FW: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018
For your information. The responses to these questions will be posted on the related wiki page: https://community.icann.org/x/ahppBQ. Best regards, Caitlin, Berry and Marika From: Trang Nguyen <trang.nguyen@icann.org> Date: Tuesday, August 28, 2018 at 09:12 To: Marika Konings <marika.konings@icann.org>, Daniel Halloran <daniel.halloran@icann.org>, Erika Randall <erika.randall@icann.org> Cc: Berry Cobb <Berry.Cobb@icann.org>, Caitlin Tubergen <caitlin.tubergen@icann.org> Subject: Re: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 Hi Marika, Please see below responses to the question from the 21 August meeting. Best, Trang ** QUESTION: Can an update be provided on the status of the reconfirmation of the Temporary Specification by the ICANN Board? Response: There is a board meeting planned for later today (21 August). No changes to the Temporary Specification are being proposed. RESPONSE: The Board reaffirmed<https://www.icann.org/resources/board-material/resolutions-2018-08-21-en> the Temporary Specification with no changes on 21 August 2018. QUESTION: Has the WHOIS Conflicts with local laws procedure been used and successfully used to date? Please indicate the instances where the procedure was invoked and the outcome. Were any specific issues identified with the use of this procedure? RESPONSE: The procedure was most recently invoked for .FRL in late 2017. However, the request was withdrawn prior to an outcome when .FRL agreed to comply with the requirements of the Temporary Specification. The request was withdrawn early on in the process so ICANN org had not conducted a formal review to identify specific issues with the procedure. The procedure was also previously attempted by .FRL in late 2016 but the request did not meet the requirements to utilize the procedure. At the time, requirement to trigger the procedure was that the contracted party must have received “notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance.” However, .FRL was not subject to any such proceeding at the time, and the procedure could not be used. QUESTION: Regarding data disclosures concerning LEA requests: does GDPR compel a report of those disclosures to be made to the data subject? Please provide analysis of “in-jurisdiction” and “out-of-jurisdiction” requests. RESPONSE: The latest Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion<Draft%20Framework%20for%20a%20Possible%20Unified%20Access%20Model%20for%20Continued%20Access%20to%20Full%20WHOIS%20Data%20–%20For%20Discussion> addresses the question of “whether or not logs of query activities concerning non-public data must be available to the registrant upon request except if prohibited by a relevant court order or legal requirement.” Please refer to Section 8 of the draft framework for more information on this topic. The draft framework is published for community discussion and to seek guidance from the European Data Protection Board. With a better understanding of the law, we will all be well positioned to develop, implement and enforce a legally sound, consistent unified model for access to non-public registration data, and lower the risk for the contracted parties in order for them to be able to accept such model.
Marika and other ICANN staff: Thanks very much for this rapidly-supplied and useful information. I did notice, however, that the link to the Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion<Draft%20Framework%20for%20a%20Possible%20Unified%20Access%20Model%20for%20Continued%20Access%20to%20Full%20WHOIS%20Data%20–%20For%20Discussion> does not work. I went to the https://community.icann.org/display/EOTSFGRD/Input+from+ICANN+Org page and the link didn’t work there, either. If you could supply the proper link I’d appreciate it. --MM From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Marika Konings Sent: Tuesday, August 28, 2018 11:30 AM To: Gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] FW: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 For your information. The responses to these questions will be posted on the related wiki page: https://community.icann.org/x/ahppBQ. Best regards, Caitlin, Berry and Marika From: Trang Nguyen <trang.nguyen@icann.org<mailto:trang.nguyen@icann.org>> Date: Tuesday, August 28, 2018 at 09:12 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>>, Daniel Halloran <daniel.halloran@icann.org<mailto:daniel.halloran@icann.org>>, Erika Randall <erika.randall@icann.org<mailto:erika.randall@icann.org>> Cc: Berry Cobb <Berry.Cobb@icann.org<mailto:Berry.Cobb@icann.org>>, Caitlin Tubergen <caitlin.tubergen@icann.org<mailto:caitlin.tubergen@icann.org>> Subject: Re: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 Hi Marika, Please see below responses to the question from the 21 August meeting. Best, Trang ** QUESTION: Can an update be provided on the status of the reconfirmation of the Temporary Specification by the ICANN Board? Response: There is a board meeting planned for later today (21 August). No changes to the Temporary Specification are being proposed. RESPONSE: The Board reaffirmed<https://www.icann.org/resources/board-material/resolutions-2018-08-21-en> the Temporary Specification with no changes on 21 August 2018. QUESTION: Has the WHOIS Conflicts with local laws procedure been used and successfully used to date? Please indicate the instances where the procedure was invoked and the outcome. Were any specific issues identified with the use of this procedure? RESPONSE: The procedure was most recently invoked for .FRL in late 2017. However, the request was withdrawn prior to an outcome when .FRL agreed to comply with the requirements of the Temporary Specification. The request was withdrawn early on in the process so ICANN org had not conducted a formal review to identify specific issues with the procedure. The procedure was also previously attempted by .FRL in late 2016 but the request did not meet the requirements to utilize the procedure. At the time, requirement to trigger the procedure was that the contracted party must have received “notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance.” However, .FRL was not subject to any such proceeding at the time, and the procedure could not be used. QUESTION: Regarding data disclosures concerning LEA requests: does GDPR compel a report of those disclosures to be made to the data subject? Please provide analysis of “in-jurisdiction” and “out-of-jurisdiction” requests. RESPONSE: The latest Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion<Draft%20Framework%20for%20a%20Possible%20Unified%20Access%20Model%20for%20Continued%20Access%20to%20Full%20WHOIS%20Data%20–%20For%20Discussion> addresses the question of “whether or not logs of query activities concerning non-public data must be available to the registrant upon request except if prohibited by a relevant court order or legal requirement.” Please refer to Section 8 of the draft framework for more information on this topic. The draft framework is published for community discussion and to seek guidance from the European Data Protection Board. With a better understanding of the law, we will all be well positioned to develop, implement and enforce a legally sound, consistent unified model for access to non-public registration data, and lower the risk for the contracted parties in order for them to be able to accept such model.
Hi Milton. The following link worked for me https://www.icann.org/en/system/files/files/framework-elements-unified-acces... Alex On Tue, Aug 28, 2018 at 8:36 PM Mueller, Milton L <milton@gatech.edu> wrote:
Marika and other ICANN staff:
Thanks very much for this rapidly-supplied and useful information.
I did notice, however, that the link to the Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <http://Draft%20Framework%20for%20a%20Possible%20Unified%20Access%20Model%20for%20Continued%20Access%20to%20Full%20WHOIS%20Data%20–%20For%20Discussion> does not work.
I went to the https://community.icann.org/display/EOTSFGRD/Input+from+ICANN+Org page and the link didn’t work there, either. If you could supply the proper link I’d appreciate it.
--MM
*From:* Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] *On Behalf Of *Marika Konings *Sent:* Tuesday, August 28, 2018 11:30 AM *To:* Gnso-epdp-team@icann.org *Subject:* [Gnso-epdp-team] FW: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018
For your information. The responses to these questions will be posted on the related wiki page: https://community.icann.org/x/ahppBQ.
Best regards,
Caitlin, Berry and Marika
*From: *Trang Nguyen <trang.nguyen@icann.org> *Date: *Tuesday, August 28, 2018 at 09:12 *To: *Marika Konings <marika.konings@icann.org>, Daniel Halloran < daniel.halloran@icann.org>, Erika Randall <erika.randall@icann.org> *Cc: *Berry Cobb <Berry.Cobb@icann.org>, Caitlin Tubergen < caitlin.tubergen@icann.org> *Subject: *Re: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018
Hi Marika,
Please see below responses to the question from the 21 August meeting.
Best,
Trang
**
QUESTION: Can an update be provided on the status of the reconfirmation of the Temporary Specification by the ICANN Board? Response: There is a board meeting planned for later today (21 August). No changes to the Temporary Specification are being proposed.
RESPONSE: The Board reaffirmed <https://www.icann.org/resources/board-material/resolutions-2018-08-21-en> the Temporary Specification with no changes on 21 August 2018.
QUESTION: Has the WHOIS Conflicts with local laws procedure been used and successfully used to date? Please indicate the instances where the procedure was invoked and the outcome. Were any specific issues identified with the use of this procedure?
RESPONSE: The procedure was most recently invoked for .FRL in late 2017. However, the request was withdrawn prior to an outcome when .FRL agreed to comply with the requirements of the Temporary Specification. The request was withdrawn early on in the process so ICANN org had not conducted a formal review to identify specific issues with the procedure.
The procedure was also previously attempted by .FRL in late 2016 but the request did not meet the requirements to utilize the procedure. At the time, requirement to trigger the procedure was that the contracted party must have received “notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance.” However, .FRL was not subject to any such proceeding at the time, and the procedure could not be used.
QUESTION: Regarding data disclosures concerning LEA requests: does GDPR compel a report of those disclosures to be made to the data subject? Please provide analysis of “in-jurisdiction” and “out-of-jurisdiction” requests.
RESPONSE: The latest Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion <http://Draft%20Framework%20for%20a%20Possible%20Unified%20Access%20Model%20for%20Continued%20Access%20to%20Full%20WHOIS%20Data%20–%20For%20Discussion> addresses the question of “whether or not logs of query activities concerning non-public data must be available to the registrant upon request except if prohibited by a relevant court order or legal requirement.” Please refer to Section 8 of the draft framework for more information on this topic. The draft framework is published for community discussion and to seek guidance from the European Data Protection Board. With a better understanding of the law, we will all be well positioned to develop, implement and enforce a legally sound, consistent unified model for access to non-public registration data, and lower the risk for the contracted parties in order for them to be able to accept such model.
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
Thank you Marika and Trang for this response. I have a follow up on the Whois Conflicts procedure question. The response provided doesn’t actually answer the questions on if the procedure has been successfully used to date. The two (.FRL) examples provided are both example where it was not successfully used (one withdrawn, the other didn’t meet the requirements). Can you clarify if the procedure has ever successfully been used? Are the two (.FRL) cases the only times someone attempted to use the procedure or have there been others? Thank you, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Tuesday, August 28, 2018 11:30 AM To: Gnso-epdp-team@icann.org Subject: [EXTERNAL] [Gnso-epdp-team] FW: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 For your information. The responses to these questions will be posted on the related wiki page: https://community.icann.org/x/ahppBQ. Best regards, Caitlin, Berry and Marika From: Trang Nguyen <trang.nguyen@icann.org<mailto:trang.nguyen@icann.org>> Date: Tuesday, August 28, 2018 at 09:12 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>>, Daniel Halloran <daniel.halloran@icann.org<mailto:daniel.halloran@icann.org>>, Erika Randall <erika.randall@icann.org<mailto:erika.randall@icann.org>> Cc: Berry Cobb <Berry.Cobb@icann.org<mailto:Berry.Cobb@icann.org>>, Caitlin Tubergen <caitlin.tubergen@icann.org<mailto:caitlin.tubergen@icann.org>> Subject: Re: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 Hi Marika, Please see below responses to the question from the 21 August meeting. Best, Trang ** QUESTION: Can an update be provided on the status of the reconfirmation of the Temporary Specification by the ICANN Board? Response: There is a board meeting planned for later today (21 August). No changes to the Temporary Specification are being proposed. RESPONSE: The Board reaffirmed<https://www.icann.org/resources/board-material/resolutions-2018-08-21-en> the Temporary Specification with no changes on 21 August 2018. QUESTION: Has the WHOIS Conflicts with local laws procedure been used and successfully used to date? Please indicate the instances where the procedure was invoked and the outcome. Were any specific issues identified with the use of this procedure? RESPONSE: The procedure was most recently invoked for .FRL in late 2017. However, the request was withdrawn prior to an outcome when .FRL agreed to comply with the requirements of the Temporary Specification. The request was withdrawn early on in the process so ICANN org had not conducted a formal review to identify specific issues with the procedure. The procedure was also previously attempted by .FRL in late 2016 but the request did not meet the requirements to utilize the procedure. At the time, requirement to trigger the procedure was that the contracted party must have received “notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance.” However, .FRL was not subject to any such proceeding at the time, and the procedure could not be used. QUESTION: Regarding data disclosures concerning LEA requests: does GDPR compel a report of those disclosures to be made to the data subject? Please provide analysis of “in-jurisdiction” and “out-of-jurisdiction” requests. RESPONSE: The latest Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion addresses the question of “whether or not logs of query activities concerning non-public data must be available to the registrant upon request except if prohibited by a relevant court order or legal requirement.” Please refer to Section 8 of the draft framework for more information on this topic. The draft framework is published for community discussion and to seek guidance from the European Data Protection Board. With a better understanding of the law, we will all be well positioned to develop, implement and enforce a legally sound, consistent unified model for access to non-public registration data, and lower the risk for the contracted parties in order for them to be able to accept such model.
Dear Marc and EPDP Team, It is the latter, no waivers have ever been issued by ICANN pursuant to that procedure. As an additional data point that might of interest to the EPDP Team, ICANN has granted 35 waivers modifying the RAA’s data retention requirements. These waivers are published here <https://www.icann.org/resources/pages/retention-2013-09-13-en>. Best, Trang From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of "Anderson, Marc via Gnso-epdp-team" <Gnso-epdp-team@icann.org> Reply-To: "Anderson, Marc" <mcanderson@verisign.com> Date: Wednesday, September 12, 2018 at 7:06 AM To: Marika Konings <marika.konings@icann.org>, "Gnso-epdp-team@icann.org" <Gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] FW: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 Thank you Marika and Trang for this response. I have a follow up on the Whois Conflicts procedure question. The response provided doesn’t actually answer the questions on if the procedure has been successfully used to date. The two (.FRL) examples provided are both example where it was not successfully used (one withdrawn, the other didn’t meet the requirements). Can you clarify if the procedure has ever successfully been used? Are the two (.FRL) cases the only times someone attempted to use the procedure or have there been others? Thank you, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Tuesday, August 28, 2018 11:30 AM To: Gnso-epdp-team@icann.org Subject: [EXTERNAL] [Gnso-epdp-team] FW: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 For your information. The responses to these questions will be posted on the related wiki page: https://community.icann.org/x/ahppBQ. Best regards, Caitlin, Berry and Marika From: Trang Nguyen <trang.nguyen@icann.org<mailto:trang.nguyen@icann.org>> Date: Tuesday, August 28, 2018 at 09:12 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>>, Daniel Halloran <daniel.halloran@icann.org<mailto:daniel.halloran@icann.org>>, Erika Randall <erika.randall@icann.org<mailto:erika.randall@icann.org>> Cc: Berry Cobb <Berry.Cobb@icann.org<mailto:Berry.Cobb@icann.org>>, Caitlin Tubergen <caitlin.tubergen@icann.org<mailto:caitlin.tubergen@icann.org>> Subject: Re: Questions for ICANN Org from EPDP Team Meeting - 9 August 2018 Hi Marika, Please see below responses to the question from the 21 August meeting. Best, Trang ** QUESTION: Can an update be provided on the status of the reconfirmation of the Temporary Specification by the ICANN Board? Response: There is a board meeting planned for later today (21 August). No changes to the Temporary Specification are being proposed. RESPONSE: The Board reaffirmed<https://www.icann.org/resources/board-material/resolutions-2018-08-21-en> the Temporary Specification with no changes on 21 August 2018. QUESTION: Has the WHOIS Conflicts with local laws procedure been used and successfully used to date? Please indicate the instances where the procedure was invoked and the outcome. Were any specific issues identified with the use of this procedure? RESPONSE: The procedure was most recently invoked for .FRL in late 2017. However, the request was withdrawn prior to an outcome when .FRL agreed to comply with the requirements of the Temporary Specification. The request was withdrawn early on in the process so ICANN org had not conducted a formal review to identify specific issues with the procedure. The procedure was also previously attempted by .FRL in late 2016 but the request did not meet the requirements to utilize the procedure. At the time, requirement to trigger the procedure was that the contracted party must have received “notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance.” However, .FRL was not subject to any such proceeding at the time, and the procedure could not be used. QUESTION: Regarding data disclosures concerning LEA requests: does GDPR compel a report of those disclosures to be made to the data subject? Please provide analysis of “in-jurisdiction” and “out-of-jurisdiction” requests. RESPONSE: The latest Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion<Draft%20Framework%20for%20a%20Possible%20Unified%20Access%20Model%20for%20Continued%20Access%20to%20Full%20WHOIS%20Data%20–%20For%20Discussion> addresses the question of “whether or not logs of query activities concerning non-public data must be available to the registrant upon request except if prohibited by a relevant court order or legal requirement.” Please refer to Section 8 of the draft framework for more information on this topic. The draft framework is published for community discussion and to seek guidance from the European Data Protection Board. With a better understanding of the law, we will all be well positioned to develop, implement and enforce a legally sound, consistent unified model for access to non-public registration data, and lower the risk for the contracted parties in order for them to be able to accept such model.
participants (5)
-
Alex Deacon
-
Anderson, Marc
-
Marika Konings
-
Mueller, Milton L
-
Trang Nguyen