Update from EPDP leadership regarding the EDPB letter

Dear GNSO Councilors: We are writing to report some specific recent actions by the EPDP team. As you know, the EPDP Charter states that, "the Initial Report should be submitted to the European Data Protection Board [EDPB] or other relevant DPAs to request feedback on the applicability of the law in relation to the proposed recommendations, particularly those that may carry over from Temporary Specification to Consensus Policy recommendations to the ICANN Board.” After a detailed and constructive discussion, the EPDP team has decided (for the time being) to not directly contact the EDPB in order to request feedback on the Initial Report. We are writing to explain the thought process that went into that decision and seek any feedback the Council has to offer. As the EPDP team debated and discussed charter questions and issues leading to the publication of the initial report, it identified a set of legal questions (i.e., interpreting the GDPR) that required resolution before certain policy recommendations could be made. During an EPDP meeting, the team debated whether: 1. To send the set of legal questions to the EDPB for input, and 2. To send the Initial Report to the EDPB along with certain messages: o the Initial Report is available for their review and comment, o the Initial Report is a prelude to the Final Report, likely to become ICANN Policy, and o that we are wading through certain legal questions and are getting independent input on those So far, we have decided to do neither, primarily for two reasons. First, the EDPBs own writings and the personal experiences of some EPDP members indicate that the EDPB is NOT a consulting resource. The EDPB provides advisories and guidance to governments and DPAs. The EPDP team determined that we should seek answers to our legal questions through independent legal advice and, perhaps through DPAs. Second, perhaps recognizing that the Initial Report had not yet resolved all issues, the EPDP Team thought that is would not yet be a good use of the EDPB’s time and good will to ask them to opine on something that is incomplete. So, other than a notice that ICANN is working on GDPR issues and is making progress, the team believes that a letter to the EDPB would have little to offer. It was suggested that such a letter would be useful as it would serve to manage EDPB expectations: so that the final report would not provide the “first look” at our work. While some in the EPDP that agreed with this, there were also strong opinions in the EPDP that the letter as currently drafted and timed might actually harm relations with the EDPB. Given that one cannot “unsend” a letter, it was decided to hold off for the time being. As we progress our discussions and watch the interactions between the EDPB and ICANN or between the EDPB and other organizations, we can continue to re-assess our decision and possible send a notice (or a more meaningful notice) at a later date. We would be pleased to provide additional detail or discuss this with the Council in greater detail at your convenience. Sincerely, Kurt & Rafik

Rafik / Kurt Speaking personally and not on behalf of anyone else, I am happy to see this. As you’ve outlined it would have been premature to contact them at this juncture and would probably done more harm than good. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: council <council-bounces@gnso.icann.org> on behalf of Rafik Dammak <rafik.dammak@gmail.com> Date: Friday 21 December 2018 at 19:19 To: Council GNSO <council@gnso.icann.org> Cc: Kurt Pritz <kurt@kjpritz.com> Subject: [council] Update from EPDP leadership regarding the EDPB letter Dear GNSO Councilors: We are writing to report some specific recent actions by the EPDP team. As you know, the EPDP Charter states that, "the Initial Report should be submitted to the European Data Protection Board [EDPB] or other relevant DPAs to request feedback on the applicability of the law in relation to the proposed recommendations, particularly those that may carry over from Temporary Specification to Consensus Policy recommendations to the ICANN Board.” After a detailed and constructive discussion, the EPDP team has decided (for the time being) to not directly contact the EDPB in order to request feedback on the Initial Report. We are writing to explain the thought process that went into that decision and seek any feedback the Council has to offer. As the EPDP team debated and discussed charter questions and issues leading to the publication of the initial report, it identified a set of legal questions (i.e., interpreting the GDPR) that required resolution before certain policy recommendations could be made. During an EPDP meeting, the team debated whether: 1. To send the set of legal questions to the EDPB for input, and 2. To send the Initial Report to the EDPB along with certain messages: o the Initial Report is available for their review and comment, o the Initial Report is a prelude to the Final Report, likely to become ICANN Policy, and o that we are wading through certain legal questions and are getting independent input on those So far, we have decided to do neither, primarily for two reasons. First, the EDPBs own writings and the personal experiences of some EPDP members indicate that the EDPB is NOT a consulting resource. The EDPB provides advisories and guidance to governments and DPAs. The EPDP team determined that we should seek answers to our legal questions through independent legal advice and, perhaps through DPAs. Second, perhaps recognizing that the Initial Report had not yet resolved all issues, the EPDP Team thought that is would not yet be a good use of the EDPB’s time and good will to ask them to opine on something that is incomplete. So, other than a notice that ICANN is working on GDPR issues and is making progress, the team believes that a letter to the EDPB would have little to offer. It was suggested that such a letter would be useful as it would serve to manage EDPB expectations: so that the final report would not provide the “first look” at our work. While some in the EPDP that agreed with this, there were also strong opinions in the EPDP that the letter as currently drafted and timed might actually harm relations with the EDPB. Given that one cannot “unsend” a letter, it was decided to hold off for the time being. As we progress our discussions and watch the interactions between the EDPB and ICANN or between the EDPB and other organizations, we can continue to re-assess our decision and possible send a notice (or a more meaningful notice) at a later date. We would be pleased to provide additional detail or discuss this with the Council in greater detail at your convenience. Sincerely, Kurt & Rafik
participants (2)
-
Michele Neylon - Blacknight
-
Rafik Dammak