Logo

051040043 - EPDP-Phase 2 Team Call
Terri Agnew
36:50
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en.
Thomas Rickert (ISPCP)
42:16
it does not really matter if we commit to meeting minimum GDPR requirements
Marika Konings
43:18
Please note that the language in the Initial Report already says ‘at a minimum’
Marika Konings
43:32
And this is part of the implementation guidance
Thomas Rickert (ISPCP)
43:38
then we should be fine.
Thomas Rickert (ISPCP)
44:18
we would have an issue if there were parties not willing to meet GDPR requirements
James Bladel (RrSG)
46:09
Thanks, Marc. I was confused.
Laureen Kapin (GAC)
46:42
Fair point Marc -- my concerns are the same for SSAD users as they would be for contracted parties.
Thomas Rickert (ISPCP)
46:44
why not make reference to Art 12 pp GDPR as a minimum
Margie Milam (BC)
46:55
Agree- I was confused
Mark Svancarek (BC)
47:03
+1 Thomas
Margie Milam (BC)
47:04
It needs to be enforceable
Margie Milam (BC)
47:13
But it’s applicable to SSAD in this case
James Bladel (RrSG)
47:40
ICANN Compliance shall enforce the privacy policy of the SSAD operator (also likely ICANN)?
James Bladel (RrSG)
48:23
+1 Alan.
Marc Anderson (RySG)
48:35
that t he SSAD will apply to their (SSAD users) information
Matt Serlin (RrSG)
51:00
Seems like keeping the original language makes the most sense IMO…
Mark Svancarek (BC)
52:29
+1 Matt
Matt Serlin (RrSG)
53:50
+1 Milton
Matt Serlin (RrSG)
54:29
Ahh…that makes sense Mark actually
Chris Lewis-Evans (GAC)
54:30
+1 Mark SV
Margie Milam (BC)
57:00
+1 Brian
Margie Milam (BC)
57:47
And the registry agreements - where applicable
Alan Greenberg (ALAC)
59:35
+1 Alan W
Milton Mueller (NCSG)
01:00:39
let's not make any amends
Alan Woods (RySG)
01:01:47
agree Beth. thank you for making sense of my blabbering :D
Brian King (IPC)
01:02:59
I thought so, Marc. Thanks.
Brian King (IPC)
01:03:24
I didn't recall exactly where. Thanks for your help.
Marc Anderson (RySG)
01:03:32
I thought so too Brian, but had to look to find it
Hadia Elminiawi (ALAC)
01:06:31
makes sense ICANN and/or CPs are controllers or joint controllers
Brian King (IPC)
01:10:23
+1 Margie. That's how I was thinking about it too.
Hadia Elminiawi (ALAC)
01:12:27
+1 part of the terms of use of the SSAD - There is not contract between the CPs and the requestor
Stephanie Perrin (NCSG)
01:12:44
back at the previous question, what exactly is the chain of contractual obligations between requestor and contracted party
Alan Woods (RySG)
01:21:23
If you trace it back to the original still -then it remains personal data of course.
Stephanie Perrin (NCSG)
01:21:36
you cannot say “ it will contain no PI
Stephanie Perrin (NCSG)
01:22:37
Volker is correct. Log is required, hash will not work
Mark Svancarek (BC)
01:24:24
Breyer notes that the dynamic IP address is not considered personal data by anyone who can't join the tables
Hadia Elminiawi (ALAC)
01:26:04
Logging is not only about auditing
Stephanie Perrin (NCSG)
01:26:09
+1000 Beth
Alan Woods (RySG)
01:27:19
so... just as the disclosing body when necessary, AS thy will definitely have logs of their decision. We are reinventing the wheel here unnecessarily.
Alan Woods (RySG)
01:27:32
*just ask
Marika Konings
01:27:56
The following has been proposed for reporting: “Data to be reported on, which is expected to include information such as: a) number of disclosure requests; b) disclosure requests per category of requestors; c) disclosure requests per requestor (for legal entities); disclosure requests granted / denied, and; response times. Please note that this is a non-exhaustive list”.
Milton Mueller (NCSG)
01:28:03
+1 Alan W
Margie Milam (BC)
01:28:31
+1 Alan G
Alan Greenberg (ALAC)
01:29:38
Uses of the data, yes. But I would not call tat "auditing"
Margie Milam (BC)
01:30:39
+1 Janis
Margie Milam (BC)
01:31:00
Logging has been part of our recommendations for a long time
Beth Bacon (RySG)
01:32:07
Janis- I did not question the need or agreement of auditing. I am seeking clarification on the actual process and purposes of the logging so we can outline the appropriate safeguards
Milton Mueller (NCSG)
01:33:01
What are we trying to accomplish by logging?
Mark Svancarek (BC)
01:33:10
Logging is to ensure transparency and accountability of all parties
Stephanie Perrin (NCSG)
01:36:12
i assume that teaching an algorithm is purely a hypothesis. some of us have expressed our disbelief in the potential fir this in strenuous terms.
Alan Woods (RySG)
01:37:23
how Mark - how is a central database of personal data - held just incase a complaint is made better than a query to be made If a valid complaint - that requires a review of the disclosure decision - going to float with privacy by design?
Mark Svancarek (BC)
01:39:13
Umm, not what I said. Not remotely close
Stephanie Perrin (NCSG)
01:39:37
can i raise my hand please
Brian King (IPC)
01:42:48
+1 AlanG re: "but" instead of "and"
Alan Greenberg (ALAC)
01:44:04
I can live with must if relev, is added.
Hadia Elminiawi (ALAC)
01:44:04
+1 "relevant" data
Marc Anderson (RySG)
01:45:23
relevant helps
Stephanie Perrin (NCSG)
01:47:17
mine was a more general point. wherever we use the teem we may need a careful read and footnote
Stephanie Perrin (NCSG)
01:47:34
term not teem
Margie Milam (BC)
01:50:09
+1 Alan G
Milton Mueller (NCSG)
01:50:14
the data can be used in service of reporting requirements
Alan Greenberg (ALAC)
01:51:54
@Milton, yup.
Milton Mueller (NCSG)
01:52:51
might want to specify "aggregate" data
Beth Bacon (RySG)
01:58:14
yes
Alan Woods (RySG)
01:58:20
yup indeed!
Margie Milam (BC)
02:04:21
Yes - keep as is
Hadia Elminiawi (ALAC)
02:05:41
+1 Brian indeed because there is no escrow - and logging is a requirement
Hadia Elminiawi (ALAC)
02:09:51
Yes
Brian King (IPC)
02:12:31
AlanW, yes I read that as "a format that is used by lots of folks" as opposed to "uniform format"
Alan Woods (RySG)
02:12:48
thanks
Milton Mueller (NCSG)
02:14:07
let's dump "structured"
Milton Mueller (NCSG)
02:14:48
yep
Matt Serlin (RrSG)
02:19:51
+1 Brian
Marc Anderson (RySG)
02:23:55
I can hear Chris, but he is a bit quiet.
Margie Milam (BC)
02:28:32
Isn’t that an implementation detail?
Milton Mueller (NCSG)
02:29:39
I am training an AI to recognize implementation details automatically
Mark Svancarek (BC)
02:30:16
Milton, you'll make a fortune licensing that back to ICANN PDPs
Brian King (IPC)
02:30:49
thanks all
James Bladel (RrSG)
02:30:51
Thanks, Janis. Bye all.
Matt Serlin (RrSG)
02:31:01
Thanks all
Marc Anderson (RySG)
02:31:02
thanks all
Thomas Rickert (ISPCP)
02:31:16
thanks all!
Chris Lewis-Evans (GAC)
02:31:29
Thsnks all
Julf Helsingius (NCSG)
02:31:48
Thanks all! See you Thursday!
Hadia Elminiawi (ALAC)
02:31:50
Thank you all - bye
Marc Anderson (RySG)
02:31:52
thanks all