Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com> Cc: Ayden Férdeline <icann@ferdeline.com>; GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com> [Winston & Strawn LLP] From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council

Thanks Ayden. Your email doesn’t raise any new arguments or issues that you didn’t cover on the call, so I won’t respond to it substantively or reiterate my position on this which was also heard on the call. I’m deeply concerned that the Council is going down a dangerous path here (imagine the outrage if the IPC had insisted on trademark training in advance of participation in the RPM PDP). I will let my constituency know that there is discussion on the Council to exclude those who don’t meet certain qualifications proposed by certain members of Council and will take instructions from my constituency on this topic on our next call. Best, Paul From: Ayden Férdeline [mailto:icann@ferdeline.com] Sent: Tuesday, June 12, 2018 10:53 AM To: McGrady, Paul D. <PMcGrady@winston.com> Cc: Carlos Raul Gutierrez <crg@isoc-cr.org>; GNSO Council List <council@gnso.icann.org> Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Hi Paul, It is not accurate to characterise this requirement as an a barrier "designed to exclude." Nothing could be further from the truth. I do not believe it to be unreasonable to expect a member of a working group that will be tasked with developing a series of recommendations that must, ultimately, be compliant with the GDPR to be comprised of persons with a functional knowledge of the GDPR. I am not suggesting participation be gated at only those who have written a privacy law, or have a decade of experience as a privacy practitioner. 3 or 4 hours of education is simple professional development that anyone can complete in an afternoon. And there is no financial barrier proposed, as I have suggested that ICANN should pay for this certificate for those members of the EPDP who do not already hold one. Requiring this certificate will not "result in exclusions from the team and undermine its outcomes from Day 1". What will undermine its outcomes from Day 1 is having an EPDP team where even one participant does not know the basic principles of data protection law. That would hold everyone back, and we have only 78 days to get an initial report ready. We need to begin with a common understanding as to what is fact, what is fiction, and what is opinion when it comes to the GDPR. As I said on today's call, you wouldn't argue the first amendment without having read it first... I'm not trying to force anyone to read the GDPR (I know it is lengthy), but I would like to make sure that a few of its fundamental principles are extracted and put in front of everyone who is going to be a part of this EPDP. That's my intention. Nothing else to it - just wanting the EPDP to be able to move along swiftly. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 12 June 2018 4:51 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com> [Winston & Strawn LLP] From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council

Thanks Ayden. I guess I don’t see the distinction you are trying to raise. Surely there isn’t a presupposition that just because it is a PDP not an ePDP there is an endless amount of time to waste? I know some on the RPM PDP seem to be operating under that belief, but it is not one that we should subscribe to at Council. Should the Council decide to adopt on an inclusive path, instead of criterion to exclude, I remain very willing to work with you – or anyone else – on Council to develop 101 sessions on GDPR law and the Basics of Trademarks for the first session or two of the ePDP WG. Best, Paul From: Ayden Férdeline [mailto:icann@ferdeline.com] Sent: Tuesday, June 12, 2018 11:14 AM To: McGrady, Paul D. <PMcGrady@winston.com> Cc: Carlos Raul Gutierrez <crg@isoc-cr.org>; GNSO Council List <council@gnso.icann.org> Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It is important to remember that there is one critical difference between a PDP and an EPDP, and that is the time constraint. We have 78 days to develop an initial report - it thus seems sensible, to me, to make sure members of this EPDP join with a baseline level of knowledge of a law that is reasonably going to impact its work. The Council archives are public and you are welcome to link the IPC to my remarks. Regards, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 12 June 2018 6:07 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Your email doesn’t raise any new arguments or issues that you didn’t cover on the call, so I won’t respond to it substantively or reiterate my position on this which was also heard on the call. I’m deeply concerned that the Council is going down a dangerous path here (imagine the outrage if the IPC had insisted on trademark training in advance of participation in the RPM PDP). I will let my constituency know that there is discussion on the Council to exclude those who don’t meet certain qualifications proposed by certain members of Council and will take instructions from my constituency on this topic on our next call. Best, Paul From: Ayden Férdeline [mailto:icann@ferdeline.com] Sent: Tuesday, June 12, 2018 10:53 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Carlos Raul Gutierrez <crg@isoc-cr.org<mailto:crg@isoc-cr.org>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Hi Paul, It is not accurate to characterise this requirement as an a barrier "designed to exclude." Nothing could be further from the truth. I do not believe it to be unreasonable to expect a member of a working group that will be tasked with developing a series of recommendations that must, ultimately, be compliant with the GDPR to be comprised of persons with a functional knowledge of the GDPR. I am not suggesting participation be gated at only those who have written a privacy law, or have a decade of experience as a privacy practitioner. 3 or 4 hours of education is simple professional development that anyone can complete in an afternoon. And there is no financial barrier proposed, as I have suggested that ICANN should pay for this certificate for those members of the EPDP who do not already hold one. Requiring this certificate will not "result in exclusions from the team and undermine its outcomes from Day 1". What will undermine its outcomes from Day 1 is having an EPDP team where even one participant does not know the basic principles of data protection law. That would hold everyone back, and we have only 78 days to get an initial report ready. We need to begin with a common understanding as to what is fact, what is fiction, and what is opinion when it comes to the GDPR. As I said on today's call, you wouldn't argue the first amendment without having read it first... I'm not trying to force anyone to read the GDPR (I know it is lengthy), but I would like to make sure that a few of its fundamental principles are extracted and put in front of everyone who is going to be a part of this EPDP. That's my intention. Nothing else to it - just wanting the EPDP to be able to move along swiftly. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 12 June 2018 4:51 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com> [Winston & Strawn LLP] From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council

Thanks Ayden. I don’t think there is any disagreement that we need a 101 understand of the relevant laws involved in the ePDP. The question is one of how we get there. Since we have both stated our views on that, I think we have taken this string as far as we can go. As I mentioned previously, I will take instructions from my constituency on the two plans – exclusion or inclusion – and will be prepared to speak on this further in our next call. Should you wish to reply, please don’t take my silence as assent or disinterest, I just think we have beaten this particular horse to death. Best, Paul From: Ayden Férdeline [mailto:icann@ferdeline.com] Sent: Tuesday, June 12, 2018 11:45 AM To: McGrady, Paul D. <PMcGrady@winston.com> Cc: Carlos Raul Gutierrez <crg@isoc-cr.org>; GNSO Council List <council@gnso.icann.org> Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Hi Paul, It's striking a balance. I think that PDPs are more inclusive, because they do allow for bottom-up participation from anyone, no matter their background or experience. That is wonderful and something I very much support. But as we have seen with the RDS PDP WG, it crashed because there were wide variations in knowledge. We need a common understanding of the very basic facts for this EPDP. The greater danger that I see is having an EPDP formed with a time crunch and having even one member with no knowledge of the law with which we have to comply. We've got 78 days to develop an initial report. We need to get it started with the right footing. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 12 June 2018 6:21 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. I guess I don’t see the distinction you are trying to raise. Surely there isn’t a presupposition that just because it is a PDP not an ePDP there is an endless amount of time to waste? I know some on the RPM PDP seem to be operating under that belief, but it is not one that we should subscribe to at Council. Should the Council decide to adopt on an inclusive path, instead of criterion to exclude, I remain very willing to work with you – or anyone else – on Council to develop 101 sessions on GDPR law and the Basics of Trademarks for the first session or two of the ePDP WG. Best, Paul From: Ayden Férdeline [mailto:icann@ferdeline.com] Sent: Tuesday, June 12, 2018 11:14 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Carlos Raul Gutierrez <crg@isoc-cr.org<mailto:crg@isoc-cr.org>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It is important to remember that there is one critical difference between a PDP and an EPDP, and that is the time constraint. We have 78 days to develop an initial report - it thus seems sensible, to me, to make sure members of this EPDP join with a baseline level of knowledge of a law that is reasonably going to impact its work. The Council archives are public and you are welcome to link the IPC to my remarks. Regards, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 12 June 2018 6:07 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Your email doesn’t raise any new arguments or issues that you didn’t cover on the call, so I won’t respond to it substantively or reiterate my position on this which was also heard on the call. I’m deeply concerned that the Council is going down a dangerous path here (imagine the outrage if the IPC had insisted on trademark training in advance of participation in the RPM PDP). I will let my constituency know that there is discussion on the Council to exclude those who don’t meet certain qualifications proposed by certain members of Council and will take instructions from my constituency on this topic on our next call. Best, Paul From: Ayden Férdeline [mailto:icann@ferdeline.com] Sent: Tuesday, June 12, 2018 10:53 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Carlos Raul Gutierrez <crg@isoc-cr.org<mailto:crg@isoc-cr.org>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: RE: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Hi Paul, It is not accurate to characterise this requirement as an a barrier "designed to exclude." Nothing could be further from the truth. I do not believe it to be unreasonable to expect a member of a working group that will be tasked with developing a series of recommendations that must, ultimately, be compliant with the GDPR to be comprised of persons with a functional knowledge of the GDPR. I am not suggesting participation be gated at only those who have written a privacy law, or have a decade of experience as a privacy practitioner. 3 or 4 hours of education is simple professional development that anyone can complete in an afternoon. And there is no financial barrier proposed, as I have suggested that ICANN should pay for this certificate for those members of the EPDP who do not already hold one. Requiring this certificate will not "result in exclusions from the team and undermine its outcomes from Day 1". What will undermine its outcomes from Day 1 is having an EPDP team where even one participant does not know the basic principles of data protection law. That would hold everyone back, and we have only 78 days to get an initial report ready. We need to begin with a common understanding as to what is fact, what is fiction, and what is opinion when it comes to the GDPR. As I said on today's call, you wouldn't argue the first amendment without having read it first... I'm not trying to force anyone to read the GDPR (I know it is lengthy), but I would like to make sure that a few of its fundamental principles are extracted and put in front of everyone who is going to be a part of this EPDP. That's my intention. Nothing else to it - just wanting the EPDP to be able to move along swiftly. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On 12 June 2018 4:51 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com> [Winston & Strawn LLP] From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council

Ayden - I really don't want to disappoint you but GDPR is such a complex law that a short training session, even with the best experts in the world, is not going to solve ICANN''s WHOIS challenges. In addition, why would we want to turn GDPR into a global requirement even? Anyhow, I understand your wish and, maybe someone should simply check with IAPP how much such a WHOIS/ICANN tailored session would cost. Erika Sent from my iPhone

On Jun 12, 2018, at 11:52 AM, Ayden Férdeline <icann@ferdeline.com> wrote:

Hi Paul,

It is not accurate to characterise this requirement as an a barrier "designed to exclude." Nothing could be further from the truth.

I do not believe it to be unreasonable to expect a member of a working group that will be tasked with developing a series of recommendations that must, ultimately, be compliant with the GDPR to be comprised of persons with a functional knowledge of the GDPR. I am not suggesting participation be gated at only those who have written a privacy law, or have a decade of experience as a privacy practitioner. 3 or 4 hours of education is simple professional development that anyone can complete in an afternoon. And there is no financial barrier proposed, as I have suggested that ICANN should pay for this certificate for those members of the EPDP who do not already hold one.

Requiring this certificate will not "result in exclusions from the team and undermine its outcomes from Day 1". What will undermine its outcomes from Day 1 is having an EPDP team where even one participant does not know the basic principles of data protection law. That would hold everyone back, and we have only 78 days to get an initial report ready.

We need to begin with a common understanding as to what is fact, what is fiction, and what is opinion when it comes to the GDPR. As I said on today's call, you wouldn't argue the first amendment without having read it first... I'm not trying to force anyone to read the GDPR (I know it is lengthy), but I would like to make sure that a few of its fundamental principles are extracted and put in front of everyone who is going to be a part of this EPDP.

That's my intention. Nothing else to it - just wanting the EPDP to be able to move along swiftly.

Best wishes, Ayden Férdeline

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

...

On 12 June 2018 4:51 PM, McGrady, Paul D. <PMcGrady@winston.com> wrote:

Thanks Carlos.

Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1.

Best,

Paul

From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com> Cc: Ayden Férdeline <icann@ferdeline.com>; GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

It was a very interesting Council call today, of which I could only follow the initial 2/3 or so.

After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you.

Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different:

My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money!

The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-).

So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH.

For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars.

With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision.

Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA

On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com> wrote:

Thanks Ayden.

Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side.

Best,

Paul

Paul D. McGrady

Partner

Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703

D: +1 312-558-5963

F: +1 312-558-5700

Bio | VCard | Email | winston.com

<image001.jpg>

From: council [mailto:council-bounces@gnso.icann.org] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

Dear all,

I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!).

I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection.

I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms.

There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years.

For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it.

I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you.

Best wishes,

Ayden Férdeline

The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations.

_______________________________________________ council mailing list council@gnso.icann.org https://mm.icann.org/mailman/listinfo/council

_______________________________________________ council mailing list council@gnso.icann.org https://mm.icann.org/mailman/listinfo/council

I'll repeat a point I made in chat today: requiring and providing training is not excluding, but requiring certification is. Actually, for who is paying for the training, the actual knowledge is more important than the certification, which only benefits the certified person. So while I would find reasonable that someone that happens to have a certification to excuse himself/herself from the training, I don't see us establishing a certification as requisite. And if that changes the price, every certification (opposed to training) should come on that person's dime, not GNSO's. And while I like IAPP because it seems to have a more neutral tone instead of the Europe x World Manichaeism, I believe we could look at other options. As for themes, I think that the other than GDPR could come from our internal development efforts. For instance, picket fence, trademarks, abuse investigation, registrar operations, RDAP... let me throw people under the bus without consulting them just to indicate how we could provide primer sessions on these angles making for a "Renaissance" WG: Picket Fence - Becky Burr Trademarks - Heather Forrest Abuse investigation - Dave Piscitello Registrar operations - Michele Neylon RDAP - Scott Hollenbeck Rubens

On 12 Jun 2018, at 11:51, McGrady, Paul D. <PMcGrady@winston.com> wrote:

Thanks Carlos.

Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1.

Best, Paul

From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com> Cc: Ayden Férdeline <icann@ferdeline.com>; GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

It was a very interesting Council call today, of which I could only follow the initial 2/3 or so.

After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you.

Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different:

My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money!

The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-).

So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH.

For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars.

With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision.

Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA

On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com <mailto:PMcGrady@winston.com>> wrote: Thanks Ayden.

Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side.

Best, Paul

Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio <http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard <http://www.winston.com/vcards/996.vcf> | Email <mailto:pmcgrady@winston.com> | winston.com <http://www.winston.com/> <image001.jpg>

From: council [mailto:council-bounces@gnso.icann.org <mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org <mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

Dear all,

I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!).

I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection.

I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms.

There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years.

For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it.

I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you.

Best wishes, Ayden Férdeline

The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations.

_______________________________________________ council mailing list council@gnso.icann.org <mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council <https://mm.icann.org/mailman/listinfo/council>

_______________________________________________ council mailing list council@gnso.icann.org https://mm.icann.org/mailman/listinfo/council

I agree with all of that Michele. I’d also advance that as we will be asking for the WG to be populated with reps of the SGs/SOs etc., in the call for members we should specify that we are counting on those groups to put forward reps with the requisite – practical, hands-on – experience. Marie From: council <council-bounces@gnso.icann.org> On Behalf Of Michele Neylon - Blacknight Sent: Wednesday, June 13, 2018 12:25 PM To: Rubens Kuhl <rubensk@nic.br>; GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Rubens I agree. The key point that I think many of us agree on is that knowledge / training, call it what you will, is highly beneficial in general. One of the issues we ran into repeatedly in the RDS PDP was that people either were not familiar with the subject matter beyond their own, specific narrow interest and / or they had little to no familiarity with how ICANN’s processes in terms of policy development work. In the case of this ePDP any member of the group that is eventually formed will need to have a basic grounding in several key areas including privacy and GDPR. While certification is “nice” I also agree that it should not be a requirement and I would have issues with ICANN paying thousands of Euro to give people this kind of training. If someone wants to get certified in privacy / GDPR or anything else I’m sure that will help them further their careers, but last time I checked neither ICANN as a whole nor the GNSO specifically is a training camp for people. As for providing primers – I think it’s a good idea and if I can help I’d be happy to. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> on behalf of Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>> Date: Wednesday 13 June 2018 at 02:11 To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process I'll repeat a point I made in chat today: requiring and providing training is not excluding, but requiring certification is. Actually, for who is paying for the training, the actual knowledge is more important than the certification, which only benefits the certified person. So while I would find reasonable that someone that happens to have a certification to excuse himself/herself from the training, I don't see us establishing a certification as requisite. And if that changes the price, every certification (opposed to training) should come on that person's dime, not GNSO's. And while I like IAPP because it seems to have a more neutral tone instead of the Europe x World Manichaeism, I believe we could look at other options. As for themes, I think that the other than GDPR could come from our internal development efforts. For instance, picket fence, trademarks, abuse investigation, registrar operations, RDAP... let me throw people under the bus without consulting them just to indicate how we could provide primer sessions on these angles making for a "Renaissance" WG: Picket Fence - Becky Burr Trademarks - Heather Forrest Abuse investigation - Dave Piscitello Registrar operations - Michele Neylon RDAP - Scott Hollenbeck Rubens On 12 Jun 2018, at 11:51, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com/> <image001.jpg> From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council

I agree with Tony and Marie. Each appointing group should be careful to appoint qualified individuals. This is easier for some groups than for others. For example, the IPC is largely populated with licensed attorneys who studied statutory construction, research, and interpretation in law school and practice these skills every day, so we have a large pool from which to draw. So glad to see we are moving away from gatekeeping exercises and towards a more inclusive process. Best, Paul From: council [mailto:council-bounces@gnso.icann.org] On Behalf Of Anthony Harris Sent: Wednesday, June 13, 2018 12:51 PM To: Marie Pattullo <marie.pattullo@aim.be> Cc: GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process I support Marie's suggestion. Tony Harris On Wed, Jun 13, 2018 at 8:04 AM, Marie Pattullo <marie.pattullo@aim.be<mailto:marie.pattullo@aim.be>> wrote: I agree with all of that Michele. I’d also advance that as we will be asking for the WG to be populated with reps of the SGs/SOs etc., in the call for members we should specify that we are counting on those groups to put forward reps with the requisite – practical, hands-on – experience. Marie From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> On Behalf Of Michele Neylon - Blacknight Sent: Wednesday, June 13, 2018 12:25 PM To: Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Rubens I agree. The key point that I think many of us agree on is that knowledge / training, call it what you will, is highly beneficial in general. One of the issues we ran into repeatedly in the RDS PDP was that people either were not familiar with the subject matter beyond their own, specific narrow interest and / or they had little to no familiarity with how ICANN’s processes in terms of policy development work. In the case of this ePDP any member of the group that is eventually formed will need to have a basic grounding in several key areas including privacy and GDPR. While certification is “nice” I also agree that it should not be a requirement and I would have issues with ICANN paying thousands of Euro to give people this kind of training. If someone wants to get certified in privacy / GDPR or anything else I’m sure that will help them further their careers, but last time I checked neither ICANN as a whole nor the GNSO specifically is a training camp for people. As for providing primers – I think it’s a good idea and if I can help I’d be happy to. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> on behalf of Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>> Date: Wednesday 13 June 2018 at 02:11 To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process I'll repeat a point I made in chat today: requiring and providing training is not excluding, but requiring certification is. Actually, for who is paying for the training, the actual knowledge is more important than the certification, which only benefits the certified person. So while I would find reasonable that someone that happens to have a certification to excuse himself/herself from the training, I don't see us establishing a certification as requisite. And if that changes the price, every certification (opposed to training) should come on that person's dime, not GNSO's. And while I like IAPP because it seems to have a more neutral tone instead of the Europe x World Manichaeism, I believe we could look at other options. As for themes, I think that the other than GDPR could come from our internal development efforts. For instance, picket fence, trademarks, abuse investigation, registrar operations, RDAP... let me throw people under the bus without consulting them just to indicate how we could provide primer sessions on these angles making for a "Renaissance" WG: Picket Fence - Becky Burr Trademarks - Heather Forrest Abuse investigation - Dave Piscitello Registrar operations - Michele Neylon RDAP - Scott Hollenbeck Rubens On 12 Jun 2018, at 11:51, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com/> <image001.jpg> From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council

Donna I agree with you. In terms of other skills: - knowledge and experience with Whois - ibid with transfer policies Regards Michele Mr Michele Neylon https://www.blacknight.com/ https://michele.blog Intl. +353 (0)59 9183072 Sent from mobile so usual disclaimers about typos etc apply On 13 Jun 2018, at 22:53, Austin, Donna <Donna.Austin@team.neustar<mailto:Donna.Austin@team.neustar>> wrote: I think Marie has identified an important point. Each SG/SO will have their own process for selecting and appointing their representatives/members to the WG and in this regard I don’t think the Council can or should prescribe any part of that process. The Council can certainly provide guidance, as Marie has suggested, but I don’t believe the Council will any authority to reject any person from the WG that has been appointed by an SG/SO, because they don’t have not undertaken training in GDPR. That being the case, it does seem that there is a lot of support for the idea that training of some form about GDPR would be a helpful. Perhaps, rather than having the training as a pre-requisite, the WG members will be required to undertake a training course as a group early in their tenure. Given the temporary specification is intended to find a way for contracted parties to be compliant with the GDPR regulation in a manner that maintains the integrity of the WHOIS to the greatest extent possible, it would make sense that any training course be developed in that context. As Erika noted, GDPR is a complex law, but it does appear that there are some elements that are more relevant to our discussion than others, and some elements that have no relevance at all. To that end, it would make more sense to have a training session that is tailored to the scope of what we expect will be dealt with in the ePDP discussions. I would argue that we don’t need people who are experts in the GDPR regulation on the WG, but we do need people who are knowledgeable about its applicability in the ICANN context. By way of example, I believe the RySG and RrSG now have a lot more people that understand GDPR and its impact on contracted parties than we did 12 months ago and not because they took a course on GDPR, but because they have had to develop “practical, hands-on experience” to use Marie’s words, of GDPR in the ICANN context. While we are spending a lot of time discussing the need or not for this GDPR specific training, perhaps we could also give some thought to other knowledge and skillsets that we think would be beneficial for the ePDP WG so that we can provide this feedback to the SG/SO for their respective selection processes. Donna From: council [mailto:council-bounces@gnso.icann.org] On Behalf Of Marie Pattullo Sent: Wednesday, June 13, 2018 4:05 AM To: Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>>; Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process I agree with all of that Michele. I’d also advance that as we will be asking for the WG to be populated with reps of the SGs/SOs etc., in the call for members we should specify that we are counting on those groups to put forward reps with the requisite – practical, hands-on – experience. Marie From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> On Behalf Of Michele Neylon - Blacknight Sent: Wednesday, June 13, 2018 12:25 PM To: Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Rubens I agree. The key point that I think many of us agree on is that knowledge / training, call it what you will, is highly beneficial in general. One of the issues we ran into repeatedly in the RDS PDP was that people either were not familiar with the subject matter beyond their own, specific narrow interest and / or they had little to no familiarity with how ICANN’s processes in terms of policy development work. In the case of this ePDP any member of the group that is eventually formed will need to have a basic grounding in several key areas including privacy and GDPR. While certification is “nice” I also agree that it should not be a requirement and I would have issues with ICANN paying thousands of Euro to give people this kind of training. If someone wants to get certified in privacy / GDPR or anything else I’m sure that will help them further their careers, but last time I checked neither ICANN as a whole nor the GNSO specifically is a training camp for people. As for providing primers – I think it’s a good idea and if I can help I’d be happy to. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.blacknight.com_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=spWy5xcRi5v42wjU7bZidgHhuCcP1rSaHgs1uy0rIg4&e=> http://blacknight.blog/<https://urldefense.proofpoint.com/v2/url?u=http-3A__blacknight.blog_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=lrYqj6-ysrnMlIQJA6lPjIC00--re9jhG7emEhhMwAE&e=> Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/<https://urldefense.proofpoint.com/v2/url?u=https-3A__michele.blog_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=hc64uC0aqLwIf1UnUEofFd3RO-pQy0pL7zQAG1J_pGs&e=> Some thoughts: https://ceo.hosting/<https://urldefense.proofpoint.com/v2/url?u=https-3A__ceo.hosting_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=ltFICHsbR-wXqL_8K4U9Qa8u08Lxs5dnT76-Nk1cV30&e=> ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> on behalf of Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>> Date: Wednesday 13 June 2018 at 02:11 To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process I'll repeat a point I made in chat today: requiring and providing training is not excluding, but requiring certification is. Actually, for who is paying for the training, the actual knowledge is more important than the certification, which only benefits the certified person. So while I would find reasonable that someone that happens to have a certification to excuse himself/herself from the training, I don't see us establishing a certification as requisite. And if that changes the price, every certification (opposed to training) should come on that person's dime, not GNSO's. And while I like IAPP because it seems to have a more neutral tone instead of the Europe x World Manichaeism, I believe we could look at other options. As for themes, I think that the other than GDPR could come from our internal development efforts. For instance, picket fence, trademarks, abuse investigation, registrar operations, RDAP... let me throw people under the bus without consulting them just to indicate how we could provide primer sessions on these angles making for a "Renaissance" WG: Picket Fence - Becky Burr Trademarks - Heather Forrest Abuse investigation - Dave Piscitello Registrar operations - Michele Neylon RDAP - Scott Hollenbeck Rubens On 12 Jun 2018, at 11:51, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.winston.com_en_who-2...> | VCard<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.winston.com_vcards_9...> | Email<mailto:pmcgrady@winston.com> | winston.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.winston.com_&d=DwMGa...> <image001.jpg> From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_council&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=8XhhM0URiItKnsX7PnGalIwFtkQ2TTvixuO1bvvP8aU&e=> _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_council&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=8XhhM0URiItKnsX7PnGalIwFtkQ2TTvixuO1bvvP8aU&e=>

This one kinda summarises the whole discussion, thanks Donna. I agree with you. To clarify: WG members will be selected by their respective groups (based on their own criteria), then these selected members will undertake a course/training that some of our members have volunteered to design (including Paul), plus some people suggested by Rubens to help them have the same understanding of the scope of this WG. That's what I got from this discussion and which I find useful. Thanks, Arsene 2018-06-13 23:53 UTC+02:00, Austin, Donna via council <council@gnso.icann.org>:

I think Marie has identified an important point. Each SG/SO will have their own process for selecting and appointing their representatives/members to the WG and in this regard I don’t think the Council can or should prescribe any part of that process. The Council can certainly provide guidance, as Marie has suggested, but I don’t believe the Council will any authority to reject any person from the WG that has been appointed by an SG/SO, because they don’t have not undertaken training in GDPR.

That being the case, it does seem that there is a lot of support for the idea that training of some form about GDPR would be a helpful. Perhaps, rather than having the training as a pre-requisite, the WG members will be required to undertake a training course as a group early in their tenure. Given the temporary specification is intended to find a way for contracted parties to be compliant with the GDPR regulation in a manner that maintains the integrity of the WHOIS to the greatest extent possible, it would make sense that any training course be developed in that context. As Erika noted, GDPR is a complex law, but it does appear that there are some elements that are more relevant to our discussion than others, and some elements that have no relevance at all. To that end, it would make more sense to have a training session that is tailored to the scope of what we expect will be dealt with in the ePDP discussions. I would argue that we don’t need people who are experts in the GDPR regulation on the WG, but we do need people who are knowledgeable about its applicability in the ICANN context. By way of example, I believe the RySG and RrSG now have a lot more people that understand GDPR and its impact on contracted parties than we did 12 months ago and not because they took a course on GDPR, but because they have had to develop “practical, hands-on experience” to use Marie’s words, of GDPR in the ICANN context.

While we are spending a lot of time discussing the need or not for this GDPR specific training, perhaps we could also give some thought to other knowledge and skillsets that we think would be beneficial for the ePDP WG so that we can provide this feedback to the SG/SO for their respective selection processes.

Donna From: council [mailto:council-bounces@gnso.icann.org] On Behalf Of Marie Pattullo Sent: Wednesday, June 13, 2018 4:05 AM To: Michele Neylon - Blacknight <michele@blacknight.com>; Rubens Kuhl <rubensk@nic.br>; GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

I agree with all of that Michele. I’d also advance that as we will be asking for the WG to be populated with reps of the SGs/SOs etc., in the call for members we should specify that we are counting on those groups to put forward reps with the requisite – practical, hands-on – experience. Marie

From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> On Behalf Of Michele Neylon - Blacknight Sent: Wednesday, June 13, 2018 12:25 PM To: Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

Rubens

I agree.

The key point that I think many of us agree on is that knowledge / training, call it what you will, is highly beneficial in general. One of the issues we ran into repeatedly in the RDS PDP was that people either were not familiar with the subject matter beyond their own, specific narrow interest and / or they had little to no familiarity with how ICANN’s processes in terms of policy development work.

In the case of this ePDP any member of the group that is eventually formed will need to have a basic grounding in several key areas including privacy and GDPR.

While certification is “nice” I also agree that it should not be a requirement and I would have issues with ICANN paying thousands of Euro to give people this kind of training. If someone wants to get certified in privacy / GDPR or anything else I’m sure that will help them further their careers, but last time I checked neither ICANN as a whole nor the GNSO specifically is a training camp for people.

As for providing primers – I think it’s a good idea and if I can help I’d be happy to.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.blacknight.com_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=spWy5xcRi5v42wjU7bZidgHhuCcP1rSaHgs1uy0rIg4&e=> http://blacknight.blog/<https://urldefense.proofpoint.com/v2/url?u=http-3A__blacknight.blog_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=lrYqj6-ysrnMlIQJA6lPjIC00--re9jhG7emEhhMwAE&e=> Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/<https://urldefense.proofpoint.com/v2/url?u=https-3A__michele.blog_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=hc64uC0aqLwIf1UnUEofFd3RO-pQy0pL7zQAG1J_pGs&e=> Some thoughts: https://ceo.hosting/<https://urldefense.proofpoint.com/v2/url?u=https-3A__ceo.hosting_&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=ltFICHsbR-wXqL_8K4U9Qa8u08Lxs5dnT76-Nk1cV30&e=> ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

From: council <council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>> on behalf of Rubens Kuhl <rubensk@nic.br<mailto:rubensk@nic.br>> Date: Wednesday 13 June 2018 at 02:11 To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

I'll repeat a point I made in chat today: requiring and providing training is not excluding, but requiring certification is. Actually, for who is paying for the training, the actual knowledge is more important than the certification, which only benefits the certified person. So while I would find reasonable that someone that happens to have a certification to excuse himself/herself from the training, I don't see us establishing a certification as requisite.

And if that changes the price, every certification (opposed to training) should come on that person's dime, not GNSO's. And while I like IAPP because it seems to have a more neutral tone instead of the Europe x World Manichaeism, I believe we could look at other options.

As for themes, I think that the other than GDPR could come from our internal development efforts. For instance, picket fence, trademarks, abuse investigation, registrar operations, RDAP... let me throw people under the bus without consulting them just to indicate how we could provide primer sessions on these angles making for a "Renaissance" WG: Picket Fence - Becky Burr Trademarks - Heather Forrest Abuse investigation - Dave Piscitello Registrar operations - Michele Neylon RDAP - Scott Hollenbeck

Rubens

On 12 Jun 2018, at 11:51, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote:

Thanks Carlos.

Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1.

Best, Paul

From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision.

Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA

On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Ayden.

Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side.

Best, Paul

Paul D. McGrady

Partner

Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703

D: +1 312-558-5963

F: +1 312-558-5700

Bio<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.winston.com_en_who-2...> | VCard<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.winston.com_vcards_9...> | Email<mailto:pmcgrady@winston.com> | winston.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.winston.com_&d=DwMGa...>

<image001.jpg>

From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process

Dear all,

I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!).

I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection.

I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms.

There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years.

For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it.

I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you.

Best wishes, Ayden Férdeline

________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations.

_______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_council&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=8XhhM0URiItKnsX7PnGalIwFtkQ2TTvixuO1bvvP8aU&e=>

_______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_council&d=DwMGaQ&c=MOptNlVtIETeDALC_lULrw&r=CwipU91YB6EkpFXK9ynnT_QUef4yC5p7jpsDm8cU97g&m=8-tW4NL9mzht8JCv0RTR7e8MT5JbRbWnlq_htpYqRTg&s=8XhhM0URiItKnsX7PnGalIwFtkQ2TTvixuO1bvvP8aU&e=>

-- ------------------------ **Arsène Tungali* <http://about.me/ArseneTungali>* Co-Founder & Executive Director, *Rudi international <http://www.rudiinternational.org>*, CEO,* Smart Services Sarl <https://www.smart-kitoko.com/>*, *Mabingwa Forum <http://www.mabingwa-forum.com>* Tel: +243 993810967 GPG: 523644A0 *Goma, Democratic Republic of Congo* 2015 Mandela Washington Felllow <http://tungali.blogspot.com/2015/06/selected-for-2015-mandela-washington.htm...> (YALI) - ISOC Ambassador (IGF Brazil <http://www.internetsociety.org/what-we-do/education-and-leadership-programme...> & Mexico <http://www.internetsociety.org/what-we-do/education-and-leadership-programme...>) - AFRISIG 2016 <http://afrisig.org/afrisig-2016/class-of-2016/> - Blogger <http://tungali.blogspot.com> - ICANN's GNSO Council <https://gnso.icann.org/en/about/gnso-council.htm> Member. AFRINIC Fellow ( Mauritius <http://www.afrinic.net/en/library/news/1907-afrinic-25-fellowship-winners>)* - *IGFSA Member <http://www.igfsa.org/> - Internet Governance - Internet Freedom. Check the *2016 State of Internet Freedom in DRC* report (English <http://cipesa.org/?wpfb_dl=234>) and (French <http://cipesa.org/?wpfb_dl=242>)

Ayden I think it’s important that people have a baseline I do not think that ICANN should be paying out thousands of dollars to provide training. Also, most businesses have had access to GDPR courses, conferences, seminars etc., for the last 18+ months. If people want to understand it they’ve had plenty of opportunities. Most of my key staff have attended at least one GDPR course in the last 12 months, with several attending multiple courses. We agree that participants need to have the baseline knowledge. We fundamentally disagree on how they get there. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Ayden Férdeline <icann@ferdeline.com> Reply-To: Ayden Férdeline <icann@ferdeline.com> Date: Wednesday 13 June 2018 at 12:40 To: Michele Neylon <michele@blacknight.com>, Rubens Kuhl <rubensk@nic.br>, GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Hi all, I just want to clarify my proposal, as I agree that ICANN should not be funding any activities which do not have a direct relevance to the work ahead. Given the time crunch there is a need for this working group to come up to speed as swiftly as possible. There is no time to teach someone the basics of what the DNS is etc. We have that expertise in the community already; I have no doubt that the various stakeholder groups and SO/ACs can find members with an adequate understanding of the core issues. But where the community does have a deficit of knowledge is in privacy and data protection matters. I am not saying that there is no one with an understanding of these issues (of course there is), but not enough people. So from my vantage point we can either recruit privacy practitioners — and upskill them on the DNS, or vice versa, find DNS experts and leave them with a basic understanding of the GDPR. I think there is a legitimate need for ICANN to fund this training, as DNS experts would be acquiring this new skill in order to contribute to ICANN’s policy making process and not for personal benefit. I think the benefit to the individual is minimal — I highly doubt anyone is going to leave their career in DNS policy and become a privacy practitioner after taking a 3-4 hour course. The idea behind having the course conducted by an independent party with expertise in privacy and data protection and no interest in the outcome of the EPDP was that it would hopefully be viewed by those undertaking the training as a neutral, helpful instrument. I also envisioned individuals choosing their own provider and not ICANN mandating one, though parameters around cost should be in place, to ensure the course/whatever is reasonable. I can’t recall if I used the word "certification" or if someone else did, but I think I only asked that members be able to demonstrate that they have knowledge of data protection principles. That matters more to me than a certificate! Best wishes, Ayden Férdeline Sent from ProtonMail Mobile On Wed, Jun 13, 2018 at 11:24, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Rubens I agree. The key point that I think many of us agree on is that knowledge / training, call it what you will, is highly beneficial in general. One of the issues we ran into repeatedly in the RDS PDP was that people either were not familiar with the subject matter beyond their own, specific narrow interest and / or they had little to no familiarity with how ICANN’s processes in terms of policy development work. In the case of this ePDP any member of the group that is eventually formed will need to have a basic grounding in several key areas including privacy and GDPR. While certification is "nice" I also agree that it should not be a requirement and I would have issues with ICANN paying thousands of Euro to give people this kind of training. If someone wants to get certified in privacy / GDPR or anything else I’m sure that will help them further their careers, but last time I checked neither ICANN as a whole nor the GNSO specifically is a training camp for people. As for providing primers – I think it’s a good idea and if I can help I’d be happy to. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: council <council-bounces@gnso.icann.org> on behalf of Rubens Kuhl <rubensk@nic.br> Date: Wednesday 13 June 2018 at 02:11 To: GNSO Council List <council@gnso.icann.org> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process I'll repeat a point I made in chat today: requiring and providing training is not excluding, but requiring certification is. Actually, for who is paying for the training, the actual knowledge is more important than the certification, which only benefits the certified person. So while I would find reasonable that someone that happens to have a certification to excuse himself/herself from the training, I don't see us establishing a certification as requisite. And if that changes the price, every certification (opposed to training) should come on that person's dime, not GNSO's. And while I like IAPP because it seems to have a more neutral tone instead of the Europe x World Manichaeism, I believe we could look at other options. As for themes, I think that the other than GDPR could come from our internal development efforts. For instance, picket fence, trademarks, abuse investigation, registrar operations, RDAP... let me throw people under the bus without consulting them just to indicate how we could provide primer sessions on these angles making for a "Renaissance" WG: Picket Fence - Becky Burr Trademarks - Heather Forrest Abuse investigation - Dave Piscitello Registrar operations - Michele Neylon RDAP - Scott Hollenbeck Rubens On 12 Jun 2018, at 11:51, McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> wrote: Thanks Carlos. Actually, you agree with me. I don’t think we should have any gatekeeping barriers, such as IAPP certifications, designed to exclude anyone. But, if we are going to go down the path of exclusion, and I hope we don’t, it shouldn’t just be for one privacy skill set which would result in an unbalanced ePDP WG. I think some 101 in both GDPR and Trademarks is more than sufficient to ensure everyone on the ePDP WG has a common vocabulary. I’m surprised by the resistance on the call today to the idea and the steadfast holding to the notion of gatekeeping IAPP certification which will result in exclusions from the team and undermine its outcomes from Day 1. Best, Paul From: Carlos Raul Gutierrez [mailto:crg@isoc-cr.org] Sent: Tuesday, June 12, 2018 9:32 AM To: McGrady, Paul D. <PMcGrady@winston.com<mailto:PMcGrady@winston.com>> Cc: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>>; GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: Re: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process It was a very interesting Council call today, of which I could only follow the initial 2/3 or so. After the call I went back to this ideas of Ayden and Paul, and I found myself in disagreement with both of you. Maybe because I'm an economist that doesn't want to become a pseudo lawyer in either trademark law or in data protection, my needs t o follow the ePDP in case i'm not qualified to participate (only to vote...) are different: My question is to what degree does WHOIS have a bias for or against both, trademark law and GDPR. As some might know, we economist are all about efficiency and efficiency loses. And my understanding is that any change in WHOIS, either planned or imposed, creates great efficiency losses to our members of the CPH. And in some cases, those efficiency loses cost a lot of money! The Bonner Landesgericht put an interesting efficiency concept on the table: Datensparsamkeit. (something like be stingy with data -collection-). So from my personal perspective, and I repeat, independently if I'm qualified or not to be a member of the ePDP, my basic question is and would remain until we vote on the policy proposal, is how a new regulation that looks for collecting LESS data, can be an operational, or even financial burden to the members of the CPH. For that I don't need more knowledge on either Trademark and/or Privacy Law. What I need are hard facts, best expressed by numbers of dollars. With that SOI, I express my interest to be part of the ePDP, either as member, or else as unqualified bystander with a vote on the final decision. Carlos Raúl Gutiérrez ISOC Costa Rica Chapter skype carlos.raulg +506 8837 7176 ________ Apartado 1571-1000 COSTA RICA On Thu, Jun 7, 2018 at 2:28 PM, McGrady, Paul D. <PMcGrady@winston.com <mailto:PMcGrady@winston.com> > wrote: Thanks Ayden. Tricky though, since those of us representing consumers that are protected by intellectual property laws from confusing misuses of marks often feel that those participating in WG’s don’t understand the fundamentals of trademark laws either. Certainly in the case of this EPDP we would want people to have the basics of trademark law as well. Perhaps instead of using these useful skills sets as gatekeepers, we ask staff to develop curriculum for the first session or two hitting these two issues and setting forth some basic vocabulary. I’d be happy to participate with staff in the effort from the trademark side if you would be happy to participate with staff in the effort from the data protection side. Best, Paul Paul D. McGrady Partner Winston & Strawn LLP 35 W. Wacker Drive Chicago, IL 60601-9703 D: +1 312-558-5963 F: +1 312-558-5700 Bio <http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady@winston.com> | winston.com<http://www.winston.com/> <image001.jpg> From: council [mailto:council-bounces@gnso.icann.org<mailto:council-bounces@gnso.icann.org>] On Behalf Of Ayden Férdeline Sent: Thursday, June 07, 2018 3:12 PM To: GNSO Council List <council@gnso.icann.org<mailto:council@gnso.icann.org>> Subject: [council] Suggestion for membership criteria of proposed Expedited Policy Development Process Dear all, I have just finished reviewing the proposed agenda for our meeting next week along with the mindmap that Council leadership and staff have developed (thanks for doing this!). I would like to put forward a suggestion for the Expedited Policy Development Process (EPDP) team criteria. While the scope of the EPDP remains unclear at present, what I took away from the call between the Board and the Council on Tuesday was that compliance with the law is crucial. As such I think it is imperative that *all* members be able to demonstrate that they have a basic understanding of the principles and legal terms of data protection. I would like to request that any community member who is appointed to the EPDP, or staff member supporting the EPDP, be able to demonstrate they have completed at least 3 hours of data protection training. I do not think this would be a huge burden, but I think it would make work easier, as there should be a common understanding of essential terms. There are short half-day 'Data Protection 101' classes run by institutions like the policy neutral International Association of Privacy Professionals, whose courses only use definitions of terms that have been defined in law for over 20 years. For those who don't hold this certification, I would like to request that ICANN reimburse the members of the EPDP for their modest and reasonable costs in obtaining it. I would like to hear your thoughts here, however I would also like to ask that this suggestion please be given serious consideration. Thank you. Best wishes, Ayden Férdeline ________________________________ The contents of this message may be privileged and confidential. If this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under applicable tax laws and regulations. _______________________________________________ council mailing list council@gnso.icann.org <mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council _______________________________________________ council mailing list council@gnso.icann.org<mailto:council@gnso.icann.org> https://mm.icann.org/mailman/listinfo/council