)
01:24:22
@Stephanie, exactly. But the questions proposed to be asked specifically focus on whether and when you can rely on clear directions regarding the form and representations from third parties - which goes exactly to the burden of differentiating.
Alan Greenberg (ALAC)
01:25:00
Third party use of the data is defined as "processing" and therefore is included in the need for accuracy.
Amr Elsadr (NCSG)
01:27:09
@Georgios: The issue of contactibility as a purpose, and the accuracy requirements associated with it have already been addressed in phase 1.
Rod Rasmussen (SSAC)
01:27:41
So let me get this straight, a vast majority of team representatives, including the entire subteam tasked with making recommendations, is in favor of, or at least not objecting strenuously to getting clarification to specific legal questions, yet we do not move forward with getting answers to these well-crafted questions? This is no way to run a railroad.
Amr Elsadr (NCSG)
01:28:17
@Margie: Why is that a point of order? There is clearly no consensus.
Laureen Kapin (GAC)
01:28:26
Article 5 (c) states that Personal data shall be "adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed."
James Bladel (RrSG)
01:28:44
Can we use a different term that doesn’t confuse the legal meaning of “accuracy”?
James Bladel (RrSG)
01:28:51
“Data integrity” etc?
Milton Mueller (NCSG)
01:28:58
exactly James
Amr Elsadr (NCSG)
01:29:00
@Laureen: Agree, and this was addressed in phase 1.
Georgios Tselentis (GAC)
01:29:03
Underline "in relation to the purposes"
Stephanie Perrin (NCSG)
01:30:54
I have not spoken.
Alan Woods (RYSG)
01:31:03
following from Alans comment - Processing you are referring to is with the 3rd party as controller (independently). The Bird and Bird memo on this noted that that the accuracy as it applies to the purpose for the data use for the Contracted parties seems to be reasonable and sufficient - if the purpose to which, released data may be used, (depending on the individual reasons provided) then, independently, that 3rd party will have to assess whether their use of that data (which is a completely separate purpose to the contracted parties ) is considered accurate enough for those purposes - given the impact in their data processing sphere . Should they think "no" then they shouldn't use it.
Amr Elsadr (NCSG)
01:32:15
@Alan W: Yup.
Amr Elsadr (NCSG)
01:32:42
@Brian: Thanks, but not sure it’s just one group.
Alan Woods (RYSG)
01:32:47
sorry a bit longwinded and a bit of a typo in the middle.... but generally there ...lol
Rod Rasmussen (SSAC)
01:36:26
It seems that a lot of the arguments and time spent by this group are around individual group or peoples’s interpretation of legal issues and the questions posed here are largely designed to clarify areas where such differences are interfering with moving the policy questions forward. Not asking questions now only continues the cycle instead of finding out information that may end the endless debates on some issues. I note that continuing the cycle with less information likely costs us more in resources than what B&B’s costs are.
Brian King (IPC)
01:37:30
+1 Rod
James Bladel (RrSG)
01:37:56
Generally agree Rod. Altho the last round of legal questions didn’t resolve anything, and instead found the group micro-parsing the responses from B&B
Volker Greimann (RrSG)
01:38:09
...like it's hot
Milton Mueller (NCSG)
01:39:43
Laureen's voice is fading out
Amr Elsadr (NCSG)
01:40:25
@Rod: The thing is, we see that the answers are already clear. It’s just that what we’ve heard so far isn’t as useful to everyone. Depends on what special interests each group is advocating for. So less about a lack of information, and more about seeking different information.
Stephanie Perrin (NCSG)
01:40:35
I see that my comment on how accuracy is usually interpreted by requesting parties as expansion of data collected is being ignored. However, I think it would balance the legal question on accuracy if you added that aspect. I cannot craft the question on the fly.
Milton Mueller (NCSG)
01:40:39
Rod, since ICANN already has a vigorous accuracy requirement, please tell me how this question will advance the policy development process?
Rod Rasmussen (SSAC)
01:40:45
Let me put this another way - having answers to the very specific questions the legal team has come up with would definitely influence the recommendation process of individual groups - get them to move from positions that are not legally tenable or drop objections based on faulty information.
Rod Rasmussen (SSAC)
01:41:05
@Milton - I am NOT saying anything about any specific question - just the overall package.
Milton Mueller (NCSG)
01:41:08
I really don't care myself whether this question gets asked. I just think it's irrelevant and a waste of time to the policy decisions we need to make
Matt Serlin (RrSG)
01:42:00
Thomas breaking up a bit for me
Becky Burr (ICANN Board Liaison)
01:42:04
Thomas is breaking up
Milton Mueller (NCSG)
01:42:07
Thomas is breaking up for me, for anyone else?
Stephanie Perrin (NCSG)
01:42:20
ditto
Amr Elsadr (NCSG)
01:42:35
@Rod: “having answers to the very specific questions the legal team has come up with would definitely influence the recommendation process of individual groups” - I wish that were the case, but no. Each group is looking for answers that will support their interests. That’s what it seems like to me, at least.
Thomas Rickert (ISPCP)
01:43:03
I will disconnect and then come back.
Terri Agnew
01:43:03
@Thomas, let us know if a telephone call would help.
Thomas Rickert (ISPCP)
01:44:04
I have sent a phone number to Caitlin
Thomas Rickert (ISPCP)
01:44:07
Thanks, Terri
Terri Agnew
01:45:18
Thomas is connected via telephone
Milton Mueller (NCSG)
01:47:38
Thomas is correct: this is not the forum to revisit how the entire industry works. If your goal in asking this question is to somehow try to push for expanded or changed accuracy policies, it won't work, We have an accuracy policy. What is wrong with it? If it needs fixing, it is another PDP
Rod Rasmussen (SSAC)
01:47:57
I’m always in favor of having more information to make decisions. Using objections to keep us from learning seems like a filibustering technique to me. I am NOT accusing anyone of that, but after a long cycle of this, that’s what it feels like and it doesn’t help to build trust regardless of motives.
Amr Elsadr (NCSG)
01:47:59
@Thomas: +1
Mark Svancarek (BC) (marksv)
01:48:30
I have heard this claim that accuracy goes up after redaction, but I haven't seen any report or data which confirms this - can you point me to it?
Amr Elsadr (NCSG)
01:48:52
@Rod: Have you gone through all the information already available?
Thomas Rickert (ISPCP)
01:48:53
Rod, I hope you did not think of me with the filibustering idea.
Amr Elsadr (NCSG)
01:49:19
@Rod: It’s not like there is NO data, and we’re trying to block any from being acquired.
Thomas Rickert (ISPCP)
01:49:28
Mark, I need to do a bit of research, but will try to have something for you. It’s a while back since I heard that.
Mark Svancarek (BC) (marksv)
01:49:35
thx!
Rod Rasmussen (SSAC)
01:50:01
For clarification, I’m talking about asking the legal questions that the legal team agreed upon, not any specific questions.
Thomas Rickert (ISPCP)
01:50:32
If memory does not fail me, Denic also saw that when they redacted some data elements a few years back (long before GDPR kicked in), but I will try to get hard facts.
Thomas Rickert (ISPCP)
01:50:53
@Rod, thanks!
Rod Rasmussen (SSAC)
01:51:16
@Thomas - no and as I said, I’m not accusing anyone of filibustering, just saying what this never-ending process to get questions off to legal feels like to many.
Stephanie Perrin (NCSG)
01:52:58
We do not want this conversation to deteriorate to one side accusing the other of filibustering, and the other of asking leading questions. For the record, I agree with getting legal clarity on certain issues, I think what we are disagreeing about is t he wording of the questions, and whether we need to re-ask certain questions. Certainly, on the matter of the jurisdiction question, there was a feeling (not supported by the case in my view) among many ICANN stakeholders that the recent Google decision meant extraterritorial application of GDPR was seriously curtailed. How long have some of us been watching this battle on TBDF? oh, since 1991 when the Directive 95/46 was tabled. So forgive us for being a trifle frustrated in this search for loopholes….
Stephanie Perrin (NCSG)
01:55:13
There are broader questions about what is the right thing to do, regardless of whether ICANN or whoever is the controller could legally get away with something. Those are public policy objectives, where we have a fundamental disagreement about what should be paramount. i hope that we can continue to hold those different views on the paramountcy of rights in a respectful manner
Milton Mueller (NCSG)
02:02:46
There was never consensus or even majority opinion in favor of "automating as much as possible"
Stephanie Perrin (NCSG)
02:08:42
There is a routine way to deal with this in most governements…the Privacy Imparct assessment or PIA, usually administered by a committee and presented to the data commissioner. We also have the HRIA which ICANN has approved, arguable a better instrument in the case of automated decision making....
Stephanie Perrin (NCSG)
02:09:47
However we have not even been able to get a PIA for this EPDP, so the initial PIA would have to be prepared, subsequent changes would be amendments to it.
Stephanie Perrin (NCSG)
02:12:38
ICANN needs a privacy oversight committee. It is not like this is the only locus where privacy law raises issues.
Stephanie Perrin (NCSG)
02:12:50
Normal bureaucracies would have one.
Amr Elsadr (NCSG)
02:19:32
@Alan G: +1 on everything so far, but tbh…, have only skimmed through rec#17.
Amr Elsadr (NCSG)
02:20:34
@James: +1
Stephanie Perrin (NCSG)
02:20:49
+1 James
Becky Burr (ICANN Board Liaison)
02:22:17
Takes a few pickets out of the picket fence ...
Brian King (IPC)
02:22:56
I agree it's important that we finish the policymaking here in this PDP
Alan Greenberg (ALAC)
02:24:08
I have not heard anything that relates to what POLICY needs to be chnaged for our "evolutionary" SSAD.
Stephanie Perrin (NCSG)
02:24:22
I have my hand up
Hadia Elminiawi (ALAC)
02:24:33
@james how do you see this model evolving? If we learn something and would like to add it how do we do this - especially that the policy we are setting now will allow this so from an actual point of view a PDP would have given the green line and approved this
Milton Mueller (NCSG)
02:24:34
this is a case in which policy is closely tied to implementation, Alan.
Milton Mueller (NCSG)
02:24:58
Changing the implementation de facto changes the policy
Hadia Elminiawi (ALAC)
02:26:32
@Milton it is a learning moel
Hadia Elminiawi (ALAC)
02:26:36
model
Thomas Rickert (ISPCP)
02:27:57
We should discuss this more in LA. We need some sort of group that can take decisions on how the SSAD shall react. That must not be policy, but pure implementation. But there must be a group of community reps that decide e.g. how objections are being dealt with throughout the SSAD.
Stephanie Perrin (NCSG)
02:28:03
we cannot afford an AI assisted learning model, so not sure what you envisage Hadia
Thomas Rickert (ISPCP)
02:28:48
I am not sure whether the question of automation and where to take an automated approach is just implementation. It smells like policy.
Hadia Elminiawi (ALAC)
02:29:06
@Stephanie I was not thinking of AI
Stephanie Perrin (NCSG)
02:29:30
Given the precise discussion of automated decision making in the GDPR, it must be subject to policy review
Brian King (IPC)
02:33:13
I cannot stay past the top of the hour
Thomas Rickert (ISPCP)
02:33:18
Ok to stay on
Becky Burr (ICANN Board Liaison)
02:33:25
I must drop
Alan Woods (RYSG)
02:33:26
I can
Amr Elsadr (NCSG)
02:33:26
I’m already late for another meeting. :(
Hadia Elminiawi (ALAC)
02:33:27
@Stephanie seems good - though not sure about the actual implementation
Chris Lewis-Evans (GAC)
02:33:27
I can only do another 10
Stephanie Perrin (NCSG)
02:34:50
Thanks Hadia, yes it would require some working out and it must be remembered that different issues would still be subject to relevant review by the responsible group…in the case of changes to SSAD, the GNSO Council.
Stephanie Perrin (NCSG)
02:35:17
But we do need one. Compliance to GDPR is a lot more than an intrusive cookie consent mechanism....
Hadia Elminiawi (ALAC)
02:36:17
@Stephanie but my understanding was that the standing committee decisions would lead to changes to the SSAD.
James Bladel (RrSG)
02:37:46
Hard stop in 2 min. Thanks all!
James Bladel (RrSG)
02:37:51
See you next week!
Hadia Elminiawi (ALAC)
02:37:54
+1 Chris yes this is an implementation issue that is covered through this policy
Amr Elsadr (NCSG)
02:38:29
A never-ending PDP sounds more ominous than a standing PDP. Appropriately more ominous. :-)
Stephanie Perrin (NCSG)
02:38:39
Still need to respect the channels of the MS model Had.
Stephanie Perrin (NCSG)
02:38:52
Hadia, sorry for spellcheck
Brian King (IPC)
02:39:16
I need to drop. Thanks all.
Chris Lewis-Evans (GAC)
02:40:31
Have to run thank you all and see you in a few days, safe journeys
Matt Serlin (RrSG)
02:41:44
I think everyone agrees whatever form this standing committee takes, it can not address policy work so we need to be crystal clear on what their remit would be
Amr Elsadr (NCSG)
02:41:56
@Matt: +1
Mark Svancarek (BC) (marksv)
02:42:09
+1 Matt essential that we have clear policy
Alan Woods (RYSG)
02:42:09
+1 Matt
Mark Svancarek (BC) (marksv)
02:42:12
+1 Volker
Hadia Elminiawi (ALAC)
02:42:38
@Stephanie but recommendation 17 of this policy covers this - Thus the MS model is well respected
Mark Svancarek (BC) (marksv)
02:44:08
To the extent that we can identify these categories now, we should do it
Matt Serlin (RrSG)
02:44:21
+1 Mark
Alan Greenberg (ALAC)
02:44:25
IF the contracted parties on the committee are comfortable that the decision to automate a specific query does not impact their liability, we should be fine.
Hadia Elminiawi (ALAC)
02:44:30
+1 Mark
Amr Elsadr (NCSG)
02:46:26
@Alan G: Are contracted parties the only parties affected by decisions to disclose registration data to 3rd parties? I see this as a policy decision, not something that the committee should be empowered to make. If the committee is given that authority, might even require an amendment to the ICANN Bylaws.
Volker Greimann (RrSG)
02:47:47
we are back with the egg-laying wool milk pig
Mark Svancarek (BC) (marksv)
02:48:37
I actually thought we were making progress, and not designing a chimera
Amr Elsadr (NCSG)
02:48:46
The constitution of this committee is something that Milton and Alan G have mentioned. This is also something that clearly requires more thought.
Franck Journoud (IPC)
02:49:01
No Volker, we've evolved to a carp and rabbit. It's gorgeous
Stephanie Perrin (NCSG)
02:49:24
I was thinking tomatoes with fish DNA….
Mark Svancarek (BC) (marksv)
02:49:29
constitution of the committee (or IRT oversight team, or whatever) is important and needs Council oversight
Amr Elsadr (NCSG)
02:49:43
@Mark: +1
Stephanie Perrin (NCSG)
02:49:45
yes
Stephanie Perrin (NCSG)
02:49:49
to Mark SV
Thomas Rickert (ISPCP)
02:50:00
Agreed, MarkSV
Stephanie Perrin (NCSG)
02:50:24
Alan G, this is not just about liability although thanks for the clarity
Matt Serlin (RrSG)
02:51:28
Safe travels all
Terri Agnew
02:51:38
F2f meeting information will be sent after this call.
Hadia Elminiawi (ALAC)
02:51:53
Thank you
Thomas Rickert (ISPCP)
02:51:54
Safe travels. See you soon"
Amr Elsadr (NCSG)
02:52:00
Good luck to all at the F2F. Bye.