Hi all, I personally have many misgivings about starting this process from the POV of ICANN and CP Shared purposes. The disclosure of data to 3rd parties, is completely separate to the shared purposes we agreed to in Phase I (ignoring the "placeholder purpose" number 2). We are literally doing that which we have been constantly and consistently warned against doing i.e. the utter conflation of 3rd party purposes. Disclosure to 3rd parties is for THEIR purpose, not ours. Our disclosure may occur whether or not WE have a "purpose" to disclose . (It truly dismays me that we are still having this conversation) We should therefore not be guided by OUR purposes, but by the specifics of the actual request for disclosure. This then brings me swiftly to defining user groups; trying to define groups of potential disclosees is an exercise in infinite futility. The delineation should be based on the nature of the request for disclosure coupled with the grounding legal basis, not who incidentally made it (source is of course a consideration, but it's not realistically the determinative factor in most requests in my mind and a really shaky starting point). Kind regards, Alan [image: Donuts Inc.] <http://donuts.domains> Alan Woods Senior Compliance & Policy Manager, Donuts Inc. ------------------------------ The Victorians, 15-18 Earlsfort Terrace Dublin 2, County Dublin Ireland <https://www.facebook.com/donutstlds> <https://twitter.com/DonutsInc> <https://www.linkedin.com/company/donuts-inc> Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you. On Wed, Jun 12, 2019 at 9:07 PM Marika Konings <marika.konings@icann.org> wrote:
Thanks, Hadia for your feedback. If other EPDP Team members have additional suggestions or would like to share their thoughts on the approach proposed by Hadia, you are encouraged to do so in advance of tomorrow's EPDP Team meeting.
Best regards,
Caitlin, Berry and Marika
On 6/12/19, 12:58, "Hadia Abdelsalam Mokhtar EL miniawi" < Hadia@tra.gov.eg> wrote:
Dear Janis,
Thank you for outlining the charter section that is in relation to our work, however I do not see any contradiction between what I meant and the charter's question "a1) Under applicable law, what are legitimate purposes for third parties to access registration data?
The draft document circulated by staff says that the 3rd party purposes have been inspired/derived from the community responses to a request from ICANN at the end of June 2017 to identify user types and purposes of data elements required by ICANN policies and contracts. So instead of being driven by some data that was collected in 2017 which might include purposes that are not GDPR compliant, why not rely on our work that was developed in phase 1 - which actually stems from ICANN's purposes - and make this our base for identifying the users' types and purposes.
Article 5 (1)b of the GDPR - Purpose limitation -says that the data needs to be collected for specified, explicit and legitimate purposes and not processed in a manner that is incompatible with those purposes
Using our work as the starting point and base to identify the users and their purposes rather than previously collected data would yield to more up to date results.
So yes, my below points are not quite accurate, as for sure we shall need to refer to the third parties purposes when identifying the lawful basis and the data elements. But generally speaking I would like our starting point in identifying the users of the SSAD to be our previous work in phase 1 and not previously collected data that was in relation to the retired WHOIS and was prior to the GDPR and the temp Spec and could be debated forever.
I hope my thoughts are clearer this time and better organized
Regards
Hadia
________________________________ From: Janis Karklins <karklinsj@gmail.com> Sent: 12 June 2019 18:45 To: Hadia Abdelsalam Mokhtar EL miniawi Cc: Marika Konings; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Proposed agenda and materials for review - EPDP Team meeting Thursday 13 June at 14.00 UTC
Dear Hadia,
Thank you for your mail outlining your view on the scope of our task. I just checked the Charter and found the following tasks:
... (page 7) System for Standardized Access to Non-Public Registration Data Work on this topic shall begin once the gating questions above have been answered and finalized in preparation for the Temporary Specification initial report. The threshold for establishing “answered” for the gating questions shall be consensus of the EPDP Team and non-objection by the GNSO Council. (a) Purposes for Accessing Data – What are the unanswered policy questions that will guide implementation? a1) Under applicable law, what are legitimate purposes for third parties to access registration data? a2) What legal bases exist to support this access? a3) What are the eligibility criteria for access to non-public Registration data? a4) Do those parties/groups consist of different types of third-party requestors? a5) What data elements should each user/party have access to based on their purposes? a6) To what extent can we determine a set of data elements and potential scope (volume) for specific third parties and/or purposes? a7) How can RDAP, that is technically capable, allow Registries/Registrars to accept accreditation tokens and purpose for the query? Once accreditation models are developed by the appropriate accreditors and approved by the relevant legal authorities, how can we ensure that RDAP is technically capable and is ready to accept, log and respond to the accredited requestor’s token? ...
How would you reconcile your view with task a1 of the Charter? I simply want to understand different points of view to prepare better for the team meeting tomorrow.
Thank you JK
On Wed, Jun 12, 2019 at 3:03 PM Hadia Abdelsalam Mokhtar EL miniawi < Hadia@tra.gov.eg<mailto:Hadia@tra.gov.eg>> wrote: Dear Staff,
Thank you for the submitted document, however I have fundamental comments in relation to the logic through which we are handling the first topic of the SSAD that is defining the user groups and data elements
• The EPDP team should be considering only ICANN purposes and not third parties' purposes, for this reason the starting point in defining the users of the system should be the ICANN purposes previously defined in phase1. Whilst purpose 2 could be considered serving the public interest by maintaining the security, stability and resiliency of the DNS in accordance to ICANN's mission and bylaws
• So our starting point should be to analyze each of the 7 ICANN purposes to determine 1)who needs to access the registration data in order to fulfill this purpose 2)which parts of the data does he need to access in order to fulfil the purpose
• Stemming from the above will originate all of the user groups and categories as well as the data elements, like the ones in the sheets. We must remember that third parties' purposes are not our objectives but fulfilling ICANN's purposes is our objective and in satisfying ICANN's purposes access or disclosure to certain parts of the data is required for several types of users. Kind regards Hadia
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org<mailto: gnso-epdp-team-bounces@icann.org>] On Behalf Of Marika Konings Sent: Tuesday, June 11, 2019 3:41 PM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] Proposed agenda and materials for review - EPDP Team meeting Thursday 13 June at 14.00 UTC
Dear EPDP Team,
Please find below the proposed agenda for the next EPDP Team meeting which is scheduled for Thursday 13 June at 14.00 UTC. For agenda item 6c, you will find attached an initial draft of the agenda for the F2F meetings at ICANN65 – if you have any comments or suggestions, you are encouraged to share these. Please also review the document for agenda item 4 in advance of the meeting.
Best regards,
Caitlin, Berry and Marika
======================
EPDP Phase 2 - Meeting #6 Proposed Agenda Thursday, 13 June 2019 at 14.00 UTC
1. Roll Call & SOI Updates (5 minutes)
2. Confirmation of agenda (Chair)
3. Welcome and housekeeping issues (Chair) (10 minutes) • Working definitions – confirm posting of updated version on wiki • Legal advisory group – nominations received to date • SSAD Priority 1 worksheet status
4. SSAD – Topic c: Define user groups, criteria and purposes / lawful basis per user group (Marika) (40 minutes) a. Review purpose template developed by staff support team (see attached) b. EPDP Team input c. Confirm next steps
5. Presentation by Steve Crocker (40 minutes) a. Presentation b. Q & A
6. Any other business (5 minutes) a. Priority 2 small team meetings update
Reminder - Call schedule remaining priority 2 worksheets: • Monday 17 June – 13:00 – 14:30 UTC Potential OCTO Purpose Feasibility of unique contacts to have a uniform anonymized email address • TBC (post ICANN65) Accuracy and WHOIS ARS Deadline for providing input for those that were not able to attend the calls – proposed 20 June 2019. b. Confirm attendance for meeting on Thursday 13 June at 14.00 UTC c. ICANN65 EPDP Team meetings - Initial Draft Agenda (see attached)
7. Wrap and confirm next meeting to be scheduled for Thursday, 13 June at 14.00 UTC (5 minutes) a. Confirm action items b. Confirm questions for ICANN Org, if any
Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org>
Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses< https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages< https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...
.
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ( https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service ( https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.