All, At the very end of our face to face a very small team (tiny team?) met to discuss updates to Recommendation 12 (reasonable access). The redline attached is where we ended up. Thanks. Alex ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
Dear EPDP Team, Recommendation #12 and the proposed language by the small team are on the agenda for tomorrow’s EPDP Team meeting. To facilitate that discussion, please share your groups thoughts, concerns and/or proposed changes with the mailing list ahead of tomorrow’s meeting. Please focus on those aspects that could affect your group’s support for this recommendation. Thanks, Caitlin, Berry and Marika From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Alex Deacon <alex@colevalleyconsulting.com> Date: Friday, January 25, 2019 at 11:59 To: EPDP <gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] Recommendation 12 All, At the very end of our face to face a very small team (tiny team?) met to discuss updates to Recommendation 12 (reasonable access). The redline attached is where we ended up. Thanks. Alex ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com> +1.415.488.6009
Dear EPDP Team, Thanks to all those who worked on the updated Rec 12, especially Alex Deacon, it was good to be able to work from your thoughtful updates. I have attached a revised version of this Recommendation, however I'm not sure that my tracked changes were successful, here's hoping. The RrSG supports the proposed ""Format by which requests should be made and responses are provided"", as well as the requirement for the CP to publish information on their website about how to make a disclosure request. It is unclear exactly which text in the Temp. Spec. is to be updated with the phrase ""requests for lawful disclosure.” This may be acceptable, if it is limited to the title of the section; otherwise it would be appreciated if this could be clarified. The RrSG does not support a requirement to include a link to this process in any RDS response, as this may conflict with the CL&D Policy or the RDAP Profile which remains in progress with the RDAP WG. The RrSG notes that the specific legal basis for disclosure may play a role in determining what information should be included in the disclosure request, so this can be the minimum set but it may not work for all scenarios. That said, the proposed set of information required in the request is appropriate. Regarding the timelines for responses, the RrSG would support the second version of the text: "Contracted Parties must acknowledge receipt of a Reasonable Disclosure Request without unreasonable delay, but ordinarily not more than 2 business days from receipt." If a timeline for processing and responding to the disclosure requests must be defined in this EPDP, it should be 30 days, in order to align with the Art. 12 GDPR timeframe for providing information to the data subject. Finally, regarding the proposed four types of responses to a disclosure request, requiring specific information to be included in the response is too detailed. We should expect the CP to provide a reasonably detailed response, including the info that the Controller determines should be disclosed. Blanket denials must be permitted where justified, with the decision made by the CP. Thank you, -- Sarah Wyld Domains Product Team Tucows +1.416 535 0123 Ext. 1392 On 1/28/2019 10:02 AM, Marika Konings wrote:
Dear EPDP Team,
Recommendation #12 and the proposed language by the small team are on the agenda for tomorrow’s EPDP Team meeting. To facilitate that discussion, please share your groups thoughts, concerns and/or proposed changes with the mailing list ahead of tomorrow’s meeting. Please focus on those aspects that could affect your group’s support for this recommendation.
Thanks,
Caitlin, Berry and Marika
*From: *Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Alex Deacon <alex@colevalleyconsulting.com> *Date: *Friday, January 25, 2019 at 11:59 *To: *EPDP <gnso-epdp-team@icann.org> *Subject: *[Gnso-epdp-team] Recommendation 12
All,
At the very end of our face to face a very small team (tiny team?) met to discuss updates to Recommendation 12 (reasonable access). The redline attached is where we ended up.
Thanks.
Alex
___________
*Alex Deacon*
Cole Valley Consulting
alex@colevalleyconsulting.com <mailto:alex@colevalleyconsulting.com>
+1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Thanks Sarah. Looking forward to discussing this further on the call tomorrow. In the mean time here are my thoughts inline.... On Mon, Jan 28, 2019 at 12:23 PM Sarah Wyld <swyld@tucows.com> wrote:
Dear EPDP Team,
Thanks to all those who worked on the updated Rec 12, especially Alex Deacon, it was good to be able to work from your thoughtful updates. I have attached a revised version of this Recommendation, however I'm not sure that my tracked changes were successful, here's hoping.
[Alex] they made it thru!
The RrSG supports the proposed ""Format by which requests should be made and responses are provided"", as well as the requirement for the CP to publish information on their website about how to make a disclosure request.
It is unclear exactly which text in the Temp. Spec. is to be updated with the phrase ""requests for lawful disclosure.” This may be acceptable, if it is limited to the title of the section; otherwise it would be appreciated if this could be clarified.
[Alex ] Agree some clarity is needed here. If we are not going to "redline" the temp spec, then any policy we agree to needs to be explicit in the final report (vs. some promise to update the temp spec).
The RrSG does not support a requirement to include a link to this process in any RDS response, as this may conflict with the CL&D Policy or the RDAP Profile which remains in progress with the RDAP WG.
[Alex] I don't believe this would conflict with the CL&D policy. What I had in mind is to also add instructions in "RDS" outputs where there is a freeform text section at the end of the response. See for example the output from whois.donuts.co attached - I've highlighted the relevant text. This seems helpful IMO.
The RrSG notes that the specific legal basis for disclosure may play a role in determining what information should be included in the disclosure request, so this can be the minimum set but it may not work for all scenarios. That said, the proposed set of information required in the request is appropriate.
[Alex] Agree. My focus when drafting this was on 6.1.f disclosure, but clearly if a reasonable disclosure request comes from LEA then things are different.
Regarding the timelines for responses, the RrSG would support the second version of the text: "Contracted Parties must acknowledge receipt of a Reasonable Disclosure Request without unreasonable delay, but ordinarily not more than 2 business days from receipt."
[Alex] Thanks - I think this can be further refined. perhaps along the lines of "with response within 2 days unless circumstances can be shown that this time frame is not possible."
If a timeline for processing and responding to the disclosure requests must be defined in this EPDP, it should be 30 days, in order to align with the Art. 12 GDPR timeframe for providing information to the data subject.
[Alex] Article 12 seems to be specific to transparency requirements as they relate to the rights of the data subject, so it iss not clear if it applies here. In either case as long as the variable "Y" is "reasonable" we would be OK with that.
Finally, regarding the proposed four types of responses to a disclosure request, requiring specific information to be included in the response is too detailed. We should expect the CP to provide a reasonably detailed response, including the info that the Controller determines should be disclosed. Blanket denials must be permitted where justified, with the decision made by the CP.
[Alex] Lets discuss this further on the call today. To enable predictability I think it is important to have some high level recommendations regarding responses here. Finally, I note in the first paragraph you deleted the phrase "notwithstanding discussions related to.....". If you recall in Toronto we discussed the need for a "reasonable access/disclosure" process to live in parallel with any future UAM regime to accomodate requestors (on an ad hoc basis) who may not be accredited. i.e. Rec 12 should neither wait for, nor be replaced by, a future UAM. Thanks. Alex
Thank you,
-- Sarah Wyld Domains Product Team Tucows+1.416 535 0123 Ext. 1392
On 1/28/2019 10:02 AM, Marika Konings wrote:
Dear EPDP Team,
Recommendation #12 and the proposed language by the small team are on the agenda for tomorrow’s EPDP Team meeting. To facilitate that discussion, please share your groups thoughts, concerns and/or proposed changes with the mailing list ahead of tomorrow’s meeting. Please focus on those aspects that could affect your group’s support for this recommendation.
Thanks,
Caitlin, Berry and Marika
*From: *Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> <gnso-epdp-team-bounces@icann.org> on behalf of Alex Deacon <alex@colevalleyconsulting.com> <alex@colevalleyconsulting.com> *Date: *Friday, January 25, 2019 at 11:59 *To: *EPDP <gnso-epdp-team@icann.org> <gnso-epdp-team@icann.org> *Subject: *[Gnso-epdp-team] Recommendation 12
All,
At the very end of our face to face a very small team (tiny team?) met to discuss updates to Recommendation 12 (reasonable access). The redline attached is where we ended up.
Thanks.
Alex
___________
*Alex Deacon*
Cole Valley Consulting
alex@colevalleyconsulting.com
+1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing listGnso-epdp-team@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
participants (3)
-
Alex Deacon -
Marika Konings -
Sarah Wyld