Thanks, Benedict. Given the proximity to ICANN63, we took the liberty of sending this language to the full team so that we can discuss in Barcelona. Thanks again for taking the lead on this! Best regards, Marika, Berry and Caitlin From: Benedict Addis <bee@theale.co.uk> Date: Tuesday, October 16, 2018 at 6:21 AM To: Kurt Pritz <kurt@kjpritz.com> Cc: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, Thomas Rickert <epdp@gdpr.ninja>, Lindsay Hamilton-Reid <lindsay.hamilton-reid@fasthosts.com>, Caitlin Tubergen <caitlin.tubergen@icann.org>, "gnso-epdp-lead@icann.org" <gnso-epdp-lead@icann.org> Subject: [Ext] Re: [GNSO-EPDP-Lead] Purpose B Small Team Dear all, On Kurt’s suggestion, I propose the following Purpose B that relies directly on the language in Recitals 47, 49 and 50. [ICANN requires that registration data is processed for the purpose of...] maintaining the security, stability and resiliency of the Domain Name System. This will involve the disclosure of existing registration data to legitimate third parties, for the following reasons only: 1) fraud prevention; 2) network and information security; and 3) indicating possible criminal acts, or threats to public security. I think that for ICANN, disclosure will happen under 6(1)f. Third parties will require a lawful basis of their own for their processing, governed by a common set of standards that we’ll discuss when we come to the access discussion. Thoughts? B