Re: [Gnso-epdp-team] Draft Initial Report
I’m not sure I understand the “conflict of interest” cited by Jennifer, below. Are you proposing that Registrars will refuse to disclose data solely on the basis of having a service agreement with the data subject? And how does disclosure terminate the customer relationship…I don’t recall our discussing this. While I can’t speak for the Registrars that Jennifer has worked with or for, I don’t believe most Registrars would suspend or terminate service based on a disclosure request. And while we seek to protect and secure our Registrant customers’ data, no Registrar I know would harbor an abusive or criminal actor for the sake of a $20 domain name. The primary interests in play are (1) the Registrar’s interests in avoiding fines by complying with data protection law, and (2) the Registrar’s interest in avoiding legal action by their Registrant customers (individually or as a class) for improper disclosure of their private data. J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Jennifer Gore <Jennifer@winterfeldt.law> Date: Tuesday, December 3, 2019 at 15:57 To: "'Mueller, Milton L'" <milton@gatech.edu>, "King, Brian" <Brian.King@markmonitor.com>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] Draft Initial Report Notice: This email is from an external sender. Hello All, In my opinion, the Registrar is the worst party to be the decision maker of the data subject due to the blatant conflict of interest. The registrant will have already entered into a legal relationship with the registrar under the registrant (end user) agreement along with it being in the best interests of the registrar to not terminate the relationship with the registrant. Therefore, I hope Milton is not saying that he will hold up consensus even if the DPAs do support the isolation of centralized decision making within ICANN Org. Best regards, Jennifer ________________________________ <https://www.winterfeldt.law/>[cid:image001.png@01D5AA05.84376940]<https://www.winterfeldt.law/><https://www.winterfeldt.law/> Jennifer Gore Internet Governance Winterfeldt IP Group 1200 17<x-apple-data-detectors://12/1>th<x-apple-data-detectors://12/1> St NW<x-apple-data-detectors://12/1>, Ste 501<x-apple-data-detectors://12/1> Washington, DC 20036<x-apple-data-detectors://12/1> jennifer@winterfeldt.law<mailto:jennifer@winterfeldt.law> +1 202 340 9631 From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Mueller, Milton L Sent: Tuesday, December 3, 2019 1:29 PM To: King, Brian <Brian.King@markmonitor.com>; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Draft Initial Report From: King, Brian <Brian.King@markmonitor.com<mailto:Brian.King@markmonitor.com>>
Are you saying that even if the DPB writes to the Strawberries and says “yes, it’s possible to isolate liability for decision-making centrally with ICANN Org”, it would still be impossible for us to come to consensus on the centralized decision-making model? (ignoring how (un)likely we think that response is)
Yes, indeed. That is what I am saying. This is one reason we are not so pleased with all this kerfuffle about the EDPB. You’re putting the cart before the horse. What matters is not whether it is legally _possible_ for ICANN to magically absorb the legal responsibility of the registrars for releasing the data of their customers; what matters is whether that is _desirable_ from a policy standpoint. Legal advice or “guidance” from the EDPB has no bearing on what is the right policy, it only clarifies whether one of the policy options is feasible. We want the disclosure decision to be made as close as possible to the party who is directly accountable to the registrant, the data subject, and that’s the registrar. We believe that the legitimate interests of data requestors are served by standardizing the process, and centralizing and facilitating requests, but centralizing disclosure is going to make it into an automated rubber stamp, as I suspect you have already figured out. Dr. Milton L Mueller School of Public Policy Georgia Institute of Technology [IGP_logo_gold block_email sig]
Hi James, The two primary interests that you mentioned below are among the main purposes of the document sent to the EDPB. What is yet not understood, Milton's argument that regardless of the reply he opposes the idea of an entirely centralized request and disclosure system with a distributed registration data system. Depending on the answers we receive we should start factoring all elements in and thus deciding on the best possible system, refusing the entire idea just from the start does not seem to have any benefit to the work of our team. Best Hadia Elminiawi ALAC representative From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of James M. Bladel Sent: Wednesday, December 04, 2019 3:15 AM To: Jennifer Gore; 'Mueller, Milton L'; King, Brian; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Draft Initial Report I’m not sure I understand the “conflict of interest” cited by Jennifer, below. Are you proposing that Registrars will refuse to disclose data solely on the basis of having a service agreement with the data subject? And how does disclosure terminate the customer relationship…I don’t recall our discussing this. While I can’t speak for the Registrars that Jennifer has worked with or for, I don’t believe most Registrars would suspend or terminate service based on a disclosure request. And while we seek to protect and secure our Registrant customers’ data, no Registrar I know would harbor an abusive or criminal actor for the sake of a $20 domain name. The primary interests in play are (1) the Registrar’s interests in avoiding fines by complying with data protection law, and (2) the Registrar’s interest in avoiding legal action by their Registrant customers (individually or as a class) for improper disclosure of their private data. J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Jennifer Gore <Jennifer@winterfeldt.law> Date: Tuesday, December 3, 2019 at 15:57 To: "'Mueller, Milton L'" <milton@gatech.edu>, "King, Brian" <Brian.King@markmonitor.com>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] Draft Initial Report Notice: This email is from an external sender. Hello All, In my opinion, the Registrar is the worst party to be the decision maker of the data subject due to the blatant conflict of interest. The registrant will have already entered into a legal relationship with the registrar under the registrant (end user) agreement along with it being in the best interests of the registrar to not terminate the relationship with the registrant. Therefore, I hope Milton is not saying that he will hold up consensus even if the DPAs do support the isolation of centralized decision making within ICANN Org. Best regards, Jennifer ________________________________ [cid:image003.png@01D5AAA6.F6C16460]<https://www.winterfeldt.law/> Jennifer Gore Internet Governance Winterfeldt IP Group 1200 17<x-apple-data-detectors://12/1>th<x-apple-data-detectors://12/1> St NW<x-apple-data-detectors://12/1>, Ste 501<x-apple-data-detectors://12/1> Washington, DC 20036<x-apple-data-detectors://12/1> jennifer@winterfeldt.law<mailto:jennifer@winterfeldt.law> +1 202 340 9631 From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Mueller, Milton L Sent: Tuesday, December 3, 2019 1:29 PM To: King, Brian <Brian.King@markmonitor.com>; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Draft Initial Report From: King, Brian <Brian.King@markmonitor.com<mailto:Brian.King@markmonitor.com>>
Are you saying that even if the DPB writes to the Strawberries and says “yes, it’s possible to isolate liability for decision-making centrally with ICANN Org”, it would still be impossible for us to come to consensus on the centralized decision-making model? (ignoring how (un)likely we think that response is)
Yes, indeed. That is what I am saying. This is one reason we are not so pleased with all this kerfuffle about the EDPB. You’re putting the cart before the horse. What matters is not whether it is legally _possible_ for ICANN to magically absorb the legal responsibility of the registrars for releasing the data of their customers; what matters is whether that is _desirable_ from a policy standpoint. Legal advice or “guidance” from the EDPB has no bearing on what is the right policy, it only clarifies whether one of the policy options is feasible. We want the disclosure decision to be made as close as possible to the party who is directly accountable to the registrant, the data subject, and that’s the registrar. We believe that the legitimate interests of data requestors are served by standardizing the process, and centralizing and facilitating requests, but centralizing disclosure is going to make it into an automated rubber stamp, as I suspect you have already figured out. Dr. Milton L Mueller School of Public Policy Georgia Institute of Technology [IGP_logo_gold block_email sig]
participants (2)
-
Hadia Abdelsalam Mokhtar EL miniawi -
James M. Bladel