As Milton suggested and I supported, the ARS is a tool to monitor to what extent contact data is accurate. In essence it is a compliance-related audit and reasonably fits in the compliance purpose. It is not currently executed by the Contractual Compliance department, but I fail to see the relevance of that from a GDPR purpose point of view.

Alan

At 25/01/2019 04:14 PM, Sarah Wyld wrote:

From: Sarah Wyld <swyld@tucows.com>
To: gnso-epdp-team@icann.org
Subject: Recommendation 1 Purpose 1 - RrSG Comments

Hello All,

For Recommendation 1 Purpose 1, the RrSG has the following comments:

Rename this to: Further Processing of Data.
Within the ICANN context we want to process data collected for a different purpose to be further processed for research purposes

What is research within the ICANN context? And does it have scientific purposes?
Is the ARS Reporting system research, or as the name indicates a reporting system that flags possible incorrect data? And is this not already in scope of the GDPR?
Art 89 and relevant recitals in scope due to whatever research is within the ICANN context?
Depending on the research do Art 17 and 21 apply?

In short with the above in mind, what does the WG think is research and does it require processing of personal data?
-- 
Sarah Wyld
Domains Product Team
Tucows
+1.416 535 0123 Ext. 1392

 
_______________________________________________Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team