Hello Everyone,

Over the past couple of weeks there has been a recurring theme in our calls and in some of the side discussions that I have had with some members regarding about how the potential lack of a Data Processing Agreement between ICANN Org and the Contracting Parties might negatively impact our future work and/or recommendations.

Therefore I would like to propose to the group for their consideration the following additional questions that we may want to propose to ICANN Org as we continue our work:

•            “Is ICANN able to access registration data under the GDPR on the basis that it has a legitimate interest in checking the accuracy of the data?  Has ICANN ever received or plans to receive legal advice on this particular topic? 

•            Does ICANN believe that the Data Protection Agreement between itself and the Contracted Parties is a necessary legal requirement for requesting and receiving this data, and if so for what legal reason?" 

As always I welcome any thoughts and or considerations?

Best regards,

Michael