Hi Amy,
Re: Do you believe there is any reason why the IRT should not proceed to public comment?
Not having access to ICANN’s legal review seems like impediment. Shouldn’t we understand ICANN Legal’s perspective before opening this up for comment?
ICANN’s desire to align the policy with the language in the Temp Spec is problematic considering this language will likely be changed as a result of the ePDP (or discarded entirely if the Temp Spec expires and
the ePDP doesn’t finish its work). I understand the desire to align this policy with other ICANN policy relating to GDPR, but that policy isn’t finalized (it’s temporary
J). I don’t know how alignment is possible without waiting for the ePDP to conclude its work.
-Greg
From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces@icann.org]
On Behalf Of Volker Greimann
Sent: Wednesday, August 29, 2018 9:44 AM
To: gdd-gnso-ppsai-impl@icann.org
Subject: Re: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached
First thoughts:
1) Disclosure framework: I ageree there needs to be provider discretion. Having no discretion was not the intent and would be in violation of the GDPR anyway, and therefore void. Let's not start the program with contractual sections that are void. Good catch,
Amy!
2) Where is the legal review? Will we get to see it or has it been classified? Do we have to do a freedom of information request to gain access to it?
3) The temp spec is _not_ consensus policy. It is a !temporary! stopgap implemented by the board that has no further effect. I strongly object to expand the scope of the temporary specification as decided by the board beyond the scope envisioned by the board
when it was passed by including it as part of the contract in any form or shape. Including it in the contract would have an effect that would enshrining the spec for longer than its maximum possible effectiveness. Any "tracking" of the temp spec in the proposed
edits need to be removed. The ICANN board can do another temporary specification if there is a need for such changes.
Similarly, the Draft framework for the UAM has no place here, however if ever a UAM were to come into being, this could replace the currently proposed disclosure framework lock stock and barrel. But that will
be up to the PDP that decides on the UAM to include here. Right now, the UAM is nothing.
4) Other issues, GDPR impact and public comment: Will need more time for review on that. Will not be ready for any substantive comment by tomorrow, best keep that until next week.
5) The fees still need to go.
Best,
Volker
Am 29.08.2018 um 15:21 schrieb Amy Bivins:
Dear Colleagues,
This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC.
A draft markup of the PPAA is attached. This markup is for discussion purposes only—it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only.
We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list):
(1) Some suggested edits track what’s in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future?
(2) The disclosure frameworks seem to be written from the position that there’s no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn’t seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data.
(3) The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)?
(4) Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup?
(5) Following the completion of the IRT’s review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment?
(6) We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list.
One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider.
Best,
Amy
Amy E. Bivins
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax: +1 (202) 789-0104
Email: amy.bivins@icann.org
_______________________________________________Gdd-gnso-ppsai-impl mailing listGdd-gnso-ppsai-impl@icann.orghttps://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.