As Milton suggested and I supported, the ARS is a tool to monitor to what extent contact data is accurate. In essence it is a compliance-related audit and reasonably fits in the compliance purpose. It is not currently executed by the Contractual Compliance department, but I fail to see the relevance of that from a GDPR purpose point of view. Alan At 25/01/2019 04:14 PM, Sarah Wyld wrote: From: Sarah Wyld <swyld@tucows.com> To: gnso-epdp-team@icann.org Subject: Recommendation 1 Purpose 1 - RrSG Comments Hello All, For Recommendation 1 Purpose 1, the RrSG has the following comments: * Rename this to: Further Processing of Data. * Within the ICANN context we want to process data collected for a different purpose to be further processed for research purposes * What is research within the ICANN context? And does it have scientific purposes? * Is the ARS Reporting system research, or as the name indicates a reporting system that flags possible incorrect data? And is this not already in scope of the GDPR? * Art 89 and relevant recitals in scope due to whatever research is within the ICANN context? * Depending on the research do Art 17 and 21 apply? * In short with the above in mind, what does the WG think is research and does it require processing of personal data? -- Sarah Wyld Domains Product Team Tucows +1.416 535 0123 Ext. 1392 _______________________________________________Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team