Dear EPDP Team,

 

Following today’s meeting, the staff support team has gone ahead and made the updates discussed in relation to the logging, auditing and response requirements building blocks. Please note:

 

For the logging building block:

• As noted by Janis, this building block is considered complete for now, but please flag if any of the updates do not align with today’s discussion as soon as possible.

 

For the auditing building block:

• The staff support team has suggested a number of edits to address the comments raised during today’s meeting. Please review and flag by Friday 22 November if there are any remaining issues that should be further discussed. We have noted a placeholder for the section that is to be further reviewed once the EPDP Team has decided on the roles and responsibilities of the different parties in SSAD.

 

For the response requirements building block:

• As discussed, we have gone ahead and created a separate implementation guidance section where we have moved some of the details that appeared to be more implementation focused. We have also tried to address some of the other comments and suggestions – if there are any concerns about those edits, please note this in the google doc. Based on the remaining comments, the main open items appear to be:
  • Response time – the following language has been suggested: “SSAD requests that meet the automatic response criteria must receive an automatic disclosure response. For requests that do not meet the automatic response criteria, a disclosure response must be returned within 1 day for urgent requests and 7 days for all other requests.”
  • Definition and timeline for urgent SSAD requests – the following language is currently included: “A separate timeline of [less than X business days] will be considered for the response to ‘Urgent’ SSAD Requests, those Requests for which evidence is supplied to show an immediate need for disclosure. The criteria to determine whether it concerns an urgent request are limited to circumstances that pose an imminent threat to life, serious bodily injury, critical infrastructure or child exploitation.
  • How to deal with complaints – the following updated language has been proposed: “If a requestor is of the view that the response from the entity disclosing the data is not consistent with these policy recommendations, a complaint should be filed with ICANN Compliance. If a requestor is of the view that the response from the entity disclosing the data is not consistent with applicable data protection legislation, the requestor should contact the relevant data protection authority”.
• Please provide your input on these and any other issues, by Tuesday 19 November 2019.  

 

Also, as a reminder, input on the following building blocks is also due by Tuesday 19 November 2019:

 

• Terms of use
• Automation
• Financial Stability

 

Best regards,

 

Caitlin, Berry and Marika

 

Marika Konings

Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) 

Email: marika.konings@icann.org  

 

Follow the GNSO via Twitter @ICANN_GNSO

Find out more about the GNSO by taking our interactive courses and visiting the GNSO Newcomer pages.