Diane and team – I’m much more comfortable with the term “over-application” versus “over-compliance.” The former has some basis in aligning the policy to the law. The latter speaks to the risk tolerance of any given Contracted Party. Cheers— J. ------------- James Bladel GoDaddy From: "Plaut, Diane" <Diane.Plaut@corsearch.com> Date: Friday, November 9, 2018 at 16:05 To: Thomas Rickert <epdp@gdpr.ninja>, "James M. Bladel" <jbladel@godaddy.com>, Alex Deacon <alex@colevalleyconsulting.com>, "Mark Svancarek (CELA)" <marksv@microsoft.com>, Margie Milam <margiemilam@fb.com>, Steve DelBianco <sdelbianco@netchoice.org>, "King, Brian" <brian.king@markmonitor.com> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application Dear Ayden and James, We have read your input and respect it but applying privacy and data protection laws involves balance. As the GDPR states, "the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights." Those other fundamental rights include the rights to personal security, rights to protect one's creations, rights to be free from sexual exploitation and a host of other rights and interests, as you certainly appreciate. For example, we heard in Barcelona from a Swedish law enforcement official that redaction of WHOIS data is impeding his unit's investigations into child sexual exploitation. It seems to us, your approach is not adequately taking into account the fundamental balance of competing rights that need to be weighed in striking an appropriate application of privacy law. We all value privacy rights but other rights must also be considered in balance, and although we may have different views from yours on the issue at hand, we feel just as strongly about ethical standards and ensuring those standards are met. We agree with James' statement that there is no such concept as "over-compliance" within privacy law--the accurate language, as written in our text is "over-application" rather than "over-compliance." Moreover, we point out that policy recommendations do not warrant the use of legal terms but descriptive language. There is legal and general definitional meaning of “over-application, ” but for full clarity purposes, we will amend our comments to: “misapplication of the GDPR specifically, and relevant data protection laws.” Lastly, we point out, as Milton stated at the end of our last team call, we should not be editing other group’s comments. Therefore, while we will edit the above-noted language to take into account your sentiments, the intent and meaning of our comments should not be changed. Sincerely, Diane Diane Plaut General Counsel and Privacy Officer [cid:image001.png@01D3CA70.18FC1D40] Direct +1 646-899-2806 diane.plaut@corsearch.com<mailto:diane.plaut@corsearch.com> 220 West 42nd Street, 11th Floor, New York, NY 10036, United States www.corsearch.com<http://www.corsearch.com/> Join Corsearch on Twitter<https://twitter.com/corsearch> Linkedin<https://www.linkedin.com/company/2593860/> Trademarks + Brands<http://trademarksandbrands.corsearch.com/> Customer Service/Platform Support: 1 800 SEARCH1™ (1 800 732 7241) Corsearch.USCustomerService@corsearch.com<mailto:Corsearch.USCustomerService@corsearch.com> Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession. From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Thomas Rickert <epdp@gdpr.ninja> Date: Friday, November 9, 2018 at 12:29 PM To: "James M. Bladel" <jbladel@godaddy.com> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I agree with Ayden and James. As the term „over-application“ is not a legal term, there is the risk that it is understood as conveying a (negative) value judgement. In our report, we should rather present diverging views in an unbiased fashion. Kind regards, Thomas Am 09.11.2018 um 17:11 schrieb James M. Bladel <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>: Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible. J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>> Reply-To: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Cc: "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: Dear All, Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest. Best regards, Caitlin, Berry and Marika Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
