Hi Alex,

I actually read the letter a bit differently. You are correct that it stresses the need for such a model, particulararly for law enforcement and government agencies, but it does not state that such a model is per se compliant with GDPR, but rather that care must be taken that the model is compliant.

We cannot simply design any old model and call it compliant, the model we design must comply with the principles I referred to in my earlier mail to be compliant.

I do not doubt we will be able to design such a compliant model though.

And believe me, I have talked to many at ICANN meetings and other venues who still believe that access to the UAM will mean full access. While I don't know whether such beliefs or hopes are also held by members here (I sure hope not), it would be helpful if we can agree on that as a basis.

Best,

Volker

Am 04.05.2019 um 22:55 schrieb Alex Deacon:

Thanks Chris for forwarding these letters to the team.  And thanks also to both ICANN org and the European Commission for this important input and very helpful clarification.

The EC letter makes it very clear that the development of a unified access model is not only vital, urgent and a matter of priority, but also that such a model would be fully in line with EU data protection rules (i.e., the GDPR).    Clearly we have a lot of work to do to attain this goal and our main focus should be to chart a path (work plan, schedule, etc.) to achieve it and then get to work.  

In response to these letters:

First, the IPC agrees completely that "ICANN and the contracted parties may enable access to and disclose registration data upon request from a third party showing a legitimate interest, provided both the controller - ICANN and/or the contracted parties - and the third party have a legal basis for such processing (see below)."    

Second, we do not understand assertions that some are arguing for an "all-access" WHOIS model or that there exists a set of people who believe we can somehow return to unfettered WHOIS access. Spending time arguing against positions that do not exist in the ePDP is distracting and a waste of time.

Lastly, while we appreciate Volker’s suggestion to create shortcuts to save time, we do not agree that issues related to access for LEA should be prioritized ahead of issues related to other third party legitimate interests. LEA have their own processes for getting standardized access to data, which are different from the private sector. IP and consumer protection do not, and LEA access methods will not be particularly relevant in addressing these issues.  To expeditiously complete a standardized access model, we should focus on answering the questions as outlined in the charter - and build a framework to accommodate standardized access for all legitimate interests in compliance with the law.

Regards, 
Alex

___________
Alex Deacon
Cole Valley Consulting
+1.415.488.6009



On Fri, May 3, 2019 at 4:11 AM Chris Disspain <chris@disspain.uk> wrote:
Hello All,

As you will know, on 26 April Göran Marby wrote to the European Commission seeking additional information regarding their comments of 17 April. That letter is attached for ease of reference. 

A response has now been received from the Commission and I attach that for your information. 



Cheers,


CD



_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team

_______________________________________________
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
--
Volker A. Greimann
General Counsel and Policy Manager
KEY-SYSTEMS GMBH

T: +49 6894 9396901
M: +49 6894 9396851
F: +49 6894 9396851
W: www.key-systems.net

Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835
CEO: Alexander Siffrin

Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.