
36:50
Please review ICANN Expected Standards of Behavior here: https://www.icann.org/resources/pages/expected-standards-2016-06-28-en.

42:16
it does not really matter if we commit to meeting minimum GDPR requirements

43:18
Please note that the language in the Initial Report already says ‘at a minimum’

43:32
And this is part of the implementation guidance

43:38
then we should be fine.

44:18
we would have an issue if there were parties not willing to meet GDPR requirements

46:09
Thanks, Marc. I was confused.

46:42
Fair point Marc -- my concerns are the same for SSAD users as they would be for contracted parties.

46:44
why not make reference to Art 12 pp GDPR as a minimum

46:55
Agree- I was confused

47:03
+1 Thomas

47:04
It needs to be enforceable

47:13
But it’s applicable to SSAD in this case

47:40
ICANN Compliance shall enforce the privacy policy of the SSAD operator (also likely ICANN)?

48:23
+1 Alan.

48:35
that t he SSAD will apply to their (SSAD users) information

51:00
Seems like keeping the original language makes the most sense IMO…

52:29
+1 Matt

53:50
+1 Milton

54:29
Ahh…that makes sense Mark actually

54:30
+1 Mark SV

57:00
+1 Brian

57:47
And the registry agreements - where applicable

59:35
+1 Alan W

01:00:39
let's not make any amends

01:01:47
agree Beth. thank you for making sense of my blabbering :D

01:02:59
I thought so, Marc. Thanks.

01:03:24
I didn't recall exactly where. Thanks for your help.

01:03:32
I thought so too Brian, but had to look to find it

01:06:31
makes sense ICANN and/or CPs are controllers or joint controllers

01:10:23
+1 Margie. That's how I was thinking about it too.

01:12:27
+1 part of the terms of use of the SSAD - There is not contract between the CPs and the requestor

01:12:44
back at the previous question, what exactly is the chain of contractual obligations between requestor and contracted party

01:21:23
If you trace it back to the original still -then it remains personal data of course.

01:21:36
you cannot say “ it will contain no PI

01:22:37
Volker is correct. Log is required, hash will not work

01:24:24
Breyer notes that the dynamic IP address is not considered personal data by anyone who can't join the tables

01:26:04
Logging is not only about auditing

01:26:09
+1000 Beth

01:27:19
so... just as the disclosing body when necessary, AS thy will definitely have logs of their decision. We are reinventing the wheel here unnecessarily.

01:27:32
*just ask

01:27:56
The following has been proposed for reporting: “Data to be reported on, which is expected to include information such as: a) number of disclosure requests; b) disclosure requests per category of requestors; c) disclosure requests per requestor (for legal entities); disclosure requests granted / denied, and; response times. Please note that this is a non-exhaustive list”.

01:28:03
+1 Alan W

01:28:31
+1 Alan G

01:29:38
Uses of the data, yes. But I would not call tat "auditing"

01:30:39
+1 Janis

01:31:00
Logging has been part of our recommendations for a long time

01:32:07
Janis- I did not question the need or agreement of auditing. I am seeking clarification on the actual process and purposes of the logging so we can outline the appropriate safeguards

01:33:01
What are we trying to accomplish by logging?

01:33:10
Logging is to ensure transparency and accountability of all parties

01:36:12
i assume that teaching an algorithm is purely a hypothesis. some of us have expressed our disbelief in the potential fir this in strenuous terms.

01:37:23
how Mark - how is a central database of personal data - held just incase a complaint is made better than a query to be made If a valid complaint - that requires a review of the disclosure decision - going to float with privacy by design?

01:39:13
Umm, not what I said. Not remotely close

01:39:37
can i raise my hand please

01:42:48
+1 AlanG re: "but" instead of "and"

01:44:04
I can live with must if relev, is added.

01:44:04
+1 "relevant" data

01:45:23
relevant helps

01:47:17
mine was a more general point. wherever we use the teem we may need a careful read and footnote

01:47:34
term not teem

01:50:09
+1 Alan G

01:50:14
the data can be used in service of reporting requirements

01:51:54
@Milton, yup.

01:52:51
might want to specify "aggregate" data

01:58:14
yes

01:58:20
yup indeed!

02:04:21
Yes - keep as is

02:05:41
+1 Brian indeed because there is no escrow - and logging is a requirement

02:09:51
Yes

02:12:31
AlanW, yes I read that as "a format that is used by lots of folks" as opposed to "uniform format"

02:12:48
thanks

02:14:07
let's dump "structured"

02:14:48
yep

02:19:51
+1 Brian

02:23:55
I can hear Chris, but he is a bit quiet.

02:28:32
Isn’t that an implementation detail?

02:29:39
I am training an AI to recognize implementation details automatically

02:30:16
Milton, you'll make a fortune licensing that back to ICANN PDPs

02:30:49
thanks all

02:30:51
Thanks, Janis. Bye all.

02:31:01
Thanks all

02:31:02
thanks all

02:31:16
thanks all!

02:31:29
Thsnks all

02:31:48
Thanks all! See you Thursday!

02:31:50
Thank you all - bye

02:31:52
thanks all