Logo

Julie Bisland's Personal Meeting Room - Shared screen with speaker view
Alex Deacon (IPC)
39:49
FYI - I will be primary for IPC today. (back from vacation).
Hadia Elminiawi (ALAC)
44:45
Hello all, apologies for being late
Andrea Glandon
45:35
@Alex, thank you, we have that noted
Georgios Tselentis (GAC)
47:30
Am I correct that the budget for transcript was higher than for the legal counsel durig phase 1? Maybe we need to ask GNSO to prioritise udget as well...
Georgios Tselentis (GAC)
47:45
*budget
Amr Elsadr (NCSG)
47:46
@Leon: Thanks again, so we still don’t know to what extent the budget will be a limiting factor? That’s kinda what I took away from your response.
León Sánchez (ICANN Board Liaison)
48:45
correct Amr. we will need to better assess the need in order to cost it and then establish a working budget as I understand the one we have now is preliminary
Amr Elsadr (NCSG)
49:03
@Georgios: I’m not sure what parts of the EPDP’s budget are covered by the GNSO, and what parts are covered by ICANN org (outside of the GNSO budget). Might be helpful if this is clarified. I might have missed a briefing on this in the past.
Amr Elsadr (NCSG)
49:19
Thanks again, Leon.
Brian King (IPC)
49:41
Will we go through all groups' submitted categorizations and prioritization next?
Marika Konings
50:07
Note that the budget for EPDP is assigned by the ICANN Board, not the GNSO (but the Board has done so at the request of the GNSO Council, who acted at the specific request of the EPDP Team)
Sarah Wyld (RrSG)
51:13
Question for Milton: There is value in working through one single, specific use case from start to finish; if we group them in this way, how would we do that? Designate one of the use cases in the group as the example, or ?? Thanks.
Amr Elsadr (NCSG)
51:15
@Marika: the whole EPDP budget, including transcripts, recordings, etc…?
Greg Aaron (SSAC)
51:39
Two of the three SSAC cases are mising form the document on-screen.
Rafik Dammak (GNSO Council Liaison)
51:46
yes Amr
Marika Konings
51:46
@Amr - anything beyond ‘normal’ services provided to PDP WGs
Amr Elsadr (NCSG)
52:03
@Marika: Thanks.
Berry Cobb
52:15
@Georgios the cost of B&B was well beyond than the expense of Telcom/Transcripts. The EPDP for legal advice was charged $50K with the remaining expenses covered by the General Counsel's Office. For Phase 2 however, expense for B&B will be fall entirely on the EPDP and as you say we will need to prioritize the request to the GNSO Council after our final workplan is approved.
Stephanie Perrin (NCSG)
52:46
I realize I have said this repeatedly over several years now, but there is a rather basic question that needs to be discussed and decided in order to clarify roles before we ask for more legal advice. That is, of course, what role is ICANN proposing to play as controller/processor, particularly with respect to its responsibility for GDD activities, and with respect to any disclosure instrument. It is crucial to determine this if we are going to ask questions regarding liability.
Milton Mueller (NCSG)
53:03
Sarah: We proposed a consolidated wording for the use case/purpose and we would have to go through the fields one by one
Stephanie Perrin (NCSG)
53:19
I hate wasting our legal advice budget. We did it in the RDS, and I fear we are about to do it again.
Milton Mueller (NCSG)
53:42
We are already doing TM infringement, and we support going ahead with LEA 1
Sarah Wyld (RrSG)
53:50
So who would make those consolidated use cases? If we're combining cases proposed by several teams into one group? Thanks
Milton Mueller (NCSG)
55:02
SSAC 1 and 3 are listed, I guess SSAC 2 is missing
Ashley Heineman (GAC)
55:42
I agree with Greg here. It isn't clear that CERT activities would fit into a "criminal law enforcement" category.
Milton Mueller (NCSG)
55:44
not sure what happened to it...;-)
Ashley Heineman (GAC)
55:49
For example anyway.
Alex Deacon (IPC)
57:50
+1 Chris - need to ensure we don’t lose any of the details of existing use cases when/if we start to consolidate them.
Amr Elsadr (NCSG)
59:11
@Ashley: Greg’s suggestion to relabel Group 1 to Combatting crime might work, no?
Ashley Heineman (GAC)
59:31
I think so... if acceptable to everyone else. :-)
Milton Mueller (NCSG)
59:31
I will explain why I don't like Greg's suggestion when I speak next.
Alan Woods (RYSG)
59:35
suspicious minds is hardly a compelling 6(1)f balance
Ashley Heineman (GAC)
01:00:17
Milton - is there something you would agree with?
Alex Deacon (IPC)
01:00:31
@alan - thanks for the Elvis ear-worm.
Terri Agnew
01:00:55
Reminder to mute when not speaking.
Milton Mueller (NCSG)
01:01:11
well for me a key part of the grouping was to separate LEA activity from private actors, because the balancing test is different
Alan Woods (RYSG)
01:01:21
haha you are welcome Alex! :)
Ashley Heineman (GAC)
01:01:41
Well, CERTs aren't always private. In many cases they are government, but are not considered "sworn" law enforcement.
Milton Mueller (NCSG)
01:02:33
efficiencies are pretty clear, we do 4-5 cases intead of 19
Julf Helsingius (NCSG)
01:02:41
I don't think we can go through 20 use cases in detail and still finish this year.
Milton Mueller (NCSG)
01:03:25
It's a good point Ashley about CERTs, let's think that one through
Ashley Heineman (GAC)
01:03:44
Can agree to fewer use cases, but the buckets need to be representative.
Amr Elsadr (NCSG)
01:03:52
Can’t the value within each of the individual use cases be carried in to the consolidated versions? Would certainly make it easier to review them.
Amr Elsadr (NCSG)
01:04:14
Why is there a presumption that the value within the use cases would be lost, if we consolidate?
Brian King (IPC)
01:04:26
Thanks for the explanation on value of grouping. That's helpful. Will small teams review the specifics?
Brian King (IPC)
01:04:57
i.e. I've read nearly all of these by now, have we all read them all?
Hadia Elminiawi (ALAC)
01:05:34
The traget is not to examine each and every use case available - if so all stakeholder groups would have submitted a bunch of use cases+1 Alan
Chris Lewis-Evans (GAC)
01:05:35
+1 Alan G
Matt Serlin (RrSG)
01:06:36
+1 Kristina
Alan Greenberg (ALAC)
01:06:43
Seperate EU LEA and external LEA
Sarah Wyld (RrSG)
01:06:51
+1 Kristina, yes
Alan Greenberg (ALAC)
01:06:54
The two will be very different.
Alan Woods (RYSG)
01:07:58
So private entities may be "investigating" criminal activity, but if they are doing itself they do not retain the power of LEA. This is not the same as Criminal Investigation of the LEA. If a Private entity has been empowered by LEA to perform a limited function of that LEA - then they are an agent / extension of an LEA. We really need to be sure that we are not overly legitimizing people who claim to be LEA vs actual LEA. this is not our place.
Sarah Wyld (RrSG)
01:08:19
+1 Alan W
Milton Mueller (NCSG)
01:08:27
+1 Alan
Matt Serlin (RrSG)
01:08:32
Alan W makes an important point I think
Julf Helsingius (NCSG)
01:08:38
+1 Alan W
Sarah Wyld (RrSG)
01:08:55
Yes - agree with Alan W & Kristina, Group 1 should be strictly LEA
Amr Elsadr (NCSG)
01:09:10
@Alan W: Also +1
Milton Mueller (NCSG)
01:09:28
OK
Kristina Rosette (RySG)
01:09:31
+1 Alan W
Matt Serlin (RrSG)
01:10:09
So how are we going to wrap this up and move forward? Seems like there is good agreement to consolidate…
Alex Deacon (IPC)
01:10:12
Thniking more about AlanW’s comment - does this mean we will need to add a new “group” for private entities that have been empowered by LEA? Or would those be a variant of an LEA use case?
Brian King (IPC)
01:11:14
So an LEA "user group" ?
Brian King (IPC)
01:11:27
or are we talking about use cases?
Alan Woods (RYSG)
01:11:47
Again this is not really our call. If a legitimate LEA have the power to so empower others, then either "in jurisdiction" we may have no choice to comply - and out of jurisdiction but in EU (eg. UK to ireland) could be a public interest - and finally non - EU out of jurisdiction - a compelling aspect of 6(1)f ....
Chris Lewis-Evans (GAC)
01:12:14
@Alex if we as LEA were to give someone the ability to use the same legal basis as us then they would have to be sworn in or form some form of contractual basis
Sarah Wyld (RrSG)
01:13:21
+1 Alan W
Alan Woods (RYSG)
01:13:31
they are technically still LEA in that case .... but if a 3rd party reviews criminal activities against their own company - they would have to pass that to LEA to actually run the case surely - hence pre LEA involvement - it's just a 6(1)f in all cases
Alan Woods (RYSG)
01:14:10
(vis a vis the processing by the controller)
Ashley Heineman (GAC)
01:14:12
I think we also need to continually remind ourselves... just because you fall into a user group and/or use case, doesn't presume access/disclosure.
Brian King (IPC)
01:14:23
+1 Ashley
Sarah Wyld (RrSG)
01:14:34
+1 Ashley.
Amr Elsadr (NCSG)
01:14:50
@Ashley: +1
Matt Serlin (RrSG)
01:15:36
Indeed Ashley…good reminder!
Milton Mueller (NCSG)
01:15:40
yeah, more the latter Alan
Ashley Heineman (GAC)
01:16:20
Well, it is also a note that we shouldn't get wrapped around the axel on these buckets.
Ashley Heineman (GAC)
01:17:33
The more important issues in my mind are accreditation and ensuring appropriate terms of use (and enforcement of them).
Alex Deacon (IPC)
01:18:28
FWIW the way staff described Category A and Category B on the Wiki seems to describe the distinction we are currently discussing.
Sarah Wyld (RrSG)
01:19:08
Alex do you have a link handy?
Alex Deacon (IPC)
01:19:23
https://community.icann.org/display/EOTSFGRD/d.+Use+Cases
Sarah Wyld (RrSG)
01:19:39
TY
Milton Mueller (NCSG)
01:20:22
What specific changes to my grouping have been proposed?
Brian King (IPC)
01:21:57
@Milton Why do you think we should use your grouping as a starting point?
Milton Mueller (NCSG)
01:22:06
Because it's better
Margie Milam (BC)
01:22:09
Lets just work with Staff's approach
Brian King (IPC)
01:22:15
Disagree. Would rather start with Staff's
Milton Mueller (NCSG)
01:22:21
There was far more support for my grouping than for that one
Brian King (IPC)
01:22:34
Or IPC's, which was submitted on time, and which we haven't reviewed as a team
Margie Milam (BC)
01:22:44
what is your concern with the Staff one Milton?
Margie Milam (BC)
01:23:27
It seems less needs to be done to the Staff one
Milton Mueller (NCSG)
01:23:41
Yes
Brian King (IPC)
01:23:46
Yes
Amr Elsadr (NCSG)
01:23:56
I think we can work with both Milton’s and staff’s grouping to refine both to our satisfaction?
Chris Lewis-Evans (GAC)
01:24:01
Yes please
Margie Milam (BC)
01:24:10
The BC had one too
Matt Serlin (RrSG)
01:24:21
How will the survey results we took time to respond to be factored into the grouping??
Milton Mueller (NCSG)
01:24:23
The categories in mine more closely conform to real differences in the use cases.
Milton Mueller (NCSG)
01:30:38
Chris, these are changes that have occurred since it was sent last night?
Chris Lewis-Evans (GAC)
01:31:04
No they are the ones sent yesterday
Chris Lewis-Evans (GAC)
01:31:14
change from the 7th of July
Milton Mueller (NCSG)
01:31:27
OK, <whew>
Chris Lewis-Evans (GAC)
01:36:06
Yes perfect
Stephanie Perrin (NCSG)
01:37:06
+1 David, statutory authority is very different from authority under criminal law in our jurisdiction.
Stephanie Perrin (NCSG)
01:38:10
For instance, our investigators in the social services department investigate fraud, but do not have powers to arrest. They have to call in criminal law enforcement (RCMP) once they cross a line in administrative investigation.
Amr Elsadr (NCSG)
01:38:40
@Chris: Thanks.
Milton Mueller (NCSG)
01:38:43
What is DPO?
Chris Lewis-Evans (GAC)
01:38:59
Sorry Data protection officer
Stephanie Perrin (NCSG)
01:39:44
And there are a great many types of investigation (I keep using the examples of harvesting endangered species, humane societies, violation of safety and health requirements etc)
Milton Mueller (NCSG)
01:40:23
CERTs are not LEAs and should be different use case
Stephanie Perrin (NCSG)
01:40:41
There are of course distinctions between countries who laws follow common law vs civil law tradition.
Chris Lewis-Evans (GAC)
01:40:53
Yes Milton but would they be under the same purpose for a government?
Amr Elsadr (NCSG)
01:40:54
CERTs are included in the SSAC use case we’re mean to review today. Not the same as LEAs.
Stephanie Perrin (NCSG)
01:40:54
(whose)
Amr Elsadr (NCSG)
01:41:18
*meant
Stephanie Perrin (NCSG)
01:41:45
I see that I am talking to myself so I will stop. However, most data protection law makes distinctions in these different types of disclosure.
Amr Elsadr (NCSG)
01:41:57
@Stephanie: +1
Stephanie Perrin (NCSG)
01:42:40
Thanks Amr. It is extremely difficult for criminal law enforcement authorities to delegate their powers, for good reasons.
Ashley Heineman (GAC)
01:42:42
Amr, that is not how the GAC intended this purpose to be. Our intention was to include government CERT activity. So, regardless of what the SSAC has proposed, we are now talking about a GAC drafted peice.
Milton Mueller (NCSG)
01:43:13
>Yes Milton but would they be under the same purpose> for a government?Yes and no. It's really a different purpose (investigation rather than law enforcement/prosecution) but under your very broad definition of purpose it might be
Margie Milam (BC)
01:43:38
Hi- I am going offline to drive but will remain on the phone
Milton Mueller (NCSG)
01:43:39
which is why i don't like the broadness of your overarching purpose
Amr Elsadr (NCSG)
01:43:58
@Ashley: But the user group in the use case is described as “Criminal Law enforcement/national or public security”
Milton Mueller (NCSG)
01:44:14
right it combines the two
Ashley Heineman (GAC)
01:44:17
yes... but we agreed not to elucidate every use case. Right?
Ashley Heineman (GAC)
01:44:19
THat was our intent.
Ashley Heineman (GAC)
01:44:25
I think I know what it is. :-)
Stephanie Perrin (NCSG)
01:44:40
I believe these questions are being extensively debated at the Internet and Jurisdiction meetings/discussions, particularly in respect of the limitations of the Cybercrime Treaty in dealing with these problems. Many players who are in this EPDP participate in these discussions, it would be most helpful if they would brief us all on the current state of play.
Ashley Heineman (GAC)
01:45:23
The purpose is intended to be multi use. The example use case is just that... one example falling under the purpose.
Milton Mueller (NCSG)
01:46:30
the key to deciding whether something is a separate grouping is whether the data elements, legal basis, balancing test, etc. would differ
Milton Mueller (NCSG)
01:47:16
I think CERTS have a similar overarching purpose but very different legal basis and balancing test than "sworn" LEAs pursuing a crime
Amr Elsadr (NCSG)
01:47:39
@Milton: +1 on the different legal basis.
Amr Elsadr (NCSG)
01:47:47
…, and balancing test.
Stephanie Perrin (NCSG)
01:49:48
yes + 1 Milton. The point of my lengthy monologue on criminal law vs administrative law is that even govt agencies do not come under the same bailiwick as criminal investigation, even if there are criminal penalties for the law they are following.
Stephanie Perrin (NCSG)
01:50:01
(enforcing)
Sarah Wyld (RrSG)
01:50:01
+1 Stephanie
Terri Agnew
01:50:22
@Haida, we are unable to hear you. I see mic is unmuted on zoom side. Please check mute on your side.
Terri Agnew
01:50:50
@Hadia, if possible, can you increase volume?
Theo Geurts (RrSG)
01:50:52
can't hear hadia?
Milton Mueller (NCSG)
01:53:55
right very narrow in relation to the purpose
Ashley Heineman (GAC)
01:54:29
Marc - I thought it needed to align with the use case, not necessarily the purpose.
Milton Mueller (NCSG)
01:54:33
Alan is right tht is a more important question
Sarah Wyld (RrSG)
01:54:35
+1 Alan W - these are important questions
Milton Mueller (NCSG)
01:55:45
Is there no other obvious way to get the data?
Milton Mueller (NCSG)
01:55:57
e.g. a subpoena
Brian King (IPC)
01:56:49
I thought this was outside jurisdiction so subpoena wouldn't work?
Brian King (IPC)
01:57:18
Also remember GDPR "necessary" isn't common meaning of "necessary"
Milton Mueller (NCSG)
01:57:25
that would demonstrate necessity then, Brian
Milton Mueller (NCSG)
01:57:47
got it, ok
Amr Elsadr (NCSG)
01:57:50
Answer should clarify why disclosing the data is necessary, not just why it is useful.
Brian King (IPC)
01:58:10
@Milton sure would. And agree with Alan W language could be beefed up
Amr Elsadr (NCSG)
01:59:07
@Alan W: +1
Stephanie Perrin (NCSG)
01:59:27
WHOIS was a workaround to avoid the obstacles which the Cybercrime treaty failed to solve.
Amr Elsadr (NCSG)
01:59:33
@Janis: +1
Alan Greenberg (ALAC)
02:00:05
"Ease" may correspond to practicallity and may imply it is the only way that is in fact implementable.
Stephanie Perrin (NCSG)
02:01:30
I do not understand this discussion of the word “ease”.
Hadia Elminiawi (ALAC)
02:02:00
The ICO says "‘Necessary’ means that the processing must be a targeted and proportionate way of achieving your purpose. You cannot rely on legitimate interests if there is another reasonable and less intrusive way to achieve the same result"
Marika Konings
02:02:00
Sorry, difficult to get it all on one screen and still have it readable.
Sarah Wyld (RrSG)
02:02:12
Right - publicly-available data should be obtained from the existing public sources, no?
Mark Svancarek (BC-MSFT)
02:02:29
+1 Milton let's keep the tmplate simpler
Alan Woods (RYSG)
02:03:13
thank you Hadia. I completely ageree
Alan Woods (RYSG)
02:03:16
*agree
Milton Mueller (NCSG)
02:03:44
ok, but "data to be disclosed" kindo f implies that it was not already public
Sarah Wyld (RrSG)
02:04:22
Good quesiton Marc - I was assuming the latter, but it should be confirmed.
Matt Serlin (RrSG)
02:04:37
The language is data that “may be disclosed…”
Amr Elsadr (NCSG)
02:04:58
@Matt: Yes…, my understanding as well.
Sarah Wyld (RrSG)
02:04:59
@Matt yes exactly
Kristina Rosette (RySG)
02:05:54
a
Sarah Wyld (RrSG)
02:05:56
+1 Alan W
Matt Serlin (RrSG)
02:06:21
though I do note our charge is to focus on non-public data so perhaps that should limit the scope
Mark Svancarek (BC-MSFT)
02:07:06
Although on a case-by-case basis, it's hard to capture that detail in this template. Perhaps adding "typically" or "usually" clarifies the expectation
Kristina Rosette (RySG)
02:08:00
All, just a reminder that our Phase 1 policy recommendation (3), which is the whole basis for this exercise, is limited - on its face - to non-public registration data.
Sarah Wyld (RrSG)
02:08:14
Good point Kristina
Milton Mueller (NCSG)
02:08:37
I agree Kristina, which is why I raised that question about e)
Margie Milam (BC)
02:09:36
I had the same question as Alan G
Milton Mueller (NCSG)
02:09:40
I think EU is too restrictive and this shoujld be a more general model
Sarah Wyld (RrSG)
02:09:47
Use Case:Investigation of criminal activity against a victim in the jurisdiction of the investigating EU LEA requesting data from a non-local data controller.
Kristina Rosette (RySG)
02:09:59
The Rec 3 limitation doesn’t mean we
Amr Elsadr (NCSG)
02:09:59
@Alan G.: This is about EU LEA and the controller both being in the EU, with a data subject outside the EU.
Amr Elsadr (NCSG)
02:10:21
Sorry…, my mistake. Controller not within the EU.
Margie Milam (BC)
02:10:53
Shouldn't we ask legal advice on this?
Kristina Rosette (RySG)
02:11:12
oops. doesn’t mean (IMO) that we can’t go broader, but we should have a narrow exception with a clearly articulated consensus rationale for doing so.
Amr Elsadr (NCSG)
02:13:28
@Chris: +1. I think you have it right.
Alan Woods (RYSG)
02:13:38
thank you Chris!!:)
Alan Woods (RYSG)
02:13:53
i mauled that one!! lol you brought me back from the edge
Amr Elsadr (NCSG)
02:14:37
@Hadia: Why would an EU LEA investigate a crime in another jurisdiction?
Marc Anderson (RySG)
02:14:48
I have my speakers all the way up and I just can't make out what Hadia is saying.
Alan Woods (RYSG)
02:14:52
hadia ........ not to ignore the plight of the victim - but why are we talking about victims? is the victim requesting the data. No it's the LEA
Brian King (IPC)
02:15:21
Crime could have occured in the EU when a victim is based elsewhere.
Hadia Elminiawi (ALAC)
02:16:35
ok makes sense
Alan Woods (RYSG)
02:17:39
@alan - only of they were in jurisdiction
Alan Woods (RYSG)
02:18:41
*if
Alan Woods (RYSG)
02:19:28
+1 Chris
Matt Serlin (RrSG)
02:20:12
I’ve got to drop early…thanks all…see you next week!
Amr Elsadr (NCSG)
02:20:17
Only comment is thanks for adding the balancing test in there. :-)
Margie Milam (BC)
02:21:50
The balancing test is not applicable to all legal bases
Margie Milam (BC)
02:22:13
ie - legal obligation or public interest
Chris Lewis-Evans (GAC)
02:22:13
Happy for that to be a May
Kristina Rosette (RySG)
02:23:22
should would be better than may here
Sarah Wyld (RrSG)
02:23:27
+1 Kristina
Sarah Wyld (RrSG)
02:23:35
and +1 Marc, this is a complex topic & seems to need more discussion
Alan Woods (RYSG)
02:23:55
Thanks for that Margie .... so very true. But in this case ... 6(1)f .... it does
Amr Elsadr (NCSG)
02:24:06
Agree that we need to talk more about balancing tests, across different use cases, not just this one.
Chris Lewis-Evans (GAC)
02:24:08
or Should
Margie Milam (BC)
02:24:30
we are asking for legal advice on the legal bases so we probably need to revisit that section after we receive it
Milton Mueller (NCSG)
02:25:12
should rather than may?
Alex Deacon (IPC)
02:25:23
+1 margie - legal advice on this is important.
Alan Greenberg (ALAC)
02:25:25
I think that the questioning of balancing test is one we need to have separately.
Alan Greenberg (ALAC)
02:26:14
TSpecifically, to what extent the balancing test can consider the credibility and trustworthyness of the requestor.
Milton Mueller (NCSG)
02:26:14
I notice that the "must" is qualified by "upon reasonable request"
Alan Woods (RYSG)
02:27:29
yes, but that suggests the reasonable request of the data subject - and at times i would think ligal obligation not to disclose would defeat that request regardless of reasonableness of the request ... but we're being pedantic now ! :)
Alan Woods (RYSG)
02:27:35
*legal
Hadia Elminiawi (ALAC)
02:30:41
i am unmuted
Terri Agnew
02:30:43
@Hadia, you are unmuted on zoom side, please check your side.
Hadia Elminiawi (ALAC)
02:30:55
staff may you please unmute me
Terri Agnew
02:31:14
@Hadia, you are unmuted on zoom side.
Alan Woods (RYSG)
02:31:23
surely that's one element of the balancing test. It's not about who is asking ... it's about the impact of the disclosure on the rights of the data subject!
Hadia Elminiawi (ALAC)
02:31:55
i am speaking
Sarah Wyld (RrSG)
02:31:59
+1 Alan W
Hadia Elminiawi (ALAC)
02:32:07
I am going to type
Leon Sanchez (ICANN Board Liaison)
02:32:16
I have another call so I have to leave now. Thanks everyone. Talk to you all soon.
Amr Elsadr (NCSG)
02:32:27
@Alan: +1. The legitimate interest of the requestor needs to be weighed against the fundamental rights and freedoms of the data subject.
Alex Deacon (IPC)
02:32:39
@AlanW - but clearly a request from an accredited/authenticated and properly authorized tilts the balance in the requestors favor.
Hadia Elminiawi (ALAC)
02:32:40
i think i can speak now
Milton Mueller (NCSG)
02:32:48
Alan, a balancing test has nothing to do with the credibility of the requestor. It is based on the nature of the claim made by the requestor and the level of intrusiveness of the request
Theo Geurts (RrSG)
02:33:03
+1 Milton
Amr Elsadr (NCSG)
02:33:54
Pre-authorization? Doesn’t that presume that a balancing test has been done before the data subject has even been identified, as well as the legitimate interest of the requestor in seeking the data disclosure?
Stephanie Perrin (NCSG)
02:33:55
With great respect to everyone, and recognizing that I am repeating something I have already said quite often….in order to determine whether manual review is required, we need to do a risk assessment. This would normally be done through a comprehensive DPA.
Alan Woods (RYSG)
02:34:00
yes .... a tilt. but again the fact that it is LEA and verified, may even in some cases, be considered too much of an impact and tilt it in the wrong direction.
Alex Deacon (IPC)
02:34:22
@amr - I didn’t use the term pre-authorization.
Sarah Wyld (RrSG)
02:34:31
Thanks, all
Hadia Elminiawi (ALAC)
02:34:33
Thank you all
Alex Deacon (IPC)
02:34:34
thanks.
Hadia Elminiawi (ALAC)
02:34:35
bye
Chris Lewis-Evans (GAC)
02:34:36
Thanks All
Amr Elsadr (NCSG)
02:34:47
Thanks all. Bye.