Logo

051040043 - EPDP-Phase 2A Team Call
Terri Agnew
31:36
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en**Members: reminder, when using chat, please select all panelists and attendees in order for everyone to see chat.
Brian King (IPC)
33:18
As one of the many people who asked Brian Beckham to consider being Vice Chair, I'd like to support on the record.
Hadia Elminiawi (ALAC)
33:31
We did not discuss this issue on our first call
Hadia Elminiawi (ALAC)
34:45
Yes sorry, do I need to send an apology or just leave it as such
Hadia Elminiawi (ALAC)
35:07
apologies the messages are sent to the wrong group
Hadia Elminiawi (ALAC)
35:55
Sorry for the above messages - please ignore
Volker Greimann (RrSG)
48:02
Terminated? Can I still quit?
Sarah Wyld (Tucows/RrSG)
48:09
No.
Marc Anderson (Verisign / RySG)
49:24
thank you Berry
Volker Greimann (RrSG)
49:28
We need a new ICANN Code of Conduct addition. Two actually:
Volker Greimann (RrSG)
49:37
1) No self-disparagement
Volker Greimann (RrSG)
49:42
2) No terminations
Berry Cobb
52:35
Chance or probability for consensus. not a formal call.
Laureen Kapin (GAC)
52:37
Also support Brian B as V Chair with appreciation for his volunteering for this position.
Margie Milam (BC)
53:34
We didn’t do that earlier that I’m aware of
Berry Cobb
58:49
https://docs.google.com/document/d/1N-3HyLJZTBq6tCVB4Ig3ws2Tfjb08RGFP1NTNe1MEGI/edit
Caitlin Tubergen
01:00:52
I should have noted that the orange column should be filled out at a later time, as the proposals may be modified over time.
Berry Cobb
01:02:56
https://docs.google.com/document/d/1QlM4O_vwx7cQ11DJ_Lx2kqhyyRgDkMXG/edit#
Sarah Wyld (Tucows/RrSG)
01:03:02
Thanks Berry
Caitlin Tubergen
01:03:48
To Margie’s question, the last column in the Google doc focuses on the question of whether the best practices/guidance should become a requirement (consensus policy), so if there are proposed recommendations from team members, they can populated in the orange column
Keith Drazek (Chair / Verisign)
01:04:24
Thanks Caitlin, very helpful.
Sarah Wyld (Tucows/RrSG)
01:07:56
Good point Volker, most renewal is entirely touchless
Margie Milam (BC)
01:12:52
+1 Brian
James Bladel (RrSG)
01:13:21
I added “standardized process”. Thx.
Sarah Wyld (Tucows/RrSG)
01:16:16
I thought the IRT rep to the GNSO Council was to give an update
Sarah Wyld (Tucows/RrSG)
01:16:32
and yes as James said my understanding is that this is already widely implemented even as we continue to finalize the new Policy in IRT
Berry Cobb
01:17:40
@Sarah, yes GDS staff is working the action item and hope to have response next week, but note it was under the context of Feasibility topic......although applicable here too.
Sarah Wyld (Tucows/RrSG)
01:17:46
Thanks Berry
Volker Greimann (RrSG)
01:17:59
Ok, good
Laureen Kapin (GAC)
01:20:10
Note for Legal Committee -- we should SSAC's proposal for legal advice on RIPE/ARIN's practices re: publication of data related to legal registrants.
Sarah Wyld (Tucows/RrSG)
01:20:28
If they have only legal-person registrants in the first place, isn't that a significant difference to domain owners?
Laureen Kapin (GAC)
01:20:31
I mean add to list of proposed legal questions.
Brian King (IPC)
01:21:04
+1 Laureen
Sarah Wyld (Tucows/RrSG)
01:21:22
And re the consent, didn't the advice say there's significant risk in third-party consent, to the extent that we can't rely on it?
Laureen Kapin (GAC)
01:21:33
@ Keith -- not sure whether this was the subject of legal advice.
Caitlin Tubergen
01:22:41
Please note RIPE-NCC practices were considered in Phase 2 by Bird & Bird: https://community.icann.org/display/EOTSFGRD/EPDP+-P2+Legal+subteam?preview=/111388744/126428940/ICANN%20memo%2013%20March%202020%20-%20consent.docx.
Caitlin Tubergen
01:23:04
“As part of your analysis please consult the GDPR policies and practices of the Internet protocol (IP address) registry RIPE-NCC (the registry for Europe, based in the Netherlands). RIPE-NCC's customers (registrants)are legal persons being displayed publicly in WHOIS. RIPE-NCC places the responsibility on its legal-person registrants to obtain permission from those natural persons, and provides procedures and safeguards for that. RIPE-NCC states mission justifications and data collection purposes similar to those in ICANN's Temporary Specification. Could similar policies and procedures be used at ICANN?”
Caitlin Tubergen
01:23:12
“Also see the policies of ARIN, the IP address registry for North America. ARIN has some customers located in the EU. ARIN also publishes the data of natural persons in its WHOIS output. ARIN’s customers are natural persons, who submit the data of natural person contacts.”
Caitlin Tubergen
01:23:52
The quoted language was included in the question directed to Bird & Bird.
Sarah Wyld (Tucows/RrSG)
01:28:59
I disagree; transparency is of course required but we still need an appropriate legal basis for processing. I can't process unlawfully and expect it to be acceptable because I'm transparent about it.
Laureen Kapin (GAC)
01:29:40
Just for clarification, the memo being discussed deals with Consent (related but not identical to Legal/Natural issues).
Brian King (IPC)
01:30:17
Also just to be clear, the fact that there have been zero fines for RIPE is an empirical, not a hypothetical, fact.
Hadia Elminiawi (ALAC)
01:31:36
What we have not explored is 6(1)(f)
Hadia Elminiawi (ALAC)
01:31:52
as RIPE NCC legal base
Becky Burr (Board Liaison)
01:32:12
if not consent, it must be 6f balance, no?
Berry Cobb
01:32:48
I think some one posted this blog here in this group. It does touch on RIPE and 6.1.f - https://labs.ripe.net/Members/Athina/gdpr-legal-grounds-for-lawful-personal-data-processing-and-the-ripe-database
Alan Woods (RySG)
01:33:06
Brian - Risk is not about having been caught yet - but that we have nothing to be caught for.
Volker Greimann (RrSG)
01:33:15
But 6f is a case by case evaluation
Margie Milam (BC)
01:33:26
The legal bases will change with NIS2
Volker Greimann (RrSG)
01:33:27
Cannot be blanket disclosure based on 6f
Volker Greimann (RrSG)
01:33:44
If NIS II comes as proposed
Laureen Kapin (GAC)
01:33:49
Happy to discuss this issue further . . .
Tara Whalen (SSAC)
01:33:54
Thanks, all!
Alan Woods (RySG)
01:34:02
@margie - NIS II continues to be subject to compliance wit hGDPR so that is not entirely true.
Sarah Wyld (Tucows/RrSG)
01:35:05
How would a cost-benefit analysis accommodate the many varied business models of CPs? E.g. retail vs wholesale vs brand-only? Would'nt those different business models all have different costs?
Mark Svancarek (BC)
01:35:46
@Sarah Wouldn't you need to analyze them all?
Sarah Wyld (Tucows/RrSG)
01:36:02
MarkSV - I would think so. But that's what this proposal is asking for?
Sarah Wyld (Tucows/RrSG)
01:36:31
(So I'm interested in how we might go about bringing this proposal into reality)
Margie Milam (BC)
01:36:40
GDPR legal bases will be available with NIS — performance of contract, compliance with law, public interest, etc.
Jan Janssen (IPC)
01:38:13
@ Margie: It is already. The NIS2 simply confirms that these legal bases are adequate in the context of domain name registrant data.
Margie Milam (BC)
01:38:31
@Jan - agreed
Volker Greimann (RrSG)
01:40:51
Costs and benefits need to be balanced for all parties involved
Sarah Wyld (Tucows/RrSG)
01:40:55
I still find it difficult to work through these proposals without clearly understanding our objective here
Stephanie Perrin (NCSG)
01:40:55
Given global trends for employees to work at home, which at least in this country we expect to persist after COVID subsides, there needs to be more focus on how employee information is made accessible by their employers, not less.
Stephanie Perrin (NCSG)
01:41:17
So coerced consent is a key issue
Brian King (IPC)
01:41:31
Agreed, Melina.
Terri Agnew
01:41:37
Members: please select all panelists and attendees in order for everyone to see chat.
Hadia Elminiawi (ALAC)
01:42:00
+1 Melina
Brian King (IPC)
01:43:22
Are there others from NCSG who could speak to their position? They fought hard to have 6 people on the EPDP.
Stephanie Perrin (NCSG)
01:49:09
You did a fine job, Brian, but we will comment if necessary
Sarah Wyld (Tucows/RrSG)
01:49:33
Really not comfortable building reverse-search into anything we're doing here
Margie Milam (BC)
01:51:47
We have no legal advice indicating that correlation is a problem
Laureen Kapin (GAC)
01:52:09
Especially correlation based on non-personal information.
Stephanie Perrin (NCSG)
01:52:33
Reverse search was one of the first issues raised by the article 29 group back in 2001, also by Berlin group.
Volker Greimann (RrSG)
01:53:12
Well, but we can control what is public and what isn’t
Stephanie Perrin (NCSG)
01:53:13
I believe we have a number of letters from various Chairs of the Article 29 WP on that subject
Alan Woods (RySG)
01:53:22
Alan - that is the literal point of Data Protection law.
Volker Greimann (RrSG)
01:53:43
And if we allow personal inflation to be public, knowing the ways it has been abused in the past, we are liable
Alan Greenberg (ALAC)
01:55:40
@Alan, yes, which is why we are discussing NOT redacting information that does not need to be redacted.
Stephanie Perrin (NCSG)
01:55:42
Personal information, you mean Volker? Although I like the concept of personal inflation....
Mark Svancarek (BC)
01:55:45
@AlanW, you'd have a legitimate interest in performing processing to determine if a record is that of a legal person. Or did I misunderstand your concern?
Margie Milam (BC)
01:56:04
Getting a list of domain names on request is not PII
Volker Greimann (RrSG)
01:57:46
2
Sarah Wyld (Tucows/RrSG)
01:58:11
This comment doesn't match my recollection of the Phase 1 recs
James Bladel (RrSG)
01:58:17
Agenda (5)(a) should be “Tuesday”. But thanks for making me double-check my wall calendar.
Sarah Wyld (Tucows/RrSG)
01:58:33
the Rec 7 list of data elements was not dependant on the domain owner legal type in any way
Sarah Wyld (Tucows/RrSG)
01:58:50
and the rec 17 about legal vs natural was not a placeholder, it was a full recommendation
Berry Cobb
01:59:21
Thx JB: on-the-fly agenda bashing can produce errors ;-)
James Bladel (RrSG)
01:59:25
:)
Volker Greimann (RrSG)
01:59:29
No Melina! Legal person data may still contain personal information
Sarah Wyld (Tucows/RrSG)
01:59:39
I have to drop thank you
Volker Greimann (RrSG)
01:59:43
When will people finally get this basic simple fact?
Brian King (IPC)
02:00:16
Need to drop. Thanks all.
Melina Stroungi (GAC)
02:00:52
no I refer to no personal data
Hadia Elminiawi (ALAC)
02:01:04
Thank you all bye for now
Brian Gutterman (ICANN Org)
02:01:11
thanks everyone