Hi Milton,

It is not a problem. To answer the question from Kavouss first, the reason I didn't include Law Enforcement in this proposed update was because I used the list in the current 4.4.8. Law enforcement is mentioned in 4.4.9 and based on your email it sounds like it should probably be discussed/described separately from those listed in 4.4.8.

Also, as you know personal data needs to be collected for specified, explicit and legitimate purposes. (Article 5(1)(b)) so given we removed "including but not limited to" we need to be explicit and not use general language.

In addition the principle of transparency mentioned in recital 39 ("In particular, the specific purposes for which personal data are processed should be explicit and legitimate and determined at the time of collection of the personal data") and 58 ("The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand..." are relevant. This principal is further defined in Article 12(1) and Article 13(1).

Thanks and stay dry!

Alex

On Wed, Sep 12, 2018 at 6:24 PM Mueller, Milton L <milton@gatech.edu> wrote:

This is the problem you get into when you start listing specific legitimate interests. Someone will always come up with another suggestion. I think it is much better to leave those specifics off and use the general language. Surely law enforcement is a third party legitimate interest and will often have a legal basis. But some times they will not have a legal basis. You can’t say categorically that a law enforcement agency ALWAYS has a right. Same goes for IPR.

Milton L Mueller
Professor, School of Public Policy

Georgia Institute of Technology

On Sep 12, 2018, at 13:19, Kavouss Arasteh <kavouss.arasteh@gmail.com> wrote:

Dear Alex,
Tks

What about law enforcement ?

Tks

Kavouss

On Tue, Sep 11, 2018 at 10:34 PM Alex Deacon <alex@colevalleyconsulting.com> wrote:

Hi All,

As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.

While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.

4.4.8  Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.

The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.

Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.

Alex

--

___________
Alex Deacon

Cole Valley Consulting

alex@colevalleyconsulting.com

+1.415.488.6009

_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team

_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team

___________

Alex Deacon

Cole Valley Consulting

alex@colevalleyconsulting.com

+1.415.488.6009