Hi Volker,

 

If I can assist, no such insinuation was intended as to you, nor any entity or group in the EPDP. We know that you are of the highest moral caliber. I find this portion of the Wikipedia article on conflict of interest to be helpful, “The existence of such conflicts is an objective fact, not a state of mind, and does not in itself indicate any lapse or moral error.” (https://en.wikipedia.org/wiki/Conflict_of_interest)

 

All,

 

The IPC has concerns based on this concept: “A conflict of interest exists if the circumstances are reasonably believed (on the basis of past experience and objective evidence) to create a risk that a decision may be unduly influenced by other, secondary interests, and not on whether a particular individual is actually influenced by a secondary interest.” (Id.) Our past experience (https://www.markmonitor.com/mmblog/commentary/gdpr-and-the-impact-on-brand-protection-one-year-later/) shows that registrars ignore or deny 87% of data requests we think they should have honored. So, we reasonably believe that registrars’ decision making around “reasonable access” under the Temporary Specification is being influenced by other interests.

 

Some registrar interests that are in conflict (objectively) with providing access are: a) operational efficiency; b) GDPR penalties; and c) future customer business. a) Operational efficiency has been addressed by Phase 1 Recommendation 18 which requires registrars to respond, removing the conflict of operational efficiency that could be gained by ignoring requests. b) The risk of GDPR penalties cannot be avoided regardless of who makes disclosure decisions. c) The conflict of future customer business is the biggest remaining addressable conflict. Registrars have a financial interest in future customer business, and this interest is objectively in conflict with registrars’ interest in providing information about their customers. This conflict is largely eliminated by shifting decision making to ICANN. While registrars stand to lose customers to other registrars if the market perceives them as being too likely to reveal customer data, ICANN’s position both as a nonprofit and as the sole coordinator of the DNS means that their ~$0.25 per domain interest is far more insulated from this conflict than the contracted parties’ interest in future customer business.

 

So, without attributing motivations to any party or group, we submit that the economic realities show centralized decision making to be a better approach from a conflict of interest perspective.

 

 

 

Hi,

while I personally like Jen very much, I find this comment and the implication of a conflict of interest immensely offensive. This insiunuation of intent to profit from illicit use is frankly outrageous.

Volker

 

Hello All,

 

In my opinion, the Registrar is the worst party to be the decision maker of the data subject due to the blatant conflict of interest. The registrant will have already entered into a legal relationship with the registrar under the registrant (end user) agreement along with it being in the best interests of the registrar to not terminate the relationship with the registrant.  Therefore, I hope Milton is not saying that he will hold up consensus even if the DPAs do support the isolation of centralized decision making within ICANN Org.

 

Best regards,

Jennifer

 

 

---

Jennifer Gore Internet Governance Winterfeldt IP Group 1200 17th St NW, Ste 501 Washington, DC  20036 jennifer@winterfeldt.law +1 202 340 9631

 

From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Mueller, Milton L
Sent: Tuesday, December 3, 2019 1:29 PM
To: King, Brian <Brian.King@markmonitor.com>; gnso-epdp-team@icann.org
Subject: Re: [Gnso-epdp-team] Draft Initial Report

 

From: King, Brian <Brian.King@markmonitor.com>

>Are you saying that even if the DPB writes to the Strawberries and says

>“yes, it’s possible to isolate liability for decision-making centrally with

>ICANN Org”, it would still be impossible for us to come to consensus on

>the centralized decision-making model? (ignoring how (un)likely we think

>that response is)

 

Yes, indeed. That is what I am saying. This is one reason we are not so pleased with all this kerfuffle about the EDPB. You’re putting the cart before the horse.

 

What matters is not whether it is legally _possible_ for ICANN to magically absorb the legal responsibility of the registrars for releasing the data of their customers; what matters is whether that is _desirable_ from a policy standpoint. Legal advice or “guidance” from the EDPB has no bearing on what is the right policy, it only clarifies whether one of the policy options is feasible.

 

We want the disclosure decision to be made as close as possible to the party who is directly accountable to the registrant, the data subject, and that’s the registrar. We believe that the legitimate interests of data requestors are served by standardizing the process, and centralizing and facilitating requests, but centralizing disclosure is going to make it into an automated rubber stamp, as I suspect you have already figured out.

 

Dr. Milton L Mueller

School of Public Policy

Georgia Institute of Technology

 

 

 

_______________________________________________

Gnso-epdp-team mailing list

Gnso-epdp-team@icann.org

https://mm.icann.org/mailman/listinfo/gnso-epdp-team

_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.