DelBianco tried to incorporate the feedback. Feels like a useful tool to descalate so let's see if we can support. Jonathan Zuck Executive Director Innovators Network Foundation www.Innovatorsnetwork.org<http://www.Innovatorsnetwork.org> ________________________________ From: Steve DelBianco Sent: Sunday, November 4, 2018 11:31:42 AM To: Jonathan Zuck Subject: Re: A conceptual view of TempSpec/EPDP and the Unified Access Model Jonathan, Attached is a v2, reflecting these changes: Per suggestion from ALAC, added qualified under UAM "(if DPAs recognize ICANN as the responsible party)" I changed the title to reflect the narrow focus on "Publication and Disclosure of Registrant Data, under the EPDP and UAM". Per suggestion from BC and IPC, changed "TM protection" to IP protection" and changed "May disclose on request" to "Must disclose on request, if GDPR 6(1)(f) balance is met". Registrars and registries use their discretion to determine if 61f balance is met, so that’s why I had “May disclose” in prior version. --Steve On 10/30/18, 5:46 PM, "Steve DelBianco" <sdelbianco@netchoice.org> wrote: Jonathan, Could you please think about sharing this with ALAC policy folks who are working on the EPDP? Attached please find a conceptual view of EPDP and the Unified Access Model. This started with a napkin sketch while Keith Drazek and I were talking at the Barcelona airport on Friday morning, as a follow-up to the very positive CSG-CPH meeting on Wednesday. We saw the need to help the ICANN community distinguish between Published data, Disclosure under “reasonable access”, and Unified Access operated by ICANN. This diagram attempts to make those distinctions. Another purpose of the diagram is to focus the EPDP (at this stage) on collection, publication, and discretionary disclosure under (what the TempSpec calls “reasonable access”). With that focus, the EPDP can move more smoothly to an initial report on its first charter task to develop policy to replace the TempSpec. We understand that phase 2 of EPDP can address policy for the UAM, including accreditation process, verifying credentials, logging, and disclosure. But first, the community and Data Protection Authorities need to endorse the conceptual approach that a UAM operated by ICANN can position ICANN as the responsible party. That's a "gating question". --Steve DelBianco