Materials for tomorrow's PP IRT meeting are attached
Dear Colleagues, This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC. A draft markup of the PPAA is attached. This markup is for discussion purposes only-it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only. We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list): 1. Some suggested edits track what's in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? 2. The disclosure frameworks seem to be written from the position that there's no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn't seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. 3. The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model<https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? 4. Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? 5. Following the completion of the IRT's review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? 6. We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list. One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org>
Hi Amy Apologies, I will not be able to make the call tomorrow as I am on holiday. Many thanks Lindsay Lindsay Hamilton-Reid Senior Legal Counsel Direct: +44 (0)1452 509145 | Mobile: +44 (0)7720 091147 | Email: Lindsay.Hamilton-Reid@1and1.co.uk<mailto:Lindsay.Hamilton-Reid@1and1.co.uk> www.fasthosts.co.uk<http://www.fasthosts.co.uk/> www.1and1.co.uk<http://www.1and1.co.uk/> [fh-1and1] (c) 2015 All rights reserved. Fasthosts is the trading name of Fasthosts Internet Limited. Company registration no. 03656438. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 720821857. 1&1 is the trading name of 1&1 Internet Limited. Company registration no. 03953678. Registered in England and Wales. Registered office: Discovery House, 154 Southgate Street, Gloucester, GL1 2EX. VAT no. 752539027. This message (including any attachments) is confidential and may be legally privileged. If you are not the intended recipient, you should not disclose, copy or use any part of it - please delete all copies immediately and notify 1&1 on 0844 335 1211 or Fasthosts on 0333 0142 700. Any statements, opinions or information in this message are provided by the author, not on behalf of 1&1 and/or Fasthosts, unless subsequently confirmed by an individual who is authorised to represent 1&1 and/or Fasthosts. [linkedin]<http://www.linkedin.com/company/fasthosts-internet-ltd>[twitter]<https://twitter.com/Fasthosts>[facebook]<https://www.facebook.com/fasthostsinternet>[gplus]<https://plus.google.com/u/0/b/107582097021398424605/+fasthosts/posts>[blog]<http://blogs.fasthosts.co.uk/>[youtube]<http://www.youtube.com/user/Fasthostsinternet> From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of Amy Bivins Sent: 29 August 2018 14:22 To: gdd-gnso-ppsai-impl@icann.org Subject: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached Dear Colleagues, This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC. A draft markup of the PPAA is attached. This markup is for discussion purposes only-it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only. We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list): (1) Some suggested edits track what's in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? (2) The disclosure frameworks seem to be written from the position that there's no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn't seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. (3) The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model<https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? (4) Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? (5) Following the completion of the IRT's review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? (6) We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list. One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org>
First thoughts: 1) Disclosure framework: I ageree there needs to be provider discretion. Having no discretion was not the intent and would be in violation of the GDPR anyway, and therefore void. Let's not start the program with contractual sections that are void. Good catch, Amy! 2) Where is the legal review? Will we get to see it or has it been classified? Do we have to do a freedom of information request to gain access to it? 3) The temp spec is _not_ consensus policy. It is a !temporary! stopgap implemented by the board that has no further effect. I strongly object to expand the scope of the temporary specification as decided by the board beyond the scope envisioned by the board when it was passed by including it as part of the contract in any form or shape. Including it in the contract would have an effect that would enshrining the spec for longer than its maximum possible effectiveness. Any "tracking" of the temp spec in the proposed edits need to be removed. The ICANN board can do another temporary specification if there is a need for such changes. Similarly, the Draft framework for the UAM has no place here, however if ever a UAM were to come into being, this could replace the currently proposed disclosure framework lock stock and barrel. But that will be up to the PDP that decides on the UAM to include here. Right now, the UAM is nothing. 4) Other issues, GDPR impact and public comment: Will need more time for review on that. Will not be ready for any substantive comment by tomorrow, best keep that until next week. 5) The fees still need to go. Best, Volker Am 29.08.2018 um 15:21 schrieb Amy Bivins:
Dear Colleagues,
This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC.
A draft markup of the PPAA is attached. This markup is for discussion purposes only—it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only.
We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list):
1. Some suggested edits track what’s in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? 2. The disclosure frameworks seem to be written from the position that there’s no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn’t seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. 3. The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? 4. Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? 5. Following the completion of the IRT’s review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? 6. We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list.
One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider.
Best,
Amy
*Amy E. Bivins*
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax: +1 (202) 789-0104
Email: amy.bivins@icann.org <mailto:amy.bivins@icann.org>
www.icann.org <http://www.icann.org>
_______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
Hi Amy, Re: Do you believe there is any reason why the IRT should not proceed to public comment? Not having access to ICANN's legal review seems like impediment. Shouldn't we understand ICANN Legal's perspective before opening this up for comment? ICANN's desire to align the policy with the language in the Temp Spec is problematic considering this language will likely be changed as a result of the ePDP (or discarded entirely if the Temp Spec expires and the ePDP doesn't finish its work). I understand the desire to align this policy with other ICANN policy relating to GDPR, but that policy isn't finalized (it's temporary :)). I don't know how alignment is possible without waiting for the ePDP to conclude its work. -Greg From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of Volker Greimann Sent: Wednesday, August 29, 2018 9:44 AM To: gdd-gnso-ppsai-impl@icann.org Subject: Re: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached First thoughts: 1) Disclosure framework: I ageree there needs to be provider discretion. Having no discretion was not the intent and would be in violation of the GDPR anyway, and therefore void. Let's not start the program with contractual sections that are void. Good catch, Amy! 2) Where is the legal review? Will we get to see it or has it been classified? Do we have to do a freedom of information request to gain access to it? 3) The temp spec is _not_ consensus policy. It is a !temporary! stopgap implemented by the board that has no further effect. I strongly object to expand the scope of the temporary specification as decided by the board beyond the scope envisioned by the board when it was passed by including it as part of the contract in any form or shape. Including it in the contract would have an effect that would enshrining the spec for longer than its maximum possible effectiveness. Any "tracking" of the temp spec in the proposed edits need to be removed. The ICANN board can do another temporary specification if there is a need for such changes. Similarly, the Draft framework for the UAM has no place here, however if ever a UAM were to come into being, this could replace the currently proposed disclosure framework lock stock and barrel. But that will be up to the PDP that decides on the UAM to include here. Right now, the UAM is nothing. 4) Other issues, GDPR impact and public comment: Will need more time for review on that. Will not be ready for any substantive comment by tomorrow, best keep that until next week. 5) The fees still need to go. Best, Volker Am 29.08.2018 um 15:21 schrieb Amy Bivins: Dear Colleagues, This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC. A draft markup of the PPAA is attached. This markup is for discussion purposes only-it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only. We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list): (1) Some suggested edits track what's in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? (2) The disclosure frameworks seem to be written from the position that there's no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn't seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. (3) The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model<https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? (4) Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? (5) Following the completion of the IRT's review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? (6) We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list. One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org> _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org<mailto:Gdd-gnso-ppsai-impl@icann.org> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
Hi Greg, Volker, and all, To clarify-the Legal "review" we received was a markup/redline of the PPAA draft. Privileged information-questions/comments to/from attorneys--have been stripped out, but this is otherwise what the document looked like when we received it. There's no separate "review" document or anything like that. Apologies for any confusion on that. I look forward to discussing the other points raised so far on our call tomorrow. I know it's not realistic for IRT members to fully consider all of the issues between now and then, or that we could cover all issues in the 60 minutes scheduled for the call, but we can at least begin and determine where to go from here. Best, Amy From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of DiBiase, Gregory via Gdd-gnso-ppsai-impl Sent: Wednesday, August 29, 2018 1:56 PM To: gdd-gnso-ppsai-impl@icann.org Subject: Re: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached Hi Amy, Re: Do you believe there is any reason why the IRT should not proceed to public comment? Not having access to ICANN's legal review seems like impediment. Shouldn't we understand ICANN Legal's perspective before opening this up for comment? ICANN's desire to align the policy with the language in the Temp Spec is problematic considering this language will likely be changed as a result of the ePDP (or discarded entirely if the Temp Spec expires and the ePDP doesn't finish its work). I understand the desire to align this policy with other ICANN policy relating to GDPR, but that policy isn't finalized (it's temporary :)). I don't know how alignment is possible without waiting for the ePDP to conclude its work. -Greg From: Gdd-gnso-ppsai-impl [mailto:gdd-gnso-ppsai-impl-bounces@icann.org] On Behalf Of Volker Greimann Sent: Wednesday, August 29, 2018 9:44 AM To: gdd-gnso-ppsai-impl@icann.org<mailto:gdd-gnso-ppsai-impl@icann.org> Subject: Re: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached First thoughts: 1) Disclosure framework: I ageree there needs to be provider discretion. Having no discretion was not the intent and would be in violation of the GDPR anyway, and therefore void. Let's not start the program with contractual sections that are void. Good catch, Amy! 2) Where is the legal review? Will we get to see it or has it been classified? Do we have to do a freedom of information request to gain access to it? 3) The temp spec is _not_ consensus policy. It is a !temporary! stopgap implemented by the board that has no further effect. I strongly object to expand the scope of the temporary specification as decided by the board beyond the scope envisioned by the board when it was passed by including it as part of the contract in any form or shape. Including it in the contract would have an effect that would enshrining the spec for longer than its maximum possible effectiveness. Any "tracking" of the temp spec in the proposed edits need to be removed. The ICANN board can do another temporary specification if there is a need for such changes. Similarly, the Draft framework for the UAM has no place here, however if ever a UAM were to come into being, this could replace the currently proposed disclosure framework lock stock and barrel. But that will be up to the PDP that decides on the UAM to include here. Right now, the UAM is nothing. 4) Other issues, GDPR impact and public comment: Will need more time for review on that. Will not be ready for any substantive comment by tomorrow, best keep that until next week. 5) The fees still need to go. Best, Volker Am 29.08.2018 um 15:21 schrieb Amy Bivins: Dear Colleagues, This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC. A draft markup of the PPAA is attached. This markup is for discussion purposes only-it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only. We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list): 1. Some suggested edits track what's in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? 2. The disclosure frameworks seem to be written from the position that there's no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn't seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. 3. The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model<https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? 4. Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? 5. Following the completion of the IRT's review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? 6. We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list. One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org> _______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org<mailto:Gdd-gnso-ppsai-impl@icann.org> https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
I agree with Volker regarding the Temporary Specification and UAM. They are moving targets right now. Not a good idea to embed them in an implementation plan. -Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* ============================= On Wed, Aug 29, 2018 at 11:44 AM Volker Greimann <vgreimann@key-systems.net> wrote:
First thoughts:
1) Disclosure framework: I ageree there needs to be provider discretion. Having no discretion was not the intent and would be in violation of the GDPR anyway, and therefore void. Let's not start the program with contractual sections that are void. Good catch, Amy!
2) Where is the legal review? Will we get to see it or has it been classified? Do we have to do a freedom of information request to gain access to it?
3) The temp spec is _not_ consensus policy. It is a !temporary! stopgap implemented by the board that has no further effect. I strongly object to expand the scope of the temporary specification as decided by the board beyond the scope envisioned by the board when it was passed by including it as part of the contract in any form or shape. Including it in the contract would have an effect that would enshrining the spec for longer than its maximum possible effectiveness. Any "tracking" of the temp spec in the proposed edits need to be removed. The ICANN board can do another temporary specification if there is a need for such changes. Similarly, the Draft framework for the UAM has no place here, however if ever a UAM were to come into being, this could replace the currently proposed disclosure framework lock stock and barrel. But that will be up to the PDP that decides on the UAM to include here. Right now, the UAM is nothing.
4) Other issues, GDPR impact and public comment: Will need more time for review on that. Will not be ready for any substantive comment by tomorrow, best keep that until next week.
5) The fees still need to go.
Best, Volker
Am 29.08.2018 um 15:21 schrieb Amy Bivins:
Dear Colleagues,
This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC.
A draft markup of the PPAA is attached. This markup is for discussion purposes only—it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only.
We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list):
1. Some suggested edits track what’s in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? 2. The disclosure frameworks seem to be written from the position that there’s no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn’t seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. 3. The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? 4. Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? 5. Following the completion of the IRT’s review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? 6. We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list.
One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider.
Best,
Amy
*Amy E. Bivins*
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax: +1 (202) 789-0104
Email: amy.bivins@icann.org
www.icann.org
_______________________________________________ Gdd-gnso-ppsai-impl mailing listGdd-gnso-ppsai-impl@icann.orghttps://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUPwww.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUPwww.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
I won’t be able to attend as I’m at an event. I also agree with the concerns raised by others about pegging *anything* to a moving target, which the Temp Spec is TLDR – it’s not policy – it’s a stopgap. Baking it into anything else is a really bad idea Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces@icann.org> on behalf of Amy Bivins <amy.bivins@icann.org> Reply-To: "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> Date: Wednesday 29 August 2018 at 16:22 To: "gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> Subject: [Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached Dear Colleagues, This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC. A draft markup of the PPAA is attached. This markup is for discussion purposes only—it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only. We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list): 1. Some suggested edits track what’s in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? 2. The disclosure frameworks seem to be written from the position that there’s no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn’t seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. 3. The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model<https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? 4. Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? 5. Following the completion of the IRT’s review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? 6. We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list. One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider. Best, Amy Amy E. Bivins Registrar Services and Engagement Senior Manager Registrar Services and Industry Relations Internet Corporation for Assigned Names and Numbers (ICANN) Direct: +1 (202) 249-7551 Fax: +1 (202) 789-0104 Email: amy.bivins@icann.org<mailto:amy.bivins@icann.org> www.icann.org<http://www.icann.org>
Agreed on the moving target part. Not too mention another moving target that will render most of our work right down into the trash if it happens. http://domainincite.com/23371-could-a-new-us-law-make-gdpr-irrelevant This draft seems to be in direct conflict with some of the WG's recommendations; https://via.hypothes.is/https://www.internetgovernance.org/wp-content/upload... Thanks, Theo On 30-8-2018 7:55, Michele Neylon - Blacknight wrote:
I won’t be able to attend as I’m at an event.
I also agree with the concerns raised by others about pegging **anything** to a moving target, which the Temp Spec is
TLDR – it’s not policy – it’s a stopgap. Baking it into anything else is a really bad idea
Regards
Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
*From: *Gdd-gnso-ppsai-impl <gdd-gnso-ppsai-impl-bounces@icann.org> on behalf of Amy Bivins <amy.bivins@icann.org> *Reply-To: *"gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> *Date: *Wednesday 29 August 2018 at 16:22 *To: *"gdd-gnso-ppsai-impl@icann.org" <gdd-gnso-ppsai-impl@icann.org> *Subject: *[Gdd-gnso-ppsai-impl] Materials for tomorrow's PP IRT meeting are attached
Dear Colleagues,
This is a reminder that the PP IRT will meet tomorrow, Thursday, 30 August, at 1600 UTC.
A draft markup of the PPAA is attached. This markup is for discussion purposes only—it is not a final proposal and remains subject to revision. The draft is being circulated, without further delay, to continue the conversation. It has not been approved by senior management and is for discussion only.
We would like to begin discussing the following topics tomorrow (but please feel free to comment before then on the list):
1. Some suggested edits track what’s in the Temporary Specification for gTLD Registration Data. For example, section 3.5.3.3. How should we approach drafting provisions modeled on the Temp Spec, given that its language is subject to change in the near future? 2. The disclosure frameworks seem to be written from the position that there’s no discretion for the Provider to not provide the underlying customer data if the conditions in the framework are met. Is this the intent? This could potentially cause issues under the GDPR, because this doesn’t seem to leave room to balance the interests of the data subjects with the legitimate interest of the parties requesting personal data. 3. The disclosure frameworks raise additional GDPR-related questions that are similar to questions raised in the Draft Framework Elements of a Potential Unified Access Model <https://www.icann.org/en/system/files/files/framework-elements-unified-acces...> paper published by ICANN org. For example, what would the requirements be for logging requests for disclosure made under the frameworks (or even requests not governed by the frameworks)? 4. Do you see any other issues that you believe must be addressed related to GDPR that were not addressed in this markup? 5. Following the completion of the IRT’s review of this draft accreditation agreement and related matters, we believe are ready to proceed to public comment. Do you believe there is any reason why the IRT should not proceed to public comment? 6. We have heard questions from various members of the community about how the proposed accreditation program requirements will operate within the current Temp Spec RDDS environment. These proposed program requirements do not address how PP registrations interact with a gated access model or how they might be impacted, if at all, by the results of the EPDP. Is this an issue that the IRT believes should be explored at this stage? If any member of the IRT wishes to raise any comments or points about this topic, you are encouraged to do so during the IRT call or via the list.
One area that may need further attention in the agreement is specifically defining what data is to be collected and for what purpose. In addition, the new Specification 8 contains some data processing requirements, but additional discussion is needed on the appropriate controller arrangements that are needed between ICANN, the registrar and the Provider.
Best,
Amy
*Amy E. Bivins*
Registrar Services and Engagement Senior Manager
Registrar Services and Industry Relations
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct: +1 (202) 249-7551
Fax: +1 (202) 789-0104
Email: amy.bivins@icann.org <mailto:amy.bivins@icann.org>
www.icann.org <http://www.icann.org>
_______________________________________________ Gdd-gnso-ppsai-impl mailing list Gdd-gnso-ppsai-impl@icann.org https://mm.icann.org/mailman/listinfo/gdd-gnso-ppsai-impl
participants (7)
-
Amy Bivins -
Carlton Samuels -
DiBiase, Gregory -
Lindsay Hamilton-Reid -
Michele Neylon - Blacknight -
Theo Geurts -
Volker Greimann