Hi James,
Thanks again for the time and effort you and the Registrars put into this redline - it is appreciated and helpful IMO.
On the call this morning I quickly ran through several comments on your redline and now that I'm well caffeinated and had a chance to quickly sync with my team I wanted to repeat them here on the list.
1) Temp Spec section 4.4 address Processing of all kinds so I do not agree that purposes (in the subsections) that are somehow related to access should be removed or addressed in the access model (4.4.2, 4.4.9 for example). The GDPR requires that we define/set a specific set of purposes up front for all Processing related to gTLD registration data. (See letters from Art 29) While i understand and agree that discussions around access models or implementation or accreditation won't happen until we answer several gating questions, we must still define specific purposes for lawful processing for all types of processing, including access, now.
2) Regarding 4.4 itself, I suggest we continue to work on updates to this section on the thread started by Thomas shortly before our call today and my reply.
3) We do not agree with the removal of 4.4.2. However given you clarified that these purposes are for Registrars only and in light of the discussion on the need to create several sub-sections under 4.4 to ensure we do not conflate purposes of various controllers and 3rd parties we believe Section 4.4.2 would be better suited in the ICANN purposes sub-section.
4) We also disagree with the updates to 4.4.8. Mostly because it is not clear to us what "tailored mechanisms designed to protect intellectual property interests (as provide[d]) for by Section 4.4)" means. If the intent was to refer to section 4.4.12, which references the URS and UDRP as the "tailored mechanisms", then we would also object as URS and UDRP only address a subset of intellectual property interests. We also have an issue with the footnote that states that the items in 4.4.8 "go beyond the original purpose (domain name registrations) for collecting data." but perhaps this can also be addressed when we move purposes into their respective sections.
5) Finally we believe that any dispute resolution capabilities for registrars and registries need to be thought out carefully, and reserve further comment until more details are known.
Thanks!!
Alex