Dear All, We are up to the teeth on work before finalizing the Final Report Not wirthstanding the need or otherwise " Purpose O"my question is do we really need to conclude on that ? Does it have a priority within the framework of GPDR ,Phase 1 ( Current EPDP work ) If not stop discussion and prostpone itz to later stage ,perhaps Phase 2 or later Regards Kavouss On Sun, Feb 3, 2019 at 6:25 AM farzaneh badii <farzaneh.badii@gmail.com> wrote:
Thank you Kurt.
I have a couple of points to make about the research purpose, in the report you mention that:
"The team continued to discuss the so-called purpose O. The Team agreed that, to include such a purpose, we would require: some expression from ICANN (and OCTO in particular), that personal data was necessary to carry out OCTO’s mission, and"
*FB: *OCTO has said it does not need personal data for its research for now. While OCTO clearly said it does not need personal information to carry out its mission, how did we come to the conclusion that we need some expression from ICANN (and OCTO) in particular that personal data is necessary? Are we going to ask OCTO again? I have copy pasted their response at the end of this email.
[...]
The discussion led to the preliminary conclusions that, *it was unclear*: whether OCTO required the use of personal data in its work
*FB:* There is nothing unclear for now. OCTO has clearly said (as I cited them in various shape and form) that at the present they do not need personal information. In fact, as Benedict has been saying they will never need personal information for research. What they might need (in the future but *not now*) is hashed personal data. To process that, some argue that, research should be an ICANN purpose. But there were objections to the speculative nature of this purpose. As some said during the meeting we cannot speculate what might be needed in the future for research. This observation needs to be recorded.
*Solution? *I think what should be discussed if the team wants to discuss in phase 2 is: is it legal to have purposes for processing data for *future "research"* that might need disclosure of *hashed* data (pseudonymized data)? can the group reach consensus over having a purpose of speculative nature?
*** Link: https://community.icann.org/display/EOTSFGRD/Input+from+ICANN+Org OCTO's response: Also, in discussions that the EPDP Team has had regarding purposes, ICANN Office of the CTO (OCTO) has been mentioned. To inform the EPDP Team’s continued discussion on this topic, ICANN Org would like to *clarify that ICANN OCTO does not require personal data in domain name registration data for its work.* For example, OCTO’s Domain Abuse Activity Reporting (DAAR) project <https://www.icann.org/octo-ssr/daar> uses only the registrar and nameserver information.
Farzaneh
On Fri, Feb 1, 2019 at 5:32 PM Kurt Pritz <kurt@kjpritz.com> wrote:
Hi again everyone:
In a followup to yesterday’s email that proposed conclusions to four Recommendations, I am writing to provide one more. This Recommendation incorporates the Team’s latest verbally developed conclusions on the “Research Purpose.
As with the memoranda furnished yesterday, this one provides a brief summary of the latest discussion and then follows with proposed Final Report language: (1) a narrative describing the group discussion, and (2) an amended Recommendation - i.e., amended from the Initial Report version of the Recommendation.
As mentioned in the earlier emails, please review this revised wording with your groups and return to us by Monday 4 Feb if you believe a region or additional discussion is require - so that we can put any this topic on the Tues/Wed/Thur agendas. Let me know if you have any questions, procedural or substantive.
I have one more paper to deliver to you - Recommendation 11 Data Retention.
Thanks again and best regards,
Kurt
Begin forwarded message:
*From: *Kurt Pritz <kurt@kjpritz.com> *Subject: **Revised Recommendations for (Final) Review - with attachments* *Date: *January 31, 2019 at 8:31:45 PM PST *To: *EPDP <gnso-epdp-team@icann.org>
Hello Everyone:
Thanks again for your perseverance. And - thank you in advance for your spirit of cooperation and compromise in considering the attached. We have spent the last few days reviewing the transcripts and other records of our recent discussions and then amending the Final Report Recommendations - taking into account the Initial Report Recommendations, the small team work, the conclusions in Toronto and these last several meetings.
The Recommendations included here are:
Recommendation 5 - Data elements to be transferred from Registrars to Registries Recommendation 10 - Email communication Recommendation 12 - Reasonable Access Recommendation 14 - Responsible Parties
[Not included are Rec. 13 (sent earlier) and Rec. 11 and the Research Purpose (to be sent tomorrow.]
Each of these documents has a brief forward containing a description of the pertinent discussion and an explanation for choosing the wording in the Recommendations. They each then contain the Recommendation as originally written and a redline of the proposed recommendation based on the most recent discussions. Please read the entire documents (they are not long), and not just the recommendation itself.
I am certainly not asking for you to stand silently by if you disagree with these Recommendations because they would negatively impact GDPR compliance. I am asking that you study the balancing that went into this and be ready to accept wording in cases where it does not match your own choice.
Please review with your groups and return to us by Monday so that we can put any of these on the Tues/Wed/Thur agendas.
Sincerely,
Kurt
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team