Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach
![](https://secure.gravatar.com/avatar/c3b35ca24029251c1d545340560e0e85.jpg?s=120&d=mm&r=g)
Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version. Best regards, Caitlin, Berry and Marika From: "Mueller, Milton L" <milton@gatech.edu> Date: Wednesday, May 8, 2019 at 15:35 To: Marika Konings <marika.konings@icann.org>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: [Ext] RE: For your review - Phase 2 Draft Approach Hi, Looks like Janis and staff have been busy! I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2. So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended? --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Wednesday, May 8, 2019 2:07 PM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] For your review - Phase 2 Draft Approach Sending on behalf of Janis Karklins Dear EPDP Team, Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize: * This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that. I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done. Janis Karklins Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
![](https://secure.gravatar.com/avatar/02b9ac1b48ccaf9f21412db85c9ed562.jpg?s=120&d=mm&r=g)
Hi all, while I agree with much of what is included in the approach proposal, I do want to caution against any notion of holding these in parallel. We are stretched thinly enough as it is and splitting teams between streams or expecting all members to participate in two sessions per week (even if only on a bi-weekly schedule, as proposed) borders on the impossible. Let us not repeat the mistakes of phase one where everyone was running on fumes by the end. It is not just the calls but the surrounding time commitments for preparation, reading of documentation, coordination calls within our groups, etc that can quickly add up and we are all volunteers with day jobs here. Best, Volker Am 08.05.2019 um 23:39 schrieb Marika Konings:
Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version.
Best regards,
Caitlin, Berry and Marika
*From: *"Mueller, Milton L" <milton@gatech.edu> *Date: *Wednesday, May 8, 2019 at 15:35 *To: *Marika Konings <marika.konings@icann.org>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> *Subject: *[Ext] RE: For your review - Phase 2 Draft Approach
Hi,
Looks like Janis and staff have been busy!
I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2.
So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended?
--MM
*From:*Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Marika Konings *Sent:* Wednesday, May 8, 2019 2:07 PM *To:* gnso-epdp-team@icann.org *Subject:* [Gnso-epdp-team] For your review - Phase 2 Draft Approach
/Sending on behalf of Janis Karklins/
Dear EPDP Team,
Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize:
* This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that.
I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done.
Janis Karklins
*/Marika Konings/*
/Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) /
/Email: marika.konings@icann.org <mailto:marika.konings@icann.org> /
//
/Follow the GNSO via Twitter @ICANN_GNSO/
/Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>. /
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-- Volker A. Greimann General Counsel and Policy Manager *KEY-SYSTEMS GMBH* T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
![](https://secure.gravatar.com/avatar/3c6764476187eb60b7e1061cc2aac69a.jpg?s=120&d=mm&r=g)
Hi All, I would not use the term " disclosure/access to personal information" but would rather use the term " disclosure/access to nonpublic registration data". The reason for this is that by definition, some of the redacted data is not personal information, but was redacted because it was thought that in combination with other pieces of information it could lead to identifying the data subject. Best Regards, Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Marika Konings Sent: Wednesday, May 08, 2019 11:39 PM To: Mueller, Milton L; gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version. Best regards, Caitlin, Berry and Marika From: "Mueller, Milton L" <milton@gatech.edu> Date: Wednesday, May 8, 2019 at 15:35 To: Marika Konings <marika.konings@icann.org>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: [Ext] RE: For your review - Phase 2 Draft Approach Hi, Looks like Janis and staff have been busy! I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2. So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended? --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Wednesday, May 8, 2019 2:07 PM To: gnso-epdp-team@icann.org Subject: [Gnso-epdp-team] For your review - Phase 2 Draft Approach Sending on behalf of Janis Karklins Dear EPDP Team, Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize: * This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that. I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done. Janis Karklins Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
![](https://secure.gravatar.com/avatar/02b9ac1b48ccaf9f21412db85c9ed562.jpg?s=120&d=mm&r=g)
Obviously, according to the European Court of Justice, all information that in combination with other pieces of information could lead to the identification of the data subject is also personal information, so that differentiation is moot. (See: IP-Addresses in Case 582/14 – Patrick Breyer v Germany <http://curia.europa.eu/juris/document/document.jsf?text=&docid=184668&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=1116945>) The only scenario where nonpublic information is not public information is when the data cannot lead to the identification of the data subject, but that cannot usually be seen on its face. For example the commonly used role "Domain Manager" could be personal information if someone on that company website is listed as such, the company only has one staff member in that role or other factors and data sources allow the identification or the ability to build a personal profile. So yes, even legal entities may have used data in their registation data sets that can be considered personal information, which is why contracted parties have argued for no differentiation between entity types. Ultimately, the type is irrelevant, the data used is relevant. Best, Volker Am 09.05.2019 um 16:24 schrieb Hadia Abdelsalam Mokhtar EL miniawi:
Hi All,
I would not use the term " disclosure/access to personal information" but would rather use the term " disclosure/access to nonpublic registration data". The reason for this is that by definition, some of the redacted data is not personal information, but was redacted because it was thought that in combination with other pieces of information it could lead to identifying the data subject.
Best Regards,
Hadia
*From:*Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] *On Behalf Of *Marika Konings *Sent:* Wednesday, May 08, 2019 11:39 PM *To:* Mueller, Milton L; gnso-epdp-team@icann.org *Subject:* Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach
Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version.
Best regards,
Caitlin, Berry and Marika
*From: *"Mueller, Milton L" <milton@gatech.edu> *Date: *Wednesday, May 8, 2019 at 15:35 *To: *Marika Konings <marika.konings@icann.org>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> *Subject: *[Ext] RE: For your review - Phase 2 Draft Approach
Hi,
Looks like Janis and staff have been busy!
I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2.
So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended?
--MM
*From:*Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Marika Konings *Sent:* Wednesday, May 8, 2019 2:07 PM *To:* gnso-epdp-team@icann.org *Subject:* [Gnso-epdp-team] For your review - Phase 2 Draft Approach
/Sending on behalf of Janis Karklins/
Dear EPDP Team,
Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize:
* This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that.
I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done.
Janis Karklins
*/Marika Konings/*
/Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) /
/Email: marika.konings@icann.org <mailto:marika.konings@icann.org> /
//
/Follow the GNSO via Twitter @ICANN_GNSO/
/Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>. /
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
-- Volker A. Greimann General Counsel and Policy Manager *KEY-SYSTEMS GMBH* T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
![](https://secure.gravatar.com/avatar/e39ce543c76ca0508be59b4ad9890817.jpg?s=120&d=mm&r=g)
Thank you to Caitlin, Berry, and Marika for compiling this draft approach. We appreciate your effort, and we generally agree with this proposed approach, with specific comments below: As the IPC has suggested, we should set as one of our top, near-term priorities to address the legal status and legal liability of all parties involved in controlling and processing registration data, including ICANN, contracted parties, and (as all will be encouraged to hear) third parties who access registration data. Aiming for this clarity is a better objective for the EPDP team than “legal certainty” or “alleviat[ing] the legal liability” of any party, neither of which would be possible. So, we’re on board – let’s just be clear about the realistic outcome we’re aiming for. We’ve refrained from engaging in the access vs. disclosure discussion because as long as the eventual model supports unified/standardized access, we frankly don’t care what it’s called. Our thoughts on this matter are as follows: We’re mindful that the word disclosure seems to imply a focus on the party doing the disclosing, and that Phase 1, Recommendation 18 used “disclosure” to define the request-and-contracted-party-review style of ‘data obtaining’ (to generalize the concept) contemplated by the Temporary Specification. This was great collaborative work by the EPDP team, and we’re encouraged by it. Now that it’s finished, we’re eager to move on to creating the discloser-agnostic unified/standardized access model in Phase 2. So it seems to make more sense to focus on establishing the parameters within which someone with a lawful basis may expect unified/standardized access when they have such lawful basis, from whatever the source. Accordingly, we have a slight preference for “access” as it more accurately describes our Phase 2 work objective, but we’re probably nomenclature-agnostic if the EPDP team agrees with the goal of unified/standardized access. We reiterate our support for two work streams as we have much to cover, and the EPDP team has committed to work diligently toward successful resolution of Phase 2. We agree with Volker and Hadia that the more accurate description of the data is “non-public registration data,” which encompasses both personal information and non-personal information. Brian J. King Director of Internet Policy & Industry Affairs MarkMonitor / Part of Clarivate Analytics Phone: +1 (443) 761-3726 brian.king@markmonitor.com<mailto:brian.king@markmonitor.com> From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Volker Greimann Sent: Thursday, May 9, 2019 11:04 AM To: gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Obviously, according to the European Court of Justice, all information that in combination with other pieces of information could lead to the identification of the data subject is also personal information, so that differentiation is moot. (See: IP-Addresses in Case 582/14 – Patrick Breyer v Germany<https://urldefense.proofpoint.com/v2/url?u=http-3A__curia.europa.eu_juris_document_document.jsf-3Ftext-3D-26docid-3D184668-26pageIndex-3D0-26doclang-3Den-26mode-3Dlst-26dir-3D-26occ-3Dfirst-26part-3D1-26cid-3D1116945&d=DwMDaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=ESsNbNfvodTQ2UMeQzkrBJWxPySe2wJg7c1YeH3zB88&s=uyGdDc52qRzXmp6-2F3RNLWObbELfuX_-nKK_TitXdc&e=>) The only scenario where nonpublic information is not public information is when the data cannot lead to the identification of the data subject, but that cannot usually be seen on its face. For example the commonly used role "Domain Manager" could be personal information if someone on that company website is listed as such, the company only has one staff member in that role or other factors and data sources allow the identification or the ability to build a personal profile. So yes, even legal entities may have used data in their registation data sets that can be considered personal information, which is why contracted parties have argued for no differentiation between entity types. Ultimately, the type is irrelevant, the data used is relevant. Best, Volker Am 09.05.2019 um 16:24 schrieb Hadia Abdelsalam Mokhtar EL miniawi: Hi All, I would not use the term " disclosure/access to personal information" but would rather use the term " disclosure/access to nonpublic registration data". The reason for this is that by definition, some of the redacted data is not personal information, but was redacted because it was thought that in combination with other pieces of information it could lead to identifying the data subject. Best Regards, Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Marika Konings Sent: Wednesday, May 08, 2019 11:39 PM To: Mueller, Milton L; gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version. Best regards, Caitlin, Berry and Marika From: "Mueller, Milton L" <milton@gatech.edu><mailto:milton@gatech.edu> Date: Wednesday, May 8, 2019 at 15:35 To: Marika Konings <marika.konings@icann.org><mailto:marika.konings@icann.org>, "gnso-epdp-team@icann.org"<mailto:gnso-epdp-team@icann.org> <gnso-epdp-team@icann.org><mailto:gnso-epdp-team@icann.org> Subject: [Ext] RE: For your review - Phase 2 Draft Approach Hi, Looks like Janis and staff have been busy! I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2. So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended? --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org><mailto:gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Wednesday, May 8, 2019 2:07 PM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] For your review - Phase 2 Draft Approach Sending on behalf of Janis Karklins Dear EPDP Team, Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize: * This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that. I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done. Janis Karklins Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Depdp-2Dteam&d=DwMDaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=ESsNbNfvodTQ2UMeQzkrBJWxPySe2wJg7c1YeH3zB88&s=ndv2E82r5wyBCWfDXw2bMl8ApQ75K4qQ0_23EyqDcZc&e=> -- Volker A. Greimann General Counsel and Policy Manager KEY-SYSTEMS GMBH T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=DwMDaQ&c=OGmtg_3SI10Cogwk-ShFiw&r=qQNCXqU_XE2XIdXbawYmk-YDflYH6pd8ffXlzxU37OA&m=ESsNbNfvodTQ2UMeQzkrBJWxPySe2wJg7c1YeH3zB88&s=5suGMolBxY8HBytf-UzyG4uWzQovsLfwhEtKnud63PU&e=> Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.
![](https://secure.gravatar.com/avatar/a9455836baf74b85eaa81c3db233af24.jpg?s=120&d=mm&r=g)
Thank you Janis and the leadership team for providing this draft approach for phase 2. I think this is an excellent start. I have some thoughts/feedback to share after giving this a review. * The objective (first bullet slide 2) is more accurately to develop and agree on “policy recommendations”… rather than “rules and requirements”. This might be semantics and our policy recommendations may get specific as to the rules and requirements needed, but I think it’s an important distinction to make. * I’m not convinced that the proposed worksheets would be useful. To me they seem similar in nature to the discussion summary indexes from phase 1 (https://community.icann.org/display/EOTSFGRD/c.+Temporary+Specification+Disc...). Staff worked hard to create them early in phase 1 but we never really used or leveraged them for our subsequent work. I’m curious what other’s thoughts are. * At the start of our phase 2 work we should be in information gathering mode. A few things come to mind that we should consider. * At the start of phase 1 we asked for early input from SOs and ACs. I thought this was beneficial in informing our early work and I suggest we consider if something similar could be done for phase 2. * Is there any training or education that working group members should receive? Early in phase 1 it was arranged for working group members to take an online GDPR class. I don’t have anything specific in mind, but its worth asking the question if there is something similar that working group members would benefit from for phase 2. * Briefings from experts – We had an opportunity to hear from Becky Burr and ask her questions as a privacy officer and ICANN board member in a session that I think was very well received. Are there experts we could hear from for phase 2? We’ve discussed previously asking for a briefing from the RPM working group and the Privacy/Proxy IRT. Now might be the time to try and schedule those. * Requests to ICANN org – in our phase 1 report we had a couple of asks of ICANN org. Some of these were intended to provide additional information to inform our phase 2 deliberations. We should follow up on those phase 1 asks and also consider if there are other asks of ICANN org relevant to phase 2. * At the ICANN Barcelona meeting there was a high interest panel session on the phase 1 ePDP. Kurt facilitated the sessions with working group members serving as panelists. For many in the ICANN community this was the first opportunity to get detailed information about how the ePDP was going. The session was well attended and we received a lot of positive feedback. Looking at the schedule, the timing of ICANN 66 might be good to provide a similar update to the community on phase 2. I look forward to hearing from others and discussing on our 16 May call. Best, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Wednesday, May 08, 2019 5:39 PM To: Mueller, Milton L <milton@gatech.edu>; gnso-epdp-team@icann.org Subject: [EXTERNAL] Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version. Best regards, Caitlin, Berry and Marika From: "Mueller, Milton L" <milton@gatech.edu<mailto:milton@gatech.edu>> Date: Wednesday, May 8, 2019 at 15:35 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>>, "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: [Ext] RE: For your review - Phase 2 Draft Approach Hi, Looks like Janis and staff have been busy! I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2. So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended? --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Marika Konings Sent: Wednesday, May 8, 2019 2:07 PM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] For your review - Phase 2 Draft Approach Sending on behalf of Janis Karklins Dear EPDP Team, Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize: * This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that. I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done. Janis Karklins Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
![](https://secure.gravatar.com/avatar/3c6764476187eb60b7e1061cc2aac69a.jpg?s=120&d=mm&r=g)
Hi All, Thank you Janis and leadership team and for the proposed EPDP team Phase 2 draft approach, A couple of thoughts to share On the first slide "Draft Approach" you suggest that until legal certainty is available, the policy development related work will be agonistic to the system modalities , where you refer to the UAM as a centralized model. It is too early to conclude that the issue is centralized vs decentralized, how did we reach this conclusion? Also there are many aspects to centralization which one are we referring too? Our starting point should be our deliverable, a unified access/disclosure model that is GDPR compliant and reduces the liabilities. The TSG has put the broad lines for a UAM from a technical point of view, which shows the feasibility of an implementable model from a technical aspect. We are still to define the system from a policy point of view. To that end, I don't see that we should be avoiding discussions about a UAM and that it should be included when discussing work stream 1 issues. With regard to the working terminology, I believe we should be referring to the data being disclosed as " nonpublic registration data" and not " Personal Information". We don't need to define the type of disclosed data, it could be personal or non-personal. Some redacted data items are by definition non-personal information but were redacted because it was though that in conjunction with other pieces of information it could lead to identifying the data subject. Kind Regards Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] On Behalf Of Anderson, Marc via Gnso-epdp-team Sent: Tuesday, May 14, 2019 9:03 PM To: gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Thank you Janis and the leadership team for providing this draft approach for phase 2. I think this is an excellent start. I have some thoughts/feedback to share after giving this a review. * The objective (first bullet slide 2) is more accurately to develop and agree on “policy recommendations”… rather than “rules and requirements”. This might be semantics and our policy recommendations may get specific as to the rules and requirements needed, but I think it’s an important distinction to make. * I’m not convinced that the proposed worksheets would be useful. To me they seem similar in nature to the discussion summary indexes from phase 1 (https://community.icann.org/display/EOTSFGRD/c.+Temporary+Specification+Disc...). Staff worked hard to create them early in phase 1 but we never really used or leveraged them for our subsequent work. I’m curious what other’s thoughts are. * At the start of our phase 2 work we should be in information gathering mode. A few things come to mind that we should consider. * At the start of phase 1 we asked for early input from SOs and ACs. I thought this was beneficial in informing our early work and I suggest we consider if something similar could be done for phase 2. * Is there any training or education that working group members should receive? Early in phase 1 it was arranged for working group members to take an online GDPR class. I don’t have anything specific in mind, but its worth asking the question if there is something similar that working group members would benefit from for phase 2. * Briefings from experts – We had an opportunity to hear from Becky Burr and ask her questions as a privacy officer and ICANN board member in a session that I think was very well received. Are there experts we could hear from for phase 2? We’ve discussed previously asking for a briefing from the RPM working group and the Privacy/Proxy IRT. Now might be the time to try and schedule those. * Requests to ICANN org – in our phase 1 report we had a couple of asks of ICANN org. Some of these were intended to provide additional information to inform our phase 2 deliberations. We should follow up on those phase 1 asks and also consider if there are other asks of ICANN org relevant to phase 2. * At the ICANN Barcelona meeting there was a high interest panel session on the phase 1 ePDP. Kurt facilitated the sessions with working group members serving as panelists. For many in the ICANN community this was the first opportunity to get detailed information about how the ePDP was going. The session was well attended and we received a lot of positive feedback. Looking at the schedule, the timing of ICANN 66 might be good to provide a similar update to the community on phase 2. I look forward to hearing from others and discussing on our 16 May call. Best, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Marika Konings Sent: Wednesday, May 08, 2019 5:39 PM To: Mueller, Milton L <milton@gatech.edu>; gnso-epdp-team@icann.org Subject: [EXTERNAL] Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version. Best regards, Caitlin, Berry and Marika From: "Mueller, Milton L" <milton@gatech.edu<mailto:milton@gatech.edu>> Date: Wednesday, May 8, 2019 at 15:35 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>>, "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: [Ext] RE: For your review - Phase 2 Draft Approach Hi, Looks like Janis and staff have been busy! I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2. So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended? --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Marika Konings Sent: Wednesday, May 8, 2019 2:07 PM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] For your review - Phase 2 Draft Approach Sending on behalf of Janis Karklins Dear EPDP Team, Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize: * This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that. I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done. Janis Karklins Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>.
![](https://secure.gravatar.com/avatar/d667ac994d5c178947a2fc07bee2484a.jpg?s=120&d=mm&r=g)
Hadia, Thank you for your comment. It seems that additional clarification should be provided on the draft approach in relation to the unified access model. I see it as a standard, that might be applied possibly in centralized or decentralized manner. Alternative to it would be completely decentralized model without any unified element. It is suggested, at least intention of the draft was to propose working towards development of a standard with understanding that the decision on a way of its application (centralized or decentralized) will be taken at the later stage. Theoretically I see also possible combination of both approaches in UAM, whereby some contracting parties may opt for a centralized model but some for decentralized model. I hope this clarifies and alleviates your concern. My apologies for imperfect formulation in the slide. Looking forward to engaging conversation tomorrow. JK On Wed, May 15, 2019 at 12:32 PM Hadia Abdelsalam Mokhtar EL miniawi < Hadia@tra.gov.eg> wrote:
Hi All,
Thank you Janis and leadership team and for the proposed EPDP team Phase 2 draft approach, A couple of thoughts to share
On the first slide "Draft Approach" you suggest that until legal certainty is available, the policy development related work will be agonistic to the system modalities , where you refer to the UAM as a centralized model. It is too early to conclude that the issue is centralized vs decentralized, how did we reach this conclusion? Also there are many aspects to centralization which one are we referring too? Our starting point should be our deliverable, a unified access/disclosure model that is GDPR compliant and reduces the liabilities. The TSG has put the broad lines for a UAM from a technical point of view, which shows the feasibility of an implementable model from a technical aspect. We are still to define the system from a policy point of view. To that end, I don't see that we should be avoiding discussions about a UAM and that it should be included when discussing work stream 1 issues.
With regard to the working terminology, I believe we should be referring to the data being disclosed as " nonpublic registration data" and not " Personal Information". We don't need to define the type of disclosed data, it could be personal or non-personal. Some redacted data items are by definition non-personal information but were redacted because it was though that in conjunction with other pieces of information it could lead to identifying the data subject.
Kind Regards
Hadia
*From:* Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org] *On Behalf Of *Anderson, Marc via Gnso-epdp-team *Sent:* Tuesday, May 14, 2019 9:03 PM *To:* gnso-epdp-team@icann.org *Subject:* Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach
Thank you Janis and the leadership team for providing this draft approach for phase 2. I think this is an excellent start. I have some thoughts/feedback to share after giving this a review.
- The objective (first bullet slide 2) is more accurately to develop and agree on “policy recommendations”… rather than “rules and requirements”. This might be semantics and our policy recommendations may get specific as to the rules and requirements needed, but I think it’s an important distinction to make.
- I’m not convinced that the proposed worksheets would be useful. To me they seem similar in nature to the discussion summary indexes from phase 1 ( https://community.icann.org/display/EOTSFGRD/c.+Temporary+Specification+Disc... ). Staff worked hard to create them early in phase 1 but we never really used or leveraged them for our subsequent work. I’m curious what other’s thoughts are.
- At the start of our phase 2 work we should be in information gathering mode. A few things come to mind that we should consider. - At the start of phase 1 we asked for early input from SOs and ACs. I thought this was beneficial in informing our early work and I suggest we consider if something similar could be done for phase 2. - Is there any training or education that working group members should receive? Early in phase 1 it was arranged for working group members to take an online GDPR class. I don’t have anything specific in mind, but its worth asking the question if there is something similar that working group members would benefit from for phase 2. - Briefings from experts – We had an opportunity to hear from Becky Burr and ask her questions as a privacy officer and ICANN board member in a session that I think was very well received. Are there experts we could hear from for phase 2? We’ve discussed previously asking for a briefing from the RPM working group and the Privacy/Proxy IRT. Now might be the time to try and schedule those.
- Requests to ICANN org – in our phase 1 report we had a couple of asks of ICANN org. Some of these were intended to provide additional information to inform our phase 2 deliberations. We should follow up on those phase 1 asks and also consider if there are other asks of ICANN org relevant to phase 2.
- At the ICANN Barcelona meeting there was a high interest panel session on the phase 1 ePDP. Kurt facilitated the sessions with working group members serving as panelists. For many in the ICANN community this was the first opportunity to get detailed information about how the ePDP was going. The session was well attended and we received a lot of positive feedback. Looking at the schedule, the timing of ICANN 66 might be good to provide a similar update to the community on phase 2.
I look forward to hearing from others and discussing on our 16 May call.
Best,
Marc
*From:* Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Marika Konings *Sent:* Wednesday, May 08, 2019 5:39 PM *To:* Mueller, Milton L <milton@gatech.edu>; gnso-epdp-team@icann.org *Subject:* [EXTERNAL] Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach
Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version.
Best regards,
Caitlin, Berry and Marika
*From: *"Mueller, Milton L" <milton@gatech.edu> *Date: *Wednesday, May 8, 2019 at 15:35 *To: *Marika Konings <marika.konings@icann.org>, "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> *Subject: *[Ext] RE: For your review - Phase 2 Draft Approach
Hi,
Looks like Janis and staff have been busy!
I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2.
So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended?
--MM
*From:* Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> *On Behalf Of *Marika Konings *Sent:* Wednesday, May 8, 2019 2:07 PM *To:* gnso-epdp-team@icann.org *Subject:* [Gnso-epdp-team] For your review - Phase 2 Draft Approach
*Sending on behalf of Janis Karklins*
Dear EPDP Team,
Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize:
- This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. - For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. - Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. - I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that.
I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done.
Janis Karklins
*Marika Konings*
*Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) *
*Email: marika.konings@icann.org <marika.konings@icann.org> *
*Follow the GNSO via Twitter @ICANN_GNSO*
*Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>. *
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
![](https://secure.gravatar.com/avatar/3c6764476187eb60b7e1061cc2aac69a.jpg?s=120&d=mm&r=g)
Thank you Janis for your reply and for your clarification, indeed a unified access model is not necessarily a centralized model. I totally agree that the method of implementation could be dealt with at a later stage. Kind Regards, Hadia ________________________________ From: Janis Karklins <karklinsj@gmail.com> Sent: 15 May 2019 13:57 To: Hadia Abdelsalam Mokhtar EL miniawi Cc: gnso-epdp-team@icann.org Subject: Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Hadia, Thank you for your comment. It seems that additional clarification should be provided on the draft approach in relation to the unified access model. I see it as a standard, that might be applied possibly in centralized or decentralized manner. Alternative to it would be completely decentralized model without any unified element. It is suggested, at least intention of the draft was to propose working towards development of a standard with understanding that the decision on a way of its application (centralized or decentralized) will be taken at the later stage. Theoretically I see also possible combination of both approaches in UAM, whereby some contracting parties may opt for a centralized model but some for decentralized model. I hope this clarifies and alleviates your concern. My apologies for imperfect formulation in the slide. Looking forward to engaging conversation tomorrow. JK On Wed, May 15, 2019 at 12:32 PM Hadia Abdelsalam Mokhtar EL miniawi <Hadia@tra.gov.eg<mailto:Hadia@tra.gov.eg>> wrote: Hi All, Thank you Janis and leadership team and for the proposed EPDP team Phase 2 draft approach, A couple of thoughts to share On the first slide "Draft Approach" you suggest that until legal certainty is available, the policy development related work will be agonistic to the system modalities , where you refer to the UAM as a centralized model. It is too early to conclude that the issue is centralized vs decentralized, how did we reach this conclusion? Also there are many aspects to centralization which one are we referring too? Our starting point should be our deliverable, a unified access/disclosure model that is GDPR compliant and reduces the liabilities. The TSG has put the broad lines for a UAM from a technical point of view, which shows the feasibility of an implementable model from a technical aspect. We are still to define the system from a policy point of view. To that end, I don't see that we should be avoiding discussions about a UAM and that it should be included when discussing work stream 1 issues. With regard to the working terminology, I believe we should be referring to the data being disclosed as " nonpublic registration data" and not " Personal Information". We don't need to define the type of disclosed data, it could be personal or non-personal. Some redacted data items are by definition non-personal information but were redacted because it was though that in conjunction with other pieces of information it could lead to identifying the data subject. Kind Regards Hadia From: Gnso-epdp-team [mailto:gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>] On Behalf Of Anderson, Marc via Gnso-epdp-team Sent: Tuesday, May 14, 2019 9:03 PM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Thank you Janis and the leadership team for providing this draft approach for phase 2. I think this is an excellent start. I have some thoughts/feedback to share after giving this a review. * The objective (first bullet slide 2) is more accurately to develop and agree on “policy recommendations”… rather than “rules and requirements”. This might be semantics and our policy recommendations may get specific as to the rules and requirements needed, but I think it’s an important distinction to make. * I’m not convinced that the proposed worksheets would be useful. To me they seem similar in nature to the discussion summary indexes from phase 1 (https://community.icann.org/display/EOTSFGRD/c.+Temporary+Specification+Disc...). Staff worked hard to create them early in phase 1 but we never really used or leveraged them for our subsequent work. I’m curious what other’s thoughts are. * At the start of our phase 2 work we should be in information gathering mode. A few things come to mind that we should consider. * At the start of phase 1 we asked for early input from SOs and ACs. I thought this was beneficial in informing our early work and I suggest we consider if something similar could be done for phase 2. * Is there any training or education that working group members should receive? Early in phase 1 it was arranged for working group members to take an online GDPR class. I don’t have anything specific in mind, but its worth asking the question if there is something similar that working group members would benefit from for phase 2. * Briefings from experts – We had an opportunity to hear from Becky Burr and ask her questions as a privacy officer and ICANN board member in a session that I think was very well received. Are there experts we could hear from for phase 2? We’ve discussed previously asking for a briefing from the RPM working group and the Privacy/Proxy IRT. Now might be the time to try and schedule those. * Requests to ICANN org – in our phase 1 report we had a couple of asks of ICANN org. Some of these were intended to provide additional information to inform our phase 2 deliberations. We should follow up on those phase 1 asks and also consider if there are other asks of ICANN org relevant to phase 2. * At the ICANN Barcelona meeting there was a high interest panel session on the phase 1 ePDP. Kurt facilitated the sessions with working group members serving as panelists. For many in the ICANN community this was the first opportunity to get detailed information about how the ePDP was going. The session was well attended and we received a lot of positive feedback. Looking at the schedule, the timing of ICANN 66 might be good to provide a similar update to the community on phase 2. I look forward to hearing from others and discussing on our 16 May call. Best, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Marika Konings Sent: Wednesday, May 08, 2019 5:39 PM To: Mueller, Milton L <milton@gatech.edu<mailto:milton@gatech.edu>>; gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [EXTERNAL] Re: [Gnso-epdp-team] [Ext] RE: For your review - Phase 2 Draft Approach Apologies, it looks like the pdf conversion got rid of the ticks. We’ve replaced them with ‘X’ in the attached version. Best regards, Caitlin, Berry and Marika From: "Mueller, Milton L" <milton@gatech.edu<mailto:milton@gatech.edu>> Date: Wednesday, May 8, 2019 at 15:35 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>>, "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: [Ext] RE: For your review - Phase 2 Draft Approach Hi, Looks like Janis and staff have been busy! I have a question about Slide 7. There are no “X’s” or ticks in the columns for WS 1 and WS 2. So I can’t tell what this means. Are we proposing (I hope) that WS1 meets on Tuesdays and WS2 meets on Thursdays? Or is this still open-ended? --MM From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> On Behalf Of Marika Konings Sent: Wednesday, May 8, 2019 2:07 PM To: gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] For your review - Phase 2 Draft Approach Sending on behalf of Janis Karklins Dear EPDP Team, Following last week’s meeting, the leadership team and staff support have worked together on developing a draft approach for tackling phase 2. We hope this strikes a balance between the different views expressed and will form the basis for a detailed work plan with concrete milestones and deliverables. You will find attached a couple of slides that outline our current thinking in further detail, but here are some points I want to emphasize: * This is a draft approach for discussion and review. Based on your input prior and our discussion during next week’s meeting, we will further iterate and detail our approach, the proposed work plan and accompanying timeline. This draft is for discussion that, hopefully, will lead to a consensual agreement. * For the purpose of our exercise it is important to use definitions and terminology with the same understanding. We propose to develop and use working definitions without prejudice to consensual outcome. Final definitions can only be developed once the Team has finalized its work and agreed on its recommendations. * Based on the Team’s feedback in relation to the request to form a small team to engage with ICANN Org, I suggest to keep a plenary setting which will avoid creating a separate structure and ensure that everyone is part of discussion. Nevertheless, as this work on obtaining legal certainty is ongoing, I would propose that we deal with the charter questions and list of issues identified on slide 5 in an agnostic manner. In other words, we should refrain at the outset to deliberate on whether or not a System for Standardized Disclosure should be centralized or not, but rather we should focus on the commonalities and where needed identify that differentiation may be required depending on which model is ultimately determined to be legally compliant with GDPR and workable. I also expect that this approach would help inform the engagement of ICANN org and DPAs. * I appreciate that some of you may consider the timeline ambitious, but I’ve heard from almost everyone that the work on a System for Standardized Disclosure is a priority and as such I am committed to setting a target date for us to work towards. This will require your support and dedication. I am pretty confident I can count on that. I look forward to receiving your feedback and would like to encourage you to focus your input on what, why and how things could or should be done differently, instead of simply saying that something cannot be acceptable or should not be done. Janis Karklins Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_gnso&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=Cg5uQf0yAfw-qlFZ0WNBfsLmmtBNUiH0SuI6Vg-gXBQ&e=> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gnso.icann.org_files_gnso_presentations_policy-2Defforts.htm-23newcomers&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=7_PQAir-9nJQ2uB2cWiTDDDo5Hfy5HL9rSTe65iXLVM&m=5DXgId95wrCsHi--pxTiJD7bMB9r-T5ytCn7od3CF2Q&s=tT-E2RoAucUb3pfL9zmlbRdq1sytaEf765KOEkBVCjk&e=>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
participants (6)
-
Anderson, Marc
-
Hadia Abdelsalam Mokhtar EL miniawi
-
Janis Karklins
-
King, Brian
-
Marika Konings
-
Volker Greimann