Hello Vanda, You exactly reinforce my underlying concern. In connection with concerns about data protection and GDPR, the ICANN community undertook an expedited PDP in which the ICANN multistakeholder process was followed. However, the issue of cyber incident reporting appears to be a requirement which ICANN and at least one of its contracting parties appears to have devised with mimium community input. To be clear I am not opposed to the underlying subject matter, but the process by which it has appeared. Best regards, Michael From: Vanda Scartezini <vanda@scartezini.org> Sent: Monday, November 4, 2024 8:26 PM To: mike palage.com <mike@palage.com>; alberto@soto.net.ar; Avri <avri@doria.org>; 'Maureen Hilyard' <maureen.hilyard@gmail.com>; 'Bill Jouris' <b_jouris@yahoo.com>; 'CPWG' <cpwg@icann.org> Subject: Re: [CPWG] Re: Draft Statement on .COM RA Dear Michael Reading 2.19 I see almost the same demand the Data Protection legislation, at least in my country demands, from any organizations in any kind of cyber incident. For me what is complex is not demanding that the information go to clients to informe their data, supposed protected was not anymore protected. I can understand ICANN’s position of not exposing the company before a reasonable time to avoid damaging the company’s image when it may not have been its fault. Especially due the eventual conflict of DATA Protection demands in the registry country. However, the registry, IMO, should inform all clients after a reasonable time of 72 hours, informing they are aware some data will be exposed and they have already or in a way to fix the problem, My two cents Vanda Scartezini Polo Consultores Associados São Paulo, Brazil vanda@scartezini.org<mailto:vanda@scartezini.org> Mobile: + 55 11 98181-1464 From: mike palage.com via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> Date: Monday, 4 November 2024 at 16:17To: alberto@soto.net.ar<mailto:alberto@soto.net.ar> <alberto@soto.net.ar<mailto:alberto@soto.net.ar>>, 'Maureen Hilyard' <maureen.hilyard@gmail.com<mailto:maureen.hilyard@gmail.com>>, 'Bill Jouris' <b_jouris@yahoo.com<mailto:b_jouris@yahoo.com>>, 'CPWG' <cpwg@icann.org<mailto:cpwg@icann.org>> Subject: [CPWG] Re: Draft Statement on .COM RA Hello All, My concern about ICANN and the contracting parties using bilateral negotiations to circumvent the true multistakeholder models regarding cyber security incident reporting appears to have been justified. Attached is the new baseline RA for the next round of new gTLDs, which was released on November 1st. Not surprisingly, you will notice a new provision regarding cyber incident reporting under paragraph 2.19 (page 10 of 125). Here is my question to Avri. Are you in a position to comment on whether cyber incident reporting was something that was being actively discussed over the past couple of years or does this appear to be something that has just surfaced coincidently in connection with the .COM RA? While I will only be in Istanbul briefly (Friday, Saturday and Thursday) I would like to find time with anyone willing to discuss this clearly emerging trend and what we want to do about it. Best regards, Michael From: Alberto Soto via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> Sent: Saturday, November 2, 2024 8:12 AM To: 'Maureen Hilyard' <maureen.hilyard@gmail.com<mailto:maureen.hilyard@gmail.com>>; 'Bill Jouris' <b_jouris@yahoo.com<mailto:b_jouris@yahoo.com>>; 'CPWG' <cpwg@icann.org<mailto:cpwg@icann.org>> Subject: [CPWG] Re: Draft Statement on .COM RA In a multi-stakeholder environment, no contractual negotiation should be confidential. Once signed, the contract cannot be modified except by each of the parties. But what happens if, once signed, something is inconvenient for one of the multiple stakeholders? Regards Alberto De: Maureen Hilyard via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> Enviado el: sábado, 2 de noviembre de 2024 04:18 Para: Bill Jouris <b_jouris@yahoo.com<mailto:b_jouris@yahoo.com>>; CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> Asunto: [CPWG] Re: Draft Statement on .COM RA Excellent question, Bill Especially when the original inputs by our volunteers have involved hours of unpaid time. The final resolution has to be endorsed by the Empowered Community. The community leaders should raise this anomoly before it gets to that stage. M On Sat, 2 Nov 2024, 6:38 am Bill Jouris via CPWG, <cpwg@icann.org<mailto:cpwg@icann.org>> wrote: I am not a lawyer, but perhaps one of the lawyers among us can clear up something for me. Olivier notes that It has asked, at least on one occasion, whether it was possible for it to have observers participate at bilateral contractual negotiations should these negotiations be allowed to introduce significant changes to the policy recommendations that were drawn by the Community in the Policy Development Process. This was refused since "Contractual negotiations have to be kept confidential" Can some one explain why "Contractual negotiations have to be kept confidential" ? I can see some reasons why it might, in some cases, make negotiations smoother. But is there some kind of legal requirement here? If so, there's nothing more to say. But if not, it seems worthwhile to push back a bit on this. Bill Jouris Sent from Yahoo Mail on Android<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_Andr...> On Wed, Oct 30, 2024 at 7:52 PM, Olivier MJ Crépin-Leblond via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> wrote: _______________________________________________ CPWG mailing list -- cpwg@icann.org<mailto:cpwg@icann.org> To unsubscribe send an email to cpwg-leave@icann.org<mailto:cpwg-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. [Image removed by sender.]<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_camp...> Virus-free.www.avg.com<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_camp...> _______________________________________________ CPWG mailing list -- cpwg@icann.org<mailto:cpwg@icann.org> To unsubscribe send an email to cpwg-leave@icann.org<mailto:cpwg-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.