FW: [Ext] Question for ICANN org re DPIA
FYI (note that Collin sent this email originally before her status on the mailing list was changed back to alternate but it then did not go through) From: Collin Kurre <collin@article19.org> Date: Thursday, September 27, 2018 at 5:42 PM To: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Cc: Marika Konings <marika.konings@icann.org>, Caitlin Tubergen <caitlin.tubergen@icann.org> Subject: [Ext] Question for ICANN org re DPIA Dear team, Stemming from conversations this week, would anyone be opposed to posing the following question to ICANN org from the EPDP group? “Why hasn’t a Data Protection Impact Assessment been carried out to clarify data flows and ICANN’s relationship with the data subject in light of its acknowledged role as a joint controller and Article 35 of the GDPR?” GDPR Section 3 Article 35.1, for reference: Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks. Nice seeing everyone in person! Collin -- Collin Kurre ARTICLE 19
Bump... Julf On 28-09-18 02:01, Marika Konings wrote:
FYI (note that Collin sent this email originally before her status on the mailing list was changed back to alternate but it then did not go through)
*From: *Collin Kurre <collin@article19.org> *Date: *Thursday, September 27, 2018 at 5:42 PM *To: *"gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> *Cc: *Marika Konings <marika.konings@icann.org>, Caitlin Tubergen <caitlin.tubergen@icann.org> *Subject: *[Ext] Question for ICANN org re DPIA
Dear team,
Stemming from conversations this week, would anyone be opposed to posing the following question to ICANN org from the EPDP group?
“Why hasn’t a Data Protection Impact Assessment been carried out to clarify data flows and ICANN’s relationship with the data subject in light of its acknowledged role as a joint controller and Article 35 of the GDPR?”
GDPR Section 3 Article 35.1, for reference:
/Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks./
Nice seeing everyone in person!
Collin
--
Collin Kurre
ARTICLE 19
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
participants (2)
-
Johan Helsingius
-
Marika Konings