Proposed redline on the lawfulness of processing
![](https://secure.gravatar.com/avatar/185579a90a721e1b3a16349ebf82723a.jpg?s=120&d=mm&r=g)
All, On Thursday I took an action to propose updates that ensures lawfulness of processing is not limited to Article 6.1.f (and thus subject to a balancing test). I've attached a proposed redline for discussion. You will note it addresses Section 4.4 and Appendix C.2 (per my action) and for completeness I also updated Appendix A.4.1 for consistency. Regards, Alex -- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
![](https://secure.gravatar.com/avatar/7e63fafb24584cd04d81677090cb922b.jpg?s=120&d=mm&r=g)
Suggested Redlines to ensure lawfulness of processing is not limited to Article 6.1.f and thus subject to a balancing test. Section 4.4 However, such Processing must be in a manner that complies with the GDPR, including on the basis of a specific identified purpose for such Processing. Accordingly, Personal Data included in Registration Data may be Processed on the lawful bases as scoped in GDPR Article 2 or as enumerated in GDPR Article 6.1, and for at least the following legitimate purposes: Comments from Kavouss In order to enable the reader to agree with the proposed changes, the referred Articles of GPDR should be hyperlinked.However, therte are two WAYS: One WAY would be that the Text of Temp .Specification, which at later date become definitive specification should be self contained and self sufficient in order to avois D the readers to refer to other sources as well as to avoid misinterpretation of several terms and associated qulaifiers mentioned in those Articles. The Second way would be to make the text as concise and short as possible but cross reference to othe Articles of GPDR with the risk of unintended misiterpretations and lack of definitions of terms and qualifiers used in those Articles Appendix A.4.1 *4. Access to Non-Public Registration Data * 4.1. Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the lawful bases as scoped in GDPR Article 2 and as enumerated in GDPR Article 6.1. See above comments Appendix C.2 *2. Lawfulness of Processing * For Personal Data Processed in connection with the Registration Data Directory Services, such Processing will take place on the lawful bases as scoped in GDPR Article 2 and as enumerated in GDPR Article 6.1, For other Personal Data collected for other purposes, such Personal Data SHALL NOT be Processed unless a legal basis specified under Article 6(1) GDPR applies. See above comments On Mon, Sep 3, 2018 at 10:10 PM Alex Deacon <alex@colevalleyconsulting.com> wrote:
All,
On Thursday I took an action to propose updates that ensures lawfulness of processing is not limited to Article 6.1.f (and thus subject to a balancing test).
I've attached a proposed redline for discussion. You will note it addresses Section 4.4 and Appendix C.2 (per my action) and for completeness I also updated Appendix A.4.1 for consistency.
Regards, Alex
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
![](https://secure.gravatar.com/avatar/7e63fafb24584cd04d81677090cb922b.jpg?s=120&d=mm&r=g)
DeAr Alex, Dear All, Below is Article 2 *"Art. 2 GDPR Material scope* *1. This Regulation applies to the processing of personal data wholly or partly by automated means ?and to the processing other than by automated means? of personal data which form part of a filing system or are intended to form part of a filing system.?* *2. This Regulation does not apply to the processing of personal data: * *1. in the course of an activity which falls outside the scope of Union law;* *2. by the Member States when carrying out activities which fall within the scope of Chapter 2 of Title V of the TEU <http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:12012M/TXT>;* *3. by a natural person in the course of a purely personal or household activity;* *4. by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.* *3. 1For the processing of personal data by the Union institutions, bodies, offices and agencies, Regulation (EC) No 45/2001 <http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32001R0045> applies. 2Regulation (EC) No 45/2001 and other Union legal acts applicable to such processing of personal data shall be adapted to the principles and rules of this Regulation in accordance with Article 98 <https://gdpr-info.eu/art-98-gdpr/>.* *4. This Regulation shall be without prejudice to the application of Directive 2000/31/EC <http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32000L0031>, in particular of the liability rules of intermediary service providers in Articles 12 to 15 of that Directive."* As I mentioned such refrence, is made it would make the reading of the Temp Spec.more difficult due to the fact that There are other cross refernces ,some of which are merely " Directives for EU" and thus are not to be applied outside EU. It may not be appropriate to make jurisdictions of other countries subordinate to the Directives of EU.Consequenly, it is preferable to have plain language to be included in the final draft of Temp. Spec. Regards Kavouss On Mon, Sep 3, 2018 at 11:21 PM Kavouss Arasteh <kavouss.arasteh@gmail.com> wrote:
Suggested Redlines to ensure lawfulness of processing is not limited to Article 6.1.f and thus subject to a balancing test.
Section 4.4
However, such Processing must be in a manner that complies with the GDPR, including on the basis of a specific identified purpose for such Processing. Accordingly, Personal Data included in Registration Data may be Processed on the lawful bases as scoped in GDPR Article 2 or as enumerated in GDPR Article 6.1, and for at least the following legitimate purposes:
Comments from Kavouss
In order to enable the reader to agree with the proposed changes, the referred Articles of GPDR should be hyperlinked.However, therte are two WAYS:
One WAY would be that the Text of Temp .Specification, which at later date become definitive specification should be self contained and self sufficient in order to avois D the readers to refer to other sources as well as to avoid misinterpretation of several terms and associated qulaifiers mentioned in those Articles.
The Second way would be to make the text as concise and short as possible but cross reference to othe Articles of GPDR with the risk of unintended misiterpretations and lack of definitions of terms and qualifiers used in those Articles
Appendix A.4.1
*4. Access to Non-Public Registration Data *
4.1. Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the lawful bases as scoped in GDPR Article 2 and as enumerated in GDPR Article 6.1.
See above comments
Appendix C.2
*2. Lawfulness of Processing *
For Personal Data Processed in connection with the Registration Data Directory Services, such Processing will take place on the lawful bases as scoped in GDPR Article 2 and as enumerated in GDPR Article 6.1, For other Personal Data collected for other purposes, such Personal Data SHALL NOT be Processed unless a legal basis specified under Article 6(1) GDPR applies.
See above comments
On Mon, Sep 3, 2018 at 10:10 PM Alex Deacon <alex@colevalleyconsulting.com> wrote:
All,
On Thursday I took an action to propose updates that ensures lawfulness of processing is not limited to Article 6.1.f (and thus subject to a balancing test).
I've attached a proposed redline for discussion. You will note it addresses Section 4.4 and Appendix C.2 (per my action) and for completeness I also updated Appendix A.4.1 for consistency.
Regards, Alex
-- ___________ *Alex Deacon* Cole Valley Consulting alex@colevalleyconsulting.com +1.415.488.6009
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
participants (2)
-
Alex Deacon
-
Kavouss Arasteh