My main problem
with Peter’s proposal is that it rests on assumptions about
what will be the ultimate outcome of the ePDP. It would be
irresponsible to rely upon such assumptions (which are
clearly premature) in fashioning the implementation rules
for a consensus policy adopted by the community as the
output of a multi-stakeholder process. It would be even less
justified to rely upon such premature assumptions as an
excuse for “pausing” our work when it is so near to
completion and when completion is so long overdue.
Steve Metalitz
This seems highly impractical, as a service provider would
suddenly have to monitor what happens to a domain name whois
after the fact. And why shouldn't there be an additional layer
of privacy for those that legitimately need or want it? Maybe
the data just is not public because the registry is redacting
it, but the registrant does not trust the registry operator
with his data?
Aside from the fact that this is a policy question that does
not belong into the IRT but into the PDP proper, I do not
support the proposed addition on its merits either.
Volker
Am 30.08.2018 um 19:28 schrieb Roman,
Peter (CRM):
All –
Just to
continue the smaller discussion from today’s call:
Putting aside
the existential question of whether the business case for
privacy/proxy makes sense following the implementation of
the GDPR, and assuming that:
1)
privacy/proxy providers will continue to do business and
2) the EPDP
is going to reach a solution that will give IP rights
holders, cybersecurity researchers, law enforcement, and
other vetted people access to the registrant data that is
not publicly available;
I propose
that the IRT consider that, since the second tier of WHOIS
data would only be available to vetted, accredited law
enforcement, cybersecurity, IP rights holders, etc. that
have represented that they have a legitimate purpose for
accessing the data, and since that data is merely
subscriber data (which under the Council of Europe’s
CyberCrime Convention, and numerous other legal regimes as
well, is deserving of the lowest level of privacy
protection), and therefore no legitimate purpose is served
by further hindering access to such data, the IRT should
add the following language to the draft PPAA:
3.5.7
Provider shall not provide Services for Customers whose
data is non-public.
Or
3.5.7
Provider shall not provide Services for Customers whose
data is only accessible through gated access in the RDDS
system and is not publicly available through WHOIS.
Thanks,
Peter Roman
Senior
Counsel
Computer
Crime & Intellectual Property Section
Criminal
Division
Department
of Justice
1301 New
York Ave., NW
Washington, DC 20530
(202) 305-1323
peter.roman@usdoj.gov
Agreed on the moving target part. Not too mention another
moving target that will render most of our work right down
into the trash if it happens.
http://domainincite.com/23371-could-a-new-us-law-make-gdpr-irrelevant
This draft seems to be in direct conflict with some of the
WG's recommendations;
https://via.hypothes.is/https://www.internetgovernance.org/wp-content/uploads/Draft-WHOIS-Legislation-as-of-Aug-16-2018.pdf
Thanks,
Theo
On 30-8-2018 7:55, Michele Neylon -
Blacknight wrote:
I won’t be able to attend as I’m at an
event.
I also agree with the concerns raised
by others about pegging *anything* to a moving
target, which the Temp Spec is
TLDR – it’s not policy – it’s a
stopgap. Baking it into anything else is a really bad idea
Regards
Michele
Dear Colleagues,
This is a reminder that the PP IRT will
meet tomorrow, Thursday, 30 August, at 1600 UTC.
A draft markup of the PPAA is attached.
This markup is for discussion purposes only—it is not a
final proposal and remains subject to revision. The draft
is being circulated, without further delay, to continue
the conversation. It has not been approved by senior
management and is for discussion only.
We would like to begin discussing the
following topics tomorrow (but please feel free to comment
before then on the list):
(1)
Some suggested edits track
what’s in the Temporary Specification for gTLD
Registration Data. For example, section
3.5.3.3.
How should we approach drafting provisions modeled on the
Temp Spec, given that its language is subject to change in
the near future?
(2)
The disclosure frameworks
seem to be written from the position that there’s no
discretion for the Provider to not provide the underlying
customer data if the conditions in the framework are met.
Is this the intent? This could potentially cause issues
under the GDPR, because this doesn’t seem to leave room to
balance the interests of the data subjects with the
legitimate interest of the parties requesting personal
data.
(3)
The disclosure frameworks
raise additional GDPR-related questions that are similar
to questions raised in the
Draft Framework Elements of a
Potential Unified Access Model paper published by
ICANN org. For example, what would the requirements be for
logging requests for disclosure made under the frameworks
(or even requests not governed by the frameworks)?
(4)
Do you see any other issues
that you believe must be addressed related to GDPR that
were not addressed in this markup?
(5)
Following the completion of
the IRT’s review of this draft accreditation agreement and
related matters, we believe are ready to proceed to public
comment. Do you believe there is any reason why the IRT
should not proceed to public comment?
(6)
We have heard questions from
various members of the community about how the proposed
accreditation program requirements will operate within the
current Temp Spec RDDS environment. These proposed program
requirements do not address how PP registrations interact
with a gated access model or how they might be impacted,
if at all, by the results of the EPDP. Is this an issue
that the IRT believes should be explored at this stage? If
any member of the IRT wishes to raise any comments or
points about this topic, you are encouraged to do so
during the IRT call or via the list.
One area that may need further
attention in the agreement is specifically defining what
data is to be collected and for what purpose. In addition,
the new Specification 8 contains some data processing
requirements, but additional discussion is needed on the
appropriate controller arrangements that are needed
between ICANN, the registrar and the Provider.
Best,
Amy
Amy E. Bivins
Registrar Services and Engagement Senior
Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and
Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax: +1 (202) 789-0104
Email:
amy.bivins@icann.org
www.icann.org
_______________________________________________
Gdd-gnso-ppsai-impl mailing list
Gdd-gnso-ppsai-impl@icann.org
https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
_______________________________________________
Gdd-gnso-ppsai-impl mailing list
Gdd-gnso-ppsai-impl@icann.org
https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.