Logo

Julie Bisland's Personal Meeting Room - Shared screen with speaker view
Brian King (IPC)
36:38
hello all
Brian King (IPC)
37:06
Happy World Anti-Counterfeiting Day 2019
Volker Greimann (RrSG)
39:24
I thought today was Gardening Exercise Day....
Mark Svancarek (MSFT)
39:45
General EPDP Day
Thomas Rickert
40:48
Hi all!
Sarah Wyld (RrSG)
41:34
Can we please have the most recent definitions doc up on screen?
Sarah Wyld (RrSG)
42:35
Thanks
Chris Lewis-Evans (GAC)
43:49
provision of a dataset appropriate for the purpose…
Alan Greenberg (ALAC)
44:17
If we remove GDPR from the 2nd bullet, need to do it in thrird as well.
Sarah Wyld (RrSG)
44:57
+1 Alan Woods
Thomas Rickert (ISPCP)
45:21
@Chris - let me suggest this: Provision of a dataset necessary to achieve the purpose.
Sarah Wyld (RrSG)
45:26
I'm OK with changing "GDPR" to "applicable law"
Matt Serlin (RrSG)
45:49
Agree with removing GDPR references
Chris Lewis-Evans (GAC)
46:13
@ Thomas good change happy with that
Sarah Wyld (RrSG)
46:29
+1 Thomas
Milton Mueller (NCSG)
46:34
ell if it’s not an agreed working definition what point is there in including it?
Ayden Férdeline (NCSG)
46:41
+1 Milton
Alan Woods (RySG)
47:25
sorry no
Thomas Rickert (ISPCP)
48:23
Janis, have you seen the exchange on the definition in the chat?
Mark Svancarek (BC) (MSFT)
50:38
I still agree with MarcA on the preference for a separate legal team
Volker Greimann (RrSG)
51:21
if you want a small, non-representative group, it should not be stacked towards one interest group
Ariel Liang
51:43
Staff have captured comments in the chat as well in our notes
Mark Svancarek (BC) (MSFT)
51:45
VG, wouldn't you be on it?
Volker Greimann (RrSG)
52:09
apparently me wanting on it was cause enough to abandon the concept... :(
Matt Serlin (RrSG)
53:40
I think a small representative group could still be useful…it seemed to work well in Phase 1
Brian King (IPC)
53:45
Volker I don't think we have interest groups with regard to SSAD. We all need to have an SSAD that's legal. It either is legal, or it isn't. No one has an interest in an illegal SSAD.
Milton Mueller (NCSG)
54:38
+1 Georgios
Kristina Rosette (RySG)
55:59
What am I missing here? Why can't we revert to the format and category compositoin used by the "legal committee" in phase 1? (New members where previous members are not participating in Phase 2.) I missed the last few weeks when I went on leave, but the Phase 1 legal committee seemed to function OK.
Matt Serlin (RrSG)
56:14
+1 Kristina
Margie Milam (BC)
56:35
+1 Kristina
Chris Lewis-Evans (GAC)
56:51
+1
Kristina Rosette (RySG)
57:00
We've got a lot of wheels to invent here so I don't get why we're reinventing existing ones.
Farzaneh Badii (NCSG)
58:18
looks like it Janis :)
Thomas Rickert (ISPCP)
01:00:37
weber
Farzaneh Badii (NCSG)
01:00:38
Strangely enough I have lost my interest in the composition of this group and feel no strong urge to support or not support
Milton Mueller (NCSG)
01:01:05
And group means SG - so CSG gets ONE lawyer to nominate
Farzaneh Badii (NCSG)
01:01:14
I agree
Volker Greimann (RrSG)
01:01:20
fine with that
Kristina Rosette (RySG)
01:01:45
thank you.
Matt Serlin (RrSG)
01:01:55
Makes a lot of sense…thank you
Brian King (IPC)
01:04:26
nobody said one lawyer per SG
Brian King (IPC)
01:04:34
why not two lawyers per SG?
Volker Greimann (RrSG)
01:05:21
I think the idea was a _small_ group
Farzaneh Badii (NCSG)
01:06:24
We have said this before. As long as there is equal representation between ncsg and csg we are fine
Farzaneh Badii (NCSG)
01:06:48
but would be good if the team can be kept small
Sarah Wyld (RrSG)
01:07:23
To summarize part of my concerns: If the presence of data in the Org field indicates that the domain is owned by a legal person, then natural persons must be able to keep the field blank. If we cannot delete the Org field contents, how would we make the field blank for this user?
Milton Mueller (NCSG)
01:07:26
Brian: Janis said each group would nominate ONE lawyer
Janis Karklins (Chair)
01:08:13
I said one representative per group
Sarah Wyld (RrSG)
01:08:26
If we're not permitted to delete the content of the Org field (which is what they rejected), how would we get a blank field there?
Alan Greenberg (ALAC)
01:10:49
The registrant chooses to set it blank, just as they always could.The objection as I understood it was the discretion given the registrar to delete or redact.
Milton Mueller (NCSG)
01:10:51
Margie the proposed second part of purpose 2 you propose was considered and soundly rejected during Phase 1
Farzaneh Badii (NCSG)
01:11:01
really? Accuracy again?
Mark Svancarek (BC) (MSFT)
01:11:29
different "accuracy"
Sarah Wyld (RrSG)
01:12:31
Very hesitant to revisit Phase 1 work here in redefining purpose 2
Alan Woods (RySG)
01:13:58
+1 Milton
Sarah Wyld (RrSG)
01:14:03
+1
Farzaneh Badii (NCSG)
01:14:37
+1
Margie Milam (BC)
01:14:57
The EC letter actually includes a rewrite of Purpose 2
Sarah Wyld (RrSG)
01:17:30
+1 Thomas
Marc Anderson (RySG)
01:17:58
+1 Thomas
Sarah Wyld (RrSG)
01:18:22
Redaction is not necessarily sufficient for data minimization principles, it is still a processing activity for which we may not have a legal basis
Mark Svancarek (BC) (MSFT)
01:18:59
wrong definition of data minimization
Farzaneh Badii (NCSG)
01:19:14
wrong definition?
Thomas Rickert (ISPCP)
01:19:14
No, Alan. If the new policy is not to have a org field as it is not required, then the data has to be deleted if the user incorrectly populates the field with data that is the only piece of data to identify the registrant.
Milton Mueller (NCSG)
01:19:34
+1 Thomas
Mark Svancarek (BC) (MSFT)
01:20:03
We kniow that the Org field has utility in some use cases, so there is no need to delete it based on the concept of data minimization
Alan Greenberg (ALAC)
01:20:04
The new policy ALLOWS registrars to continue to redact.
Thomas Rickert (ISPCP)
01:20:47
I should add that the org field is optional and therefore it must not contain data that is the only data with which the registrant can be identified. .
Thomas Rickert (ISPCP)
01:20:57
Sorry fo not having included that in my first comment.
Matt Serlin (RrSG)
01:20:58
+1 Thomas
stephanieperrin
01:24:27
my apologies for being late.
Marika Konings
01:26:16
See https://docs.google.com/document/d/1uoolznpxb0JxddFZA5n9ueRkB4tjDOQQCoMeQWpbiSc/edit#
Sarah Wyld (RrSG)
01:27:39
+1 Marika
Alan Woods (RySG)
01:30:11
(sorry Marika :/)
Farzaneh Badii (NCSG)
01:34:46
I think discussing user groups now is totally premature. We have not decided on whether we even need user groups
Alex Deacon (IPC)
01:35:37
Meta-Question for Marika - which charter question(s) will this doc answer when we are done?
Kristina Rosette (RySG)
01:35:48
+1 Farzi. Would be helpful to better understand staff's reasoning here.
Tatiana Tropina (NCSG alternate)
01:36:28
+ 100 — I do not understand why we assuming we need user groups
Marika Konings
01:36:55
@Alex - P1-Charter-a(a) Purposes for Accessing Data – What are the unanswered policy questions that will guide implementation?a1) Under applicable law, what are legitimate purposes for third parties to access registration data?a2) What legal bases exist to support this access?a3) What are the eligibility criteria for access to non-public Registration data?a4) Do those parties/groups consist of different types of third-party requestors?
Kristina Rosette (RySG)
01:36:56
+1 Sarah. Or the most efficient . . .
Brian King (IPC)
01:37:00
Correction: we clearly have not decided on a list of purposes.
Matt Serlin (RrSG)
01:37:00
+1 Sarah…seems like we are putting the proverbial cart before the horse
Volker Greimann (RrSG)
01:37:28
I support two defined groups:1) LEAs of appropriate jurisdiction2) Everyone else
Alex Deacon (IPC)
01:37:47
@marika - OK thanks.
Tatiana Tropina (NCSG alternate)
01:37:51
Volker, they better to be named “categories”, not user groups
Tatiana Tropina (NCSG alternate)
01:37:59
or something similar
Stephanie Perrin (NCSG)
01:38:24
+1 Sarah and +1 Volker
Matt Serlin (RrSG)
01:38:25
@Brian, weren’t the purposes agreed to in Phase 1?
Alan Greenberg (ALAC)
01:38:35
I'm happy to class them as categories instead of "groups"
Alan Woods (RySG)
01:38:44
+1 Matt. I'm trying to wrap my head aroud that comment.
Brian King (IPC)
01:38:46
@Matt, we tried, but EC and board rejected that approach
Farzaneh Badii (NCSG)
01:38:49
We have to have the order of questions we are asking right
Sarah Wyld (RrSG)
01:39:02
I dont think we can say rejecting one of the purposes is the same as not having any agreed-upon purposes
Alan Woods (RySG)
01:39:10
purpose 2 only ... the placeholder purpose
Marika Konings
01:39:24
Staff’s understanding was that the purposes in phase 1 were specific to ICANN purposes - this is about third party purposes, or maybe these would be better labelled third party legitimate interests?
Matt Serlin (RrSG)
01:39:29
+1 Sarah and Alan
Volker Greimann (RrSG)
01:39:37
+1 Milton
Alan Greenberg (ALAC)
01:40:19
Nothing says that "end users" will end up getting anything non-public. But we do need to have that discussion.
Margie Milam (BC)
01:40:27
+1 Marika
Brian King (IPC)
01:40:35
+1 Marika, that's what we thought
Tatiana Tropina (NCSG alternate)
01:41:04
Alan, what is the purpose of discussion about end users? If everyone is end user? Shall everyone get disclosure?
Tatiana Tropina (NCSG alternate)
01:41:18
I am really puzzled
Milton Mueller (NCSG)
01:41:41
another issue is that Registrants - who are not “third parties” - are being lumped together with third party requestors. really strange
Thomas Rickert (ISPCP)
01:42:29
TBQH - I am not too concerned about the starting point of our discussion. We need to establish who asks for what for what purpose on what legal basis. Everything else is a matter of formatting a table…
Chris Disspain
01:42:38
Hello All….Apologies for joining so late…Just finished a board audit committee call
Farzaneh Badii (NCSG)
01:43:23
You missed out on sooo much Chris
Thomas Rickert (ISPCP)
01:43:38
In deed. We had so much fun :-)
Alan Greenberg (ALAC)
01:43:51
We are going to have to discuss how we treat requests from different kind of requestors. This is a fine way to start the discussion.
Ashley Heineman (GAC)
01:45:28
Exactly, user group doesn't mean they get anything just because they are a group.
Milton Mueller (NCSG)
01:45:42
I am afraid that is exactly what it means Ashley
Farzaneh Badii (NCSG)
01:45:47
No Mark. User group is a form of implementation. We simply can’t talk about it now before having decided on how we are gonna disclose data based on what legitimate interest
Ashley Heineman (GAC)
01:45:55
Well, we agree to disagree then Milton.
Milton Mueller (NCSG)
01:46:16
as Mark SV just noted, he is taking a “design approach” and designing the databased based on “use cases” or “user groups
Stephanie Perrin (NCSG)
01:46:45
precisely Milton. This is what I have my hand up to comment on.
Sarah Wyld (RrSG)
01:47:24
+1 Alan
Marika Konings
01:47:29
No need for apologies, Alan W. :-)
Alan Greenberg (ALAC)
01:47:32
Requests for from some "groups" for some peuiposes will be handles in a uniform way (such a request to handle a UDRP). Others will be far more granual and will depend on the detailed specifics.
Milton Mueller (NCSG)
01:48:20
right Alan. So bizarre to have registrants in there
Sarah Wyld (RrSG)
01:48:29
+100 Alan W
Ashley Heineman (GAC)
01:48:55
Agree with Alan... which is why it is good to have this type of document to say "hey, that doesn't make sense, we need to adjust and/or think this through."
Alan Greenberg (ALAC)
01:49:42
A registrant has the right to acces their data, not only from their registrar. That means we must consider how to validate thier request. It may not be third party access, but we do nott to allow for it somewhere in our overall processes.
Mark Svancarek (BC) (MSFT)
01:51:37
I have a new hand
Sarah Wyld (RrSG)
01:51:39
The data subject's right to access is a right they have with their controller. Perhaps we need to define who the controller is here.
Sarah Wyld (RrSG)
01:52:13
Registrant's guarantee to access is under the GDPR, it doesnt need to be in a policy
Stephanie Perrin (NCSG)
01:52:23
Indeed we do. The controller is key, (at risk of being repetitive)
Alan Woods (RySG)
01:52:33
new hand from me now too.
Margie Milam (BC)
01:52:43
@Sarah - this is a global policy so that's why its needed
Stephanie Perrin (NCSG)
01:55:14
The registrant has rights to access that go far beyond WHOIS data. It is misleading in my opinion to discuss registrant access in the same engineering design as disclosure of certain elements in a global policy. I would liken it to the zillions of privacy policies out there that discuss websites and cookies, but not customer profiles, financial records, etc.
Sarah Wyld (RrSG)
01:55:35
+1 Stephanie
Farzaneh Badii (NCSG)
01:55:51
+1 Steph
Stephanie Perrin (NCSG)
01:56:32
As a privacy consultant, I must say that task number one with clients is to get them to understand that if they are crafting a privacy policy, it is a set of management practices for handling personal data, not a website statement.
Stephanie Perrin (NCSG)
01:58:09
indeed as Chris points out, there are plenty of government bodies that are not enforcing criminal law who need access to data….from the dog catcher and humane societies to the environmental protection agencies.
Sarah Wyld (RrSG)
01:59:10
+1 Alan W
Stephanie Perrin (NCSG)
01:59:12
So requestors cannot be neatly categorized.
Farzaneh Badii (NCSG)
01:59:28
The controller question keeps popping up. Shouldn’t we address it and agree and move on? It pops up about registrants, it pops up about ICANN etc
Ashley Heineman (GAC)
02:00:19
+1 Alan G.
Ashley Heineman (GAC)
02:02:13
I'm for starting the discussion. Full stop.
Chris Lewis-Evans (GAC)
02:02:32
@Milton and then create extra groups based on shared purposes with same legal basis
Alan Greenberg (ALAC)
02:02:33
@Milton, that is fine. Then let's shelve this doc until step 2 or 3!
Brian King (IPC)
02:02:54
User groups are helpful because they should share a common purpose
Milton Mueller (NCSG)
02:02:56
ok
Farzaneh Badii (NCSG)
02:02:56
let’s discuss what the starting point should be (and it’s not the user group)
Milton Mueller (NCSG)
02:03:27
“End users” will have a common purpose? Seriously?
Brian King (IPC)
02:03:52
That one needs work ;-)
Milton Mueller (NCSG)
02:04:06
Brian if it is the common purpose that forms groups then let’s define the purposes first
Brian King (IPC)
02:04:59
IPC's on board
Volker Greimann (RrSG)
02:09:37
Why don't we go and ask the PSWG what their purpose for reuesting the data and lawful basis for the same are?
Alan Greenberg (ALAC)
02:09:40
Very difficult to understand Alan
Brian King (IPC)
02:09:50
That "European LEA can't use 6.1(f)" point was in the first EC letter sent just before the board meeting, if anybody's looking for the source
Volker Greimann (RrSG)
02:10:21
I think it would make it much easier if we ask those who deal with this question day after day than thinking as layment about what their purposes and bases might be...?
Volker Greimann (RrSG)
02:10:40
laypeople
Margie Milam (BC)
02:11:21
+1 Matt
Volker Greimann (RrSG)
02:11:34
+1 Matt (as per my original email comment)
Sarah Wyld (RrSG)
02:11:40
+1 Matt
Milton Mueller (NCSG)
02:12:52
+1 Brian
Ashley Heineman (GAC)
02:13:30
I need to drop off. Great conversation folks. :-)
Chris Lewis-Evans (GAC)
02:14:18
@Volker GAC are aware of the PSWG views :)
Marika Konings
02:15:19
https://www.icann.org/en/system/files/files/gdpr-dataflow-matrix-responses-redacted-13oct17-en.xlsx
Volker Greimann (RrSG)
02:17:10
@Chris: Likely, althouigh this may become very granular if you need to differentiate between jurisdictions. And we also need to be clear that it is not a "what would be nice" exercise but rather a "What are the specific processes, requirements and purposes for making such a request under applicable law".
Volker Greimann (RrSG)
02:17:41
In other words, no nice to have shortcuts but references of the actual, legally prescribed processes they have to follow in every other industry as well
Milton Mueller (NCSG)
02:18:25
WE HAVE PURPOSES IN OUR RECOMMENDATIONS
Marika Konings
02:19:31
@Milton - those purposes are ICANN purposes. Aren’t we talking here about third party purposes / legitimate interests in requesting disclosure / access?
Brian King (IPC)
02:20:11
@Marika, that's what I thought the distinction was
Brian King (IPC)
02:20:21
Yes
Alex Deacon (IPC)
02:20:28
Sounds like a plan
Marc Anderson (RySG)
02:20:32
sounds good Yanis
Alan Greenberg (ALAC)
02:21:11
soMEONE'S MIKE IS OPEN.
Volker Greimann (RrSG)
02:21:11
someone needs to mute their phone
Milton Mueller (NCSG)
02:21:20
someone needs to mute their mic
Caitlin Tubergen
02:21:53
The google docs for PPSAI and Legal vs. Natural have been updated.
Volker Greimann (RrSG)
02:22:39
do you have links for us?
Marika Konings
02:23:55
@Volker - https://community.icann.org/x/5oaGBg
Volker Greimann (RrSG)
02:25:16
thank you
Sarah Wyld (RrSG)
02:25:51
Thanks, all
Stephanie Perrin (NCSG)
02:25:51
We will also subtract from that list as appropriate
Mark Svancarek (BC) (MSFT)
02:25:52
thanks bye
Matt Serlin (RrSG)
02:25:52
Thanks all
Milton Mueller (NCSG)
02:25:53
thanks Janis
Tatiana Tropina (NCSG alternate)
02:25:56
thank all, bye
Chris Lewis-Evans (GAC)
02:25:56
Thanks all bye
Brian King (IPC)
02:25:57
thanks all
Volker Greimann (RrSG)
02:25:59
thanks all