Hi Benedict, Volker and all,
Thanks for the suggested language, Benedict. 

I think this really needs to be discussed with the entire team. 

Given ICANN’s limited mandate, the purpose needs to be tied to the scope of the bylaws. 

Notwithstanding that, contracted parties could claim to pursue such purpose and base their own processing on that, so I think we need to discuss this and have a clear demarcation between what ICANN’s role is and what interests the contracted parties might pursue.

Best
Thomas

Am 17.10.2018 um 10:29 schrieb Volker Greimann <vgreimann@key-systems.net>:

This purpose description seems to be a significant case of mission creep by including non-technical uses under the commitment  of section 1.2(a)(i), which should remain focussed on the technical role of ICANN of maintaining a secure, stable and resiliant DNS. 

Adding in fraud or crime prevention expends the scope beyond that contemplated in the bylaws and should be rejected.

The best definition of this purpose is included in the bylaws under the scope of the Security, Stability, and Resiliency Review as well as the Annexes G1 and G2, none of which provide for such a broad interpretation of this purpose.

This purpose is a technical function with some elements regulating the behaviour of those parties that a delegated elements of this technical functions, e.g. the contracted parties, with regard to this technical function.

Best,

Volker


Am 16.10.2018 um 23:28 schrieb Caitlin Tubergen:
Thanks, Benedict.
 
Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona.

Thanks again for taking the lead on this!
 
Best regards,
 
Marika, Berry and Caitlin
 
From: Benedict Addis <bee@theale.co.uk>
Date: Tuesday, October 16, 2018 at 6:21 AM
To: Kurt Pritz <kurt@kjpritz.com>
Cc: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja>, Lindsay Hamilton-Reid <lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen <caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" <gnso-epdp-lead@icann.org>
Subject: [Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team
 
Dear all, 
 
On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50.
 
[ICANN requires that registration data is processed for the purpose of...]
 
maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security.
 
I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion.
 
Thoughts?
B



 


_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team

-- 
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
F: +49 6894 9396851
W: www.key-systems.net

Key-systems is a company registered in Germany with Registration No.: HR B 18835 - Saarbruecken: CEO: Alexander Siffrin
Registered Offices: Im Oberen Werk 1, DE-66386 St. Ingbert, Germany

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
Registered Offices: 35-39 Moorgate, London, EC2R 6AR.
_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team