Logo

051040043 - EPDP-Phase 2A Team Call - Shared screen with speaker view
Terri Agnew
23:46
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en**Reminder, when using chat, please select all panelists and attendees in order for chat to be captured after the meeting.
Caitlin Tubergen
23:52
For the chat to be archived, it needs to be set to “panelists and attendees”
Berry Cobb
27:29
https://docs.google.com/document/d/156jajwvAkl1l5VsdWXpznrghkKyMUD2bhKkS20X7Xrg/edit#
Thomas Rickert (ISPCP)
28:11
Just for the record: I had mentioned multiple times that I would prefer to talk about the risk for those involved in the domain name registration, i.e. ICANN, Rys and Rrs. I thought we had agreed on that, but I will not die in the ditch over this.
Berry Cobb
29:26
Apologies. The rewrite for Q5 is also in the word doc, not the google link that I just posted.
Berry Cobb
30:08
@Thomas, perhaps best to make your comment verbally?
margiemilam
34:11
+1 Jan
Terri Agnew
37:35
**Reminder, when using chat, please select all panelists and attendees in order for chat to be captured after the meeting.
margiemilam
47:32
Right Volker - that’s a second declaration
vgreimann
48:27
How long do you want to make the registration process?
vgreimann
48:36
Where is the benefit for the registrant?
margiemilam
48:51
It could be done afterwards
Caitlin Tubergen
49:17
As a reminder, Becky updated the consolidated question to include this text: Are there additional or alternative mitigation and/or verification steps that a Contracted Party could take to further reduce/eliminate liability associated with inadvertent publication of personal data in connection with reliance on a registrant’s self-designation, e.g. confirming the existence of corporate identifiers (Inc., GmbH, Ltd. Etc.), reviewing account holder data for indicia of legal personhood, etc.? To what degree would each such additional step reduce liability?
Alan Woods (RYSG)
49:53
+1 Thomas
vgreimann
50:07
Policy? We are not creating policy in 2b. We are creating guidance for voluntary implementation, right?
Alan Woods (RYSG)
50:23
Correct Becky.
margiemilam
50:31
We’re creating consensus policies that impose requirements not guidance
Hadia Elminiawi (ALAC)
51:23
@Thomas not only the UK but also some other countries have similar laws
Thomas Rickert (ISPCP)
53:15
@Hadia. Right. I just referred to GDPR and the mirrored GDPR in the UK.
vgreimann
55:04
Margie, read the charter again:
vgreimann
55:14
ii. What guidance, if any, can be provided to Registrars and/or Registries who differentiate between registrations of legal and natural persons.
margiemilam
55:54
@volker - that does not limit the charter to only providing guidance
margiemilam
56:02
Its still a PDP
vgreimann
56:18
Well, good luck passing anything but guidance
vgreimann
57:07
+1 Alan
margiemilam
57:35
We’ll try to see if there’s a way to propose binding policy - the advice is meant to allow consensus building for a policy that can work for all stakeholders
vgreimann
01:01:17
I do not see a path towards that
Berry Cobb
01:01:26
As a suggestion, perhaps the question can point to specific areas of prior advice to help target and focus the advice the LC seeks? As framed now, this could incur greater expense by just reviewing all the memos in total?
Alan Woods (RYSG)
01:05:21
How is a caveat laden legal advice going to help us create a policy today?
Alan Woods (RYSG)
01:05:52
surely we are going for clarity and not more questions posed? Was this not a previous criticism of the legal advices?
vgreimann
01:07:14
If Margies comment now were a public comment, my response would be: @Noted"
Alan Woods (RYSG)
01:07:45
not personal dat a
Alan Woods (RYSG)
01:07:51
*data
vgreimann
01:08:35
Let’s cross the NIS II bridge when we get to it in a few years
vgreimann
01:11:46
NIS2 basically tells us to hurry up and build the SSAD ;-)
margiemilam
01:11:55
Legal obligation is 6-1-c under GDPR
Alan Woods (RYSG)
01:16:03
agreed Volker
Hadia Elminiawi (ALAC)
01:18:08
@Kieth makes sense
vgreimann
01:18:57
Becky +1
vgreimann
01:19:19
This is not critical path ,material for this pdpd
Berry Cobb
01:19:47
https://docs.google.com/document/d/1UCP86uPZJBA_oh_4lfa6GwisfqnXUgbi5kdq-VOQCS0/edit#heading=h.gjdgxs
Terri Agnew
01:19:49
The EPDP-Phase 2A - Legal Sub-team call will take place on Tuesday, 09 March 2021 at 14:00 UTC for 60 minutes.
Berry Cobb
01:19:54
All good.
margiemilam
01:20:10
Thank you!
vgreimann
01:20:15
Thursday is a normal meeting again?
Caitlin Tubergen
01:20:22
This is a 90-minute call.
Berry Cobb
01:20:39
https://docs.google.com/document/d/1UCP86uPZJBA_oh_4lfa6GwisfqnXUgbi5kdq-VOQCS0/edit#
Keith Drazek (Verisign)
01:21:02
Yes, Thursday is a normal Plenary call.
vgreimann
01:21:31
I do not object to Laureens proposal to withdraw
Keith Drazek (Verisign)
01:22:57
I think we lost Margie as we were moving to wrap. Can someone ping her and let her know we're still going?
Caitlin Tubergen
01:23:33
I reached out to Margie.
Alan Woods (RYSG)
01:42:54
exactly
Alan Woods (RYSG)
01:43:43
yes but per registrant leads to correlation
Alan Woods (RYSG)
01:43:57
this is reverse lookup in 2 steps
Alan Woods (RYSG)
01:46:18
a single SSAD request relates to a single domain and the registration data of that domain. If we have a single pseudonymized email for that registrant, a single SSAD request will now allow the identification of that registrant in all registrations... So I do feel that defeats the issue. It is no longer pseudonymized to both CP and third party.
Keith Drazek (Verisign)
01:46:42
Thanks all. I need to drop a few minutes early. Thanks for all the good ongoing work.
Berry Cobb
01:48:31
Time check: 2 Min.
Thomas Rickert (ISPCP)
01:51:16
Sorry, I need to leave. All the best, Thomas
Hadia Elminiawi (ALAC)
01:51:24
Thank you all - bye for now