Hi All, As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec. While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team. 4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations *related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. * The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC. Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts. Alex -- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
Dear Alex, Tks What about law enforcement ? Tks Kavouss On Tue, Sep 11, 2018 at 10:34 PM Alex Deacon <alex@colevalleyconsulting.com> wrote:
Hi All,
As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations *related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. *
The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
Alex
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
This is the problem you get into when you start listing specific legitimate interests. Someone will always come up with another suggestion. I think it is much better to leave those specifics off and use the general language. Surely law enforcement is a third party legitimate interest and will often have a legal basis. But some times they will not have a legal basis. You can’t say categorically that a law enforcement agency ALWAYS has a right. Same goes for IPR. Milton L Mueller Professor, School of Public Policy Georgia Institute of Technology On Sep 12, 2018, at 13:19, Kavouss Arasteh <kavouss.arasteh@gmail.com<mailto:kavouss.arasteh@gmail.com>> wrote: Dear Alex, Tks What about law enforcement ? Tks Kavouss On Tue, Sep 11, 2018 at 10:34 PM Alex Deacon <alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com>> wrote: Hi All, As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec. While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team. 4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC. Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts. Alex -- ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com> +1.415.488.6009 _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Hi Milton, It is not a problem. To answer the question from Kavouss first, the reason I didn't include Law Enforcement in this proposed update was because I used the list in the current 4.4.8. Law enforcement is mentioned in 4.4.9 and based on your email it sounds like it should probably be discussed/described separately from those listed in 4.4.8. Also, as you know personal data needs to be collected for specified, explicit and legitimate purposes. (Article 5(1)(b)) so given we removed "including but not limited to" we need to be explicit and not use general language. In addition the principle of transparency mentioned in recital 39 ("In particular, the specific purposes for which personal data are processed should be explicit and legitimate and determined at the time of collection of the personal data") and 58 ("The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand..." are relevant. This principal is further defined in Article 12(1) and Article 13(1). Thanks and stay dry! Alex On Wed, Sep 12, 2018 at 6:24 PM Mueller, Milton L <milton@gatech.edu> wrote:
This is the problem you get into when you start listing specific legitimate interests. Someone will always come up with another suggestion. I think it is much better to leave those specifics off and use the general language. Surely law enforcement is a third party legitimate interest and will often have a legal basis. But some times they will not have a legal basis. You can’t say categorically that a law enforcement agency ALWAYS has a right. Same goes for IPR.
Milton L Mueller Professor, School of Public Policy Georgia Institute of Technology
On Sep 12, 2018, at 13:19, Kavouss Arasteh <kavouss.arasteh@gmail.com> wrote:
Dear Alex, Tks What about law enforcement ? Tks Kavouss
On Tue, Sep 11, 2018 at 10:34 PM Alex Deacon < alex@colevalleyconsulting.com> wrote:
Hi All,
As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations *related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. *
The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
Alex
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
Thanks But that is your views which is respected My view is different we MUST mention law enforcement irrespective whether or not it included in the third party interest Regards Kavouss Sent from my iPhone
On 13 Sep 2018, at 03:24, Mueller, Milton L <milton@gatech.edu> wrote:
This is the problem you get into when you start listing specific legitimate interests. Someone will always come up with another suggestion. I think it is much better to leave those specifics off and use the general language. Surely law enforcement is a third party legitimate interest and will often have a legal basis. But some times they will not have a legal basis. You can’t say categorically that a law enforcement agency ALWAYS has a right. Same goes for IPR.
Milton L Mueller Professor, School of Public Policy Georgia Institute of Technology
On Sep 12, 2018, at 13:19, Kavouss Arasteh <kavouss.arasteh@gmail.com> wrote:
Dear Alex, Tks What about law enforcement ? Tks Kavouss
On Tue, Sep 11, 2018 at 10:34 PM Alex Deacon <alex@colevalleyconsulting.com> wrote: Hi All,
As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
Alex
-- ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Hi All, Dear Alex and Amr, First off thank you for your effort and time on this proposal. But are you saying that among the purposes of the processing of the data is the " identification of third-parties with legitimate interests". This is surely not one of the purposes for the processing of the data therefore a suggest removing it. So my suggestion would be. 4.4.8 Supporting a Model that provides access to parties with legitimate interests grounded in legal bases to Registration Data relevant to addressing specific issues involving domain name registrations; such as issues related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. I put model as I think it is more specific but I am fine with using the term framework if you see it more appropriate. I also suggest adding "such as issues related to" which would serve to provide examples of third parties with legitimate interest. Kind Regards Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Alex Deacon Sent: Tuesday, September 11, 2018 10:34 PM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] Section 4.4.8 Hi All, As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec. While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team. 4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC. Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts. Alex -- ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com> +1.415.488.6009
Dear All I agree almost with what Hadia said Kavouss Sent from my iPhone
On 13 Sep 2018, at 10:45, Hadia Abdelsalam Mokhtar EL miniawi <Hadia@tra.gov.eg> wrote:
Hi All,
Dear Alex and Amr,
First off thank you for your effort and time on this proposal. But are you saying that among the purposes of the processing of the data is the " identification of third-parties with legitimate interests". This is surely not one of the purposes for the processing of the data therefore a suggest removing it.
So my suggestion would be.
4.4.8 Supporting a Model that provides access to parties with legitimate interests grounded in legal bases to Registration Data relevant to addressing specific issues involving domain name registrations; such as issues related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
I put model as I think it is more specific but I am fine with using the term framework if you see it more appropriate. I also suggest adding "such as issues related to" which would serve to provide examples of third parties with legitimate interest.
Kind Regards Hadia
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Alex Deacon Sent: Tuesday, September 11, 2018 10:34 PM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] Section 4.4.8
Hi All,
As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
Alex
-- ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Hi Hadia and Kavouss, The volunteer team working on 4.4.8 did so with the understanding that sections 4.4.2, 4.4.8, 4.4.9 and 4.4.10 would be moved out from under the header “Purposes for Processing gTLD Registration Data”. This was following Kurt’s email to the EPDP list on 4 September, titled “Project Plan Adjustments and Policy Organization”. We did consider an earlier suggestion by Mark; to split the processing purposes to two lists, one to achieve the purposes of controllers and one of third-parties. However, we did not pursue this too aggressively. Speaking for myself, I agree that 4.4.8 in both its original and proposed altered forms do not describe purposes for processing (for any party). I am not sure why a “model” would be preferable to a “framework”, so if you could elaborate on why you believe it to be more specific, I would be grateful. Within NCSG, we have considered both these terms, as well as others such as “Methodology” and “Mechanism”. We haven’t settled on any one, just yet. As Alex suggested in his original email, this is still a tentative proposal. We like it, or at least prefer it to other alternatives previously suggested, but we’re not exactly married to it just yet. :-) Thanks. Amr
On Sep 13, 2018, at 12:49 PM, Arasteh <kavouss.arasteh@gmail.com> wrote:
Dear All I agree almost with what Hadia said Kavouss
Sent from my iPhone
On 13 Sep 2018, at 10:45, Hadia Abdelsalam Mokhtar EL miniawi <Hadia@tra.gov.eg> wrote:
Hi All,
Dear Alex and Amr,
First off thank you for your effort and time on this proposal. But are you saying that among the purposes of the processing of the data is the " identification of third-parties with legitimate interests". This is surely not one of the purposes for the processing of the data therefore a suggest removing it.
So my suggestion would be.
4.4.8 Supporting a Model that provides access to parties with legitimate interests grounded in legal bases to Registration Data relevant to addressing specific issues involving domain name registrations; such as issues related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
I put model as I think it is more specific but I am fine with using the term framework if you see it more appropriate. I also suggest adding "such as issues related to" which would serve to provide examples of third parties with legitimate interest.
Kind Regards
Hadia
From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Alex Deacon Sent: Tuesday, September 11, 2018 10:34 PM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] Section 4.4.8
Hi All,
As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec.
While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team.
4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection.
The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC.
Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts.
Alex
--
___________
Alex Deacon
Cole Valley Consulting
alex@colevalleyconsulting.com
+1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Hi Amr and Alex, I would just like to note that I worked on your original proposal and that the modifications that I propose below is in compliance with article 5 1 (b) which speaks about specified, explicit and legitimate purposes. The specific purpose of the processing of the data spelled out in the document is to "support a model that provides access to those with legitimate interests based on lawful grounds (which is the GDPR) to Registration Data relevant to addressing specific issues involving domain name registrations " If we end the sentence here it will be fine and GDPR compliant, however for clarification some additional lines are included to serve as examples of those who might have legitimate interest. The text is also in compliance with article 61(f) which puts the legitimate interest as the ground for processing. Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Hadia Abdelsalam Mokhtar EL miniawi Sent: Thursday, September 13, 2018 10:45 AM To: Alex Deacon; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] Section 4.4.8 Hi All, Dear Alex and Amr, First off thank you for your effort and time on this proposal. But are you saying that among the purposes of the processing of the data is the " identification of third-parties with legitimate interests". This is surely not one of the purposes for the processing of the data therefore a suggest removing it. So my suggestion would be. 4.4.8 Supporting a Model that provides access to parties with legitimate interests grounded in legal bases to Registration Data relevant to addressing specific issues involving domain name registrations; such as issues related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. I put model as I think it is more specific but I am fine with using the term framework if you see it more appropriate. I also suggest adding "such as issues related to" which would serve to provide examples of third parties with legitimate interest. Kind Regards Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Alex Deacon Sent: Tuesday, September 11, 2018 10:34 PM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] Section 4.4.8 Hi All, As you know a group of us has been working to recommend an update to Section 4.4.8 of the temp spec. While we haven't come to full agreement on the update, we are pretty close and wanted to share the current/tentative output of the volunteer team with the broader team. 4.4.8 Supporting a framework that enables identification of third-parties with legitimate interests grounded in legal bases, and providing these third-parties with access to Registration Data relevant to addressing specific issues involving domain name registrations related to consumer protection, investigation of cybercrime, DNS abuse and intellectual property protection. The non-bold text was suggested by Amr/NCSG and the added bold text was an updated suggested by me/IPC and supported by the BC. Giving it a re-read again today I think additional word-smithing could be warranted, but for now I will resist and step away and let others share their thoughts. Alex -- ___________ Alex Deacon Cole Valley Consulting alex@colevalleyconsulting.com<mailto:alex@colevalleyconsulting.com> +1.415.488.6009
participants (6)
-
Alex Deacon -
Amr Elsadr -
Arasteh -
Hadia Abdelsalam Mokhtar EL miniawi -
Kavouss Arasteh
-
Mueller, Milton L