Dear Kristina and EPDP Team,
Thank you for the revised recommendation 21 language. ICANN org suggests that the EPDP Team consider removing the word “the” from the language “…ICANN Org enters into
the required agreements…” This word presupposes that ICANN must enter into an agreement with every entity “involved in registration data processing” when it has not been determined who all the parties involved in registration data processing are and
whether an agreement will be required in all cases. For example, as mentioned this morning, some data escrow providers believe that they are controllers.
Dan and Trang
ICANN org liaisons
From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of "Rosette, Kristina via Gnso-epdp-team" <gnso-epdp-team@icann.org>
Reply-To: "Rosette, Kristina" <rosettek@amazon.com>
Date: Monday, November 19, 2018 at 8:51 AM
To: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org>
Subject: [Gnso-epdp-team] Proposed Revised Rec. 21
Thomas and I developed proposed revised Rec. 21 language. I posted it in chat, but copy it below for convenience:
Rec. 21: The EPDP Team recommends that ICANN Org enters into the required agreements such as a Data Processing Agreement (GDPR Art. 28) or Joint Controller Agreement (Art. 26), as appropriate,
with the non-Contracted Party entities involved in registration data processing such as data escrow providers and EBERO providers. These agreements are expected to set out the relationship obligations and instructions for data processing between the different
parties.
Kristina Rosette
Senior Corporate Counsel, IP – Domains
rosettek@amazon.com
| 703.407.1354