Rational regarding Appendix C removal and onward referral
Dear team, Please find attached the rationale document as requested, for the suggested removal and onward referral of the contents of Appendix C of the Temp Spec for your review in advance of tomorrow's meeting. Kind regards, Alan Woods [image: Donuts Inc.] <http://donuts.domains> Alan Woods Senior Compliance & Policy Manager, Donuts Inc. ------------------------------ The Victorians, 15-18 Earlsfort Terrace Dublin 2, County Dublin Ireland <https://www.facebook.com/donutstlds> <https://twitter.com/DonutsInc> <https://www.linkedin.com/company/donuts-inc> Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you.
Dear Alan, Thank you very much for the thoughts you have shared. I am still of the view that Appendix C provide some brief guidelines and easy references and its total removal should debated .I do not see and inconsistancy between the content of this Appendix and the GDPR..It was argued that " ICANN and the Contracted Parties should address the subject matter of Appendix C via separate contractual negotiations".Should we follow that path then, several things would be subject to separate treatment such as Acess, Transfer, APPENDIX C. In that case there would be discontinuty between several major elements in Temp. Spec. which requires separate refernce document and the self contained and self sufficient elements of the Specification will not be retained Regards Kavouss On Mon, Sep 3, 2018 at 6:18 PM Alan Woods <alan@donuts.email> wrote:
Dear team,
Please find attached the rationale document as requested, for the suggested removal and onward referral of the contents of Appendix C of the Temp Spec for your review in advance of tomorrow's meeting.
Kind regards,
Alan Woods
[image: Donuts Inc.] <http://donuts.domains> Alan Woods Senior Compliance & Policy Manager, Donuts Inc. ------------------------------ The Victorians, 15-18 Earlsfort Terrace Dublin 2, County Dublin Ireland
<https://www.facebook.com/donutstlds> <https://twitter.com/DonutsInc> <https://www.linkedin.com/company/donuts-inc>
Please NOTE: This electronic message, including any attachments, may include privileged, confidential and/or inside information owned by Donuts Inc. . Any distribution or use of this communication by anyone other than the intended recipient(s) is strictly prohibited and may be unlawful. If you are not the intended recipient, please notify the sender by replying to this message and then delete it from your system. Thank you. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Thank you Kavouss for your comments. To clarify, our recommendations are twofold: 1) Removal of Appendix C 2) EPDP recommendation that ICANN must engage with the Contracted Parties to put in place the legally required instruments (such as Art 26 or 28, as appropriate) without further delay that would enshrine the GDPR concepts found in Appendix C. 2A) the EPDP should also further recommend that such a review of contracts (for the purposes of data processing arrangements), must extend to those other service providers, which are equally essential to the DNS ecosystem, including, but not necessarily limited to EBERO providers, Data Escrow agents and the RPM agents. The purpose of our recommendation is based on the reasoning that Appendix C is a last minute insertion/acknowledgement of the GDPR required data agreements, (Art 28 and Art 26 which require written agreements between the Processors and Controllers - or the Joint Controllers). We submit that this appendix is not trying to define policy, but instead is restating what is essentially a checklist of GDPR provisions which are to be included in any such processing agreements (we try to highlight this in the appendix to our submission). We also reference the stated intention of the ICANN Board themselves. In their Advisory document (17th May 2018), 4.2.1 specifically notes the future necessity to incorporate the Data Processing Requirements into the RA and RRA [although not specifically referring to, Appendix C, we must noted that Appendix C is titled "Data Processing Requirements"] . In the interests of time, we, as an expedited PDP should seek to avoid unnecessarily expending our time on the review of an appendix that merely restates legislation, and especially where it was intended, by the board, to be later developed as a contractual matter, and thus outside the scope of our EPDP. I agree we must be very clear on the task of the EPDP. Our mission is set the policy for Data Processing, which will essentially be the community "ground rules" for handling registrant data in the DNS sphere. We are still very much tasked with fully assessing many vital matters such as legal basis, purpose, necessity etc. all of which are key to the concepts of disclosure, access and transfer, some of which you have noted. So in full agreement with you, upon removing Appendix C, we must remain focused on the matters which are vital to the success of the output of the EPDP. I look forward to discussing later today. Kind regards Alan Woods
participants (2)
-
Alan Woods -
Kavouss Arasteh