I’m not sure I understand the “conflict of interest” cited by Jennifer, below. Are you proposing that Registrars will refuse to disclose data solely on the basis of having a service agreement
with the data subject? And how does disclosure terminate the customer relationship…I don’t recall our discussing this.
While I can’t speak for the Registrars that Jennifer has worked with or for, I don’t believe most Registrars would suspend or terminate service based on a disclosure request. And while we seek
to protect and secure our Registrant customers’ data, no Registrar I know would harbor an abusive or criminal actor for the sake of a $20 domain name.
The primary interests in play are (1) the Registrar’s interests in avoiding fines by complying with data protection law, and (2) the Registrar’s interest in avoiding legal action by their Registrant
customers (individually or as a class) for improper disclosure of their private data.
J.
-------------
James Bladel
GoDaddy
From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Jennifer Gore <Jennifer@winterfeldt.law>
Date: Tuesday, December 3, 2019 at 15:57
To: "'Mueller, Milton L'" <milton@gatech.edu>, "King, Brian" <Brian.King@markmonitor.com>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org>
Subject: Re: [Gnso-epdp-team] Draft Initial Report
Notice:
This email is from an external sender.
Hello All,
In my opinion, the Registrar is the worst party to be the decision maker of the data subject due to the blatant conflict of interest. The registrant will have already entered into a legal relationship
with the registrar under the registrant (end user) agreement along with it being in the best interests of the registrar to
not terminate the relationship with the registrant. Therefore, I hope Milton
is not saying that he will hold up consensus even if the DPAs do support the isolation of centralized decision making within ICANN Org.
Best regards,
Jennifer
|
Jennifer Gore
Internet Governance Winterfeldt IP Group +1 202 340 9631 |
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org]
On Behalf Of Mueller, Milton L
Sent: Tuesday, December 3, 2019 1:29 PM
To: King, Brian <Brian.King@markmonitor.com>; gnso-epdp-team@icann.org
Subject: Re: [Gnso-epdp-team] Draft Initial Report
From: King, Brian <Brian.King@markmonitor.com>
>Are you saying that even if the DPB writes to the Strawberries and says
>“yes, it’s possible to isolate liability for decision-making centrally with
>ICANN Org”, it would still be impossible for us to come to consensus on
>the centralized decision-making model? (ignoring how (un)likely we think
>that response is)
Yes, indeed. That is what I am saying. This is one reason we are not so pleased with all this kerfuffle about the EDPB. You’re putting the cart before the horse.
What matters is not whether it is legally _possible_ for ICANN to magically absorb the legal responsibility of the registrars for releasing the data of their customers; what matters is whether
that is _desirable_ from a policy standpoint. Legal advice or “guidance” from the EDPB has no bearing on what is the right policy, it only clarifies whether one of the policy options is feasible.
We want the disclosure decision to be made as close as possible to the party who is directly accountable to the registrant, the data subject, and that’s the registrar. We believe that the legitimate
interests of data requestors are served by standardizing the process, and centralizing and facilitating requests, but centralizing disclosure is going to make it into an automated rubber stamp, as I suspect you have already figured out.
Dr. Milton L Mueller
School of Public Policy
Georgia Institute of Technology
