Dear All - I assume you have already read the EU response to ICANN in connection with the ePDP, if not, below is the link: https://mm.icann.org/pipermail/comments-epdp-recs-04mar19/attachments/201904... In particular relevant is the last part of the letter: Next steps The European Commission would like to suggest that the ICANN Board and other stakeholders take note of the above mentioned observations. It may be useful to consider seeking legal counsel in order to ensure these observations can be taken into account consistently, including for the further work to develop an appropriate and comprehensive gTLD Registration Data policy. The European Commission would also like to reconfirm its support for the on-going dialogue between ICANN and the EU data protection authorities to ensure that data processing activities in the context of WHOIS are in line with the EU data protection rules. We also acknowledge the efforts made so far by ICANN and the stakeholder’s community. At the same time, we stress that the current situation is affecting EU Member State authorities’ ability to obtain legitimate access to this data, necessary to enforce the law online, including in relation to the fight against cybercrime. Efforts at European Union level, and in the context of the GAC Public Safety Working Group (PSWG) have already provided for examples where the current arrangements provided for by contracted parties have affected law enforcement authorities’ ability to investigate crimes. In addition, the lack of a stable, transparent and predictable system may also affect the rights of individuals. Finding a timely and workable solution for access to non-public WHOIS data should thus be treated as a matter of priority, as also highlighted in the recent GAC Communique from Kobe. Although the EPDP concluded its main work on phase one with the production of its Report, the Commission considers that the development of an appropriate gTLD Registration Data policy should involve more work on a number of fronts, which, in our view include: a) The swift implementation of the recommendations included in the Report, and the new recommendations stemming from issues deferred from Phase One as they are developed and agreed. 5 b) Phase two of the EDPD should speedily proceed and focus on the necessary policies underpinning a comprehensive gTLD registration data system, also addressing access to non-public registration data in line with the GDPR. c) Work on the technical model for access to non-public registration data should inform and complement the work of the EPDP and be able to incorporate the agreed policies. On this front, we encourage to further focus on the potentiality offered by privacy-friendly techniques like pseudonymisation. For each of these work tracks, the Commission considers the definition of a clear path forward with defined milestones and timelines could be useful to better involve stakeholders and could contribute to a positive outcome.