Notes and action items - EPDP Meeting #43 - Thursday, 20 February 2020
Dear EPDP Team: Please find below the notes and action items from EPDP Meeting #43 on Thursday, 20 February 2020. As a reminder, the next plenary EPDP Team meeting will be Thursday, 27 February at 14:00 UTC. The small team of volunteers for automation use cases will meet on Tuesday, 25 February at 14:00 UTC. Thank you. Best regards, Marika, Berry, and Caitlin Action Items EPDP Team to review the Priority 2 compilation overview and timetable in detail and flag any major scheduling concerns by Tuesday, 25 February. EPDP Team members are encouraged to provide feedback on Priority 2 topics via the list in advance of the scheduled date(s) for discussion. EPDP Team to review the EPDP Support Staff’s proposed updated recommendation for the display of information of affiliated vs. accredited privacy / proxy providers by Wednesday, 26 February COB. Specifically, if any EPDP Team members cannot live with the updated recommendation as proposed, please provide an alternate proposal to the list by Wednesday, 26 February COB. For those EPDP Team members interested in participating in the small team discussion on automation use cases, please attend the meeting on Tuesday, 25 February at 14:00 UTC. EPDP Support Staff sent a calendar invite to the Team; if you did not receive the invite and would like to attend, please reach out to gnso-secs@icann.org. EPDP Phase 2 - Meeting #43 Proposed Agenda Thursday, 20 February 2020 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (5 minutes) ICANN67 Update The ICANN Board announced that ICANN67 will be a remote meeting. EPDP Team Feedback: Would be helpful to ask groups to provide feedback following this announcement – it will likely be difficult to have a 10-hour meeting on a Saturday There is value to F2F interactions – the location could be subject to discussion Option that makes the most sense – two normal-sized meeting during ICANN67, and another meeting in May 10-hour meeting on a Saturday is not viable ICANN Belgian DPA Update See blog post Imperative that ICANN org and Janis provide more detail regarding the meeting with the Belgian DPA Position of the roles of Janis and Georgios – Janis was there to present the work of the EPDP Team. Question: was there any discussion on the DPA reviewing the Initial Report in detail and providing input during the public comment period, or input on the Final Report? Blog post was very high level and did not seem to have anything actionable from the EPDP Team’s work An important question that needed to be asked was the allocation of liability based on the allocation of processing If there is not enough detail in the current draft recommendations, what does that mean? Does it mean there should be more details or are critical details being left to the implementation phase? Perhaps the Team should be more specific in its recommendations. It would be helpful if Janis could provide more detail in a future update. Update from legal committee Legal Committee reviewed the previously-sent legal questions – decided the question regarding reverse look-ups should be removed from consideration since this topic is no longer part of the Initial Report Recommended proceeding with the SSAC question re: representations b/w legal vs. natural. (Legal vs. Natural Question 2) Did the legal committee consider the issue of instances where the inclusion of personal data is included within a legal person’s contact information? Answer: yes Legal Committee still reviewing additional questions Reminder of the role of the legal committee – it is a representative group and approved questions will be sent to the EPDP Team as an FYI, but not for approval. All members of the EPDP Team may channel questions/concerns through their dedicated legal committee rep. 4. Timeline review and priority 2 worksheet compilation (20 minutes) a) Priority 2 worksheet compilation overview EPDP Leadership and Support Staff have compiled the remaining Priority 2 issues, which includes both suggested dates when the Team will discuss the topic as well as leadership-proposed paths forward, where applicable. The compilation includes links to the Priority 2 worksheets, which were populated as a result of small team calls. All EPDP Team members should review the Priority 2 worksheets in detail, as they include details regarding expected deliverables, required reading, etc. Action: EPDP Team to review the compilation overview in detail and flag any concerns, alternative proposals, etc. EPDP Team members are encouraged to provide feedback in advance of the scheduled date for discussion. b) Consider input received to date c) EPDP team input d) Confirm volunteers for Automation Use Cases Small Team e) Confirm next steps 5. Display of information of affiliated vs. accredited privacy / proxy providers (priority 2) (45 minutes) EPDP Team to review ICANN Org feedback During Phase 1 deliberations, the EPDP Team was unsure whether one could tell if a domain name is a privacy or proxy registration by looking at the output. The answer to the question that the P/P recommendations would include a recommendation that would lead to a clear indication in the RDDS response if the registration was a P/P service. This is a concern that all accredited P/P providers will be visible in RDDS – this has been addressed, and the recommendation as proposed by staff. There is doubt that the accreditation program for these services is still needed – the recommendation should be that the PDP should be reopened to reassess the recommendations of that group It’s a giant leap of faith to assume that P/P services will be deactivated Consider Support Staff proposed recommendation No EPDP Team objections expressed on the call over Support Staff’s proposal for P/P services. Action: EPDP Team to review the proposed recommendation in detail and flag objections on the list by Thursday, 27 February. Confirm next steps 6. Wrap and confirm next EPDP Team meeting (5 minutes): Thursday 27 February 2020 at 14.00 UTC (topics: data retention & feasibility of unique contacts to have a uniform anonymized email address) Confirm action items Confirm questions for ICANN Org, if any
All, I’m responding to action item #3 from the 20 Feb meeting. That action item asks us to review the staff proposed language: PROPOSED RECOMMENDATION FOR EPDP TEAM CONSIDERATION Based on input received, EPDP Support Staff recommends the EPDP Team to consider the following recommendation: Following the implementation of the PPSAI recommendations, the EPDP Team recommends that EPDP Phase 1 recommendation #14 (“In the case of a domain name registration where an "affiliated" privacy/proxy service used (e.g. where data associated with a natural person is masked), Registrar (and Registry where applicable) MUST include in the public RDDS and return in response to any query full non-personal RDDS data of the privacy/proxy service, which MAY also include the existing privacy/proxy pseudonymized email.”) applies to all accredited privacy and proxy services. I’m ok with the principle that we as a working group already agreed in phase 1 that privacy and proxied data should NOT also be redacted. In phase 1 the best we could do at the time was a recommendation to not redact where an “affiliated” service was used. In theory, once privacy/proxy services are accredited that scope could be expanded. What we heard from the Privacy/Proxy implementation is that “the PP IRT was considering a proposed requirement that all privacy and proxy service providers include a label, which would flag each registration as a privacy/proxy registration and identify which provider is associated with that registration, in the existing WHOIS output “registrant organization” field.” I’m concerned that the draft text isn’t clear and is very conditional. I think this text is intended to become a new EPDP phase 2 recommendation (rec 20?). That recommendation would replace, modify or otherwise supersede the EPDP phase 1 recommendation #14 (that hasn’t yet been implemented), but only when/if the Privacy/Proxy implementation produces a new policy that results in domain registration data that clearly identifies that it is a privacy/proxy registration, thus enabling an automated determination by the registrar (and registry if applicable) NOT to redact the data. Otherwise EPDP phase 1 rec #14 stands. Is this everyone else’s understanding? As I said, the principle sounds fine, but I don’t think the text reflects my recollection of what we discussed and I’m concerned about the squishy conditional nature of this new recommendation. Thanks, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Caitlin Tubergen Sent: Sunday, February 23, 2020 5:59 PM To: gnso-epdp-team@icann.org Subject: [EXTERNAL] [Gnso-epdp-team] Notes and action items - EPDP Meeting #43 - Thursday, 20 February 2020 Dear EPDP Team: Please find below the notes and action items from EPDP Meeting #43 on Thursday, 20 February 2020. As a reminder, the next plenary EPDP Team meeting will be Thursday, 27 February at 14:00 UTC. The small team of volunteers for automation use cases will meet on Tuesday, 25 February at 14:00 UTC. Thank you. Best regards, Marika, Berry, and Caitlin Action Items 1. EPDP Team to review the Priority 2 compilation overview and timetable<https://mm.icann.org/pipermail/gnso-epdp-team/2020-February/003076.html> in detail and flag any major scheduling concerns by Tuesday, 25 February. 2. EPDP Team members are encouraged to provide feedback on Priority 2 topics via the list in advance of the scheduled date(s) for discussion. 3. EPDP Team to review the EPDP Support Staff’s proposed updated recommendation for the display of information of affiliated vs. accredited privacy / proxy providers<https://docs.google.com/document/d/1izpX2C-RrfAdRgRDwBO9tQuJIBA9Xt38p1MTJgQNDGI/edit> by Wednesday, 26 February COB. Specifically, if any EPDP Team members cannot live with the updated recommendation as proposed, please provide an alternate proposal to the list by Wednesday, 26 February COB. 4. For those EPDP Team members interested in participating in the small team discussion on automation use cases, please attend the meeting on Tuesday, 25 February at 14:00 UTC. EPDP Support Staff sent a calendar invite to the Team; if you did not receive the invite and would like to attend, please reach out to gnso-secs@icann.org<mailto:gnso-secs@icann.org>. EPDP Phase 2 - Meeting #43 Proposed Agenda Thursday, 20 February 2020 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (5 minutes) a. ICANN67 Update * The ICANN Board announced that ICANN67 will be a remote meeting. EPDP Team Feedback: * Would be helpful to ask groups to provide feedback following this announcement – it will likely be difficult to have a 10-hour meeting on a Saturday * There is value to F2F interactions – the location could be subject to discussion * Option that makes the most sense – two normal-sized meeting during ICANN67, and another meeting in May * 10-hour meeting on a Saturday is not viable b. ICANN Belgian DPA Update * See blog post<https://www.icann.org/news/blog/icann-meets-with-belgian-data-protection-authority> * Imperative that ICANN org and Janis provide more detail regarding the meeting with the Belgian DPA * Position of the roles of Janis and Georgios – Janis was there to present the work of the EPDP Team. * Question: was there any discussion on the DPA reviewing the Initial Report in detail and providing input during the public comment period, or input on the Final Report? * Blog post was very high level and did not seem to have anything actionable from the EPDP Team’s work * An important question that needed to be asked was the allocation of liability based on the allocation of processing * If there is not enough detail in the current draft recommendations, what does that mean? Does it mean there should be more details or are critical details being left to the implementation phase? Perhaps the Team should be more specific in its recommendations. It would be helpful if Janis could provide more detail in a future update. c. Update from legal committee * Legal Committee reviewed the previously-sent legal questions – decided the question regarding reverse look-ups should be removed from consideration since this topic is no longer part of the Initial Report * Recommended proceeding with the SSAC question re: representations b/w legal vs. natural. (Legal vs. Natural Question 2) * Did the legal committee consider the issue of instances where the inclusion of personal data is included within a legal person’s contact information? * Answer: yes * Legal Committee still reviewing additional questions * Reminder of the role of the legal committee – it is a representative group and approved questions will be sent to the EPDP Team as an FYI, but not for approval. All members of the EPDP Team may channel questions/concerns through their dedicated legal committee rep. 4. Timeline review<https://mm.icann.org/pipermail/gnso-epdp-team/2020-February/003076.html> and priority 2 worksheet compilation (20 minutes) a) Priority 2 worksheet compilation overview * EPDP Leadership and Support Staff have compiled the remaining Priority 2 issues, which includes both suggested dates when the Team will discuss the topic as well as leadership-proposed paths forward, where applicable. * The compilation includes links to the Priority 2 worksheets, which were populated as a result of small team calls. All EPDP Team members should review the Priority 2 worksheets in detail, as they include details regarding expected deliverables, required reading, etc. * Action: EPDP Team to review the compilation overview in detail and flag any concerns, alternative proposals, etc. EPDP Team members are encouraged to provide feedback in advance of the scheduled date for discussion. b) Consider input received to date c) EPDP team input d) Confirm volunteers for Automation Use Cases Small Team e) Confirm next steps 5. Display of information of affiliated vs. accredited privacy / proxy providers<https://docs.google.com/document/d/1izpX2C-RrfAdRgRDwBO9tQuJIBA9Xt38p1MTJgQNDGI/edit> (priority 2) (45 minutes) a. EPDP Team to review ICANN Org feedback * During Phase 1 deliberations, the EPDP Team was unsure whether one could tell if a domain name is a privacy or proxy registration by looking at the output. The answer to the question that the P/P recommendations would include a recommendation that would lead to a clear indication in the RDDS response if the registration was a P/P service. * This is a concern that all accredited P/P providers will be visible in RDDS – this has been addressed, and the recommendation as proposed by staff. * There is doubt that the accreditation program for these services is still needed – the recommendation should be that the PDP should be reopened to reassess the recommendations of that group * It’s a giant leap of faith to assume that P/P services will be deactivated b. Consider Support Staff proposed recommendation * No EPDP Team objections expressed on the call over Support Staff’s proposal for P/P services. * Action: EPDP Team to review the proposed recommendation in detail and flag objections on the list by Thursday, 27 February. c. Confirm next steps 6. Wrap and confirm next EPDP Team meeting (5 minutes): a. Thursday 27 February 2020 at 14.00 UTC (topics: data retention & feasibility of unique contacts to have a uniform anonymized email address) b. Confirm action items c. Confirm questions for ICANN Org, if any
All, I’m responding to action item #1 from the 20 Feb meeting to review the EPDP timetable (attached for reference). The 20 March target (with a 24 March last date possible) to publish an initial report addendum is less than a month away leaving us very little time to draft and agree on that addendum. The timetable has a meeting on 27 Feb followed by the ICANN 67 meetings (any official word yet on what will become of those?) and then a Mar 19 meeting (if necessary) before sending out the addendum. As the week before ICANN 67 is no longer a travel week, will there be a meeting added to the schedule for 5 March? The remaining timetable is dedicated to a review of public comments. I expect most (if not all) of these items to be raised in public comment, but I want to call them out. * Reporting: I recall in LA we agreed to table that discussion until after the initial report – the initial report has no mention of any reporting requirements – I suggest a new small group be formed to provide a recommendation to the plenary on what reports (if any) we want to recommend be produced by the SSAD * SLAs: The SLA section (Rec #9) is unfinished – the initial report specifically states that “A review mechanism will be further developed by the EPDP Team, but community input in response to the public comment period will be helpful.” – we have further work to do on SLAs * Financial Model: The Financial sustainability section (rec #15) is unfinished – we still need to understand the expected costs in developing, operationalizing and maintaining the SSAD which obviously impacts the cost/fee structure – This section ends with a placeholder * Charter questions: I recall that specifically answering the phase 2 charter questions was tabled until after the initial report was completed * Division of roles and responsibilities: this isn’t defined in the report – section 3.2 (page 14) notes that we will make a final determination of the division of roles and responsibilities after the public comment period * Mechanism for the evolution of SSAD: The initial report asks a lot of questions to help inform the working group, but regardless of the input we receive, this isn’t fully flushed out and needs work to finalize * Legal risk fund: this is mentioned in passing in Rec 15 but is not explained or addressed further Generally speaking I’m concerned that the successful implementation of an SSAD will require a lot of decisions to be made in implementation, but we aren’t clear on that in the initial report. If we don’t want these recommendations to take forever to implement, I think we need to be more prescriptive when/if we expect something to be worked out in implementation (for example, we don’t state how a controller will deliver disclosed data to a requestor, will this be done via the SSAD system, or will the controller somehow respond directly to the requestor). Given all the work remaining and the very short timetable, another F2F meeting should be on the table. I’m not necessarily advocating for or against one, but we should at least be contingency planning for one. Best, Marc From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> On Behalf Of Caitlin Tubergen Sent: Sunday, February 23, 2020 5:59 PM To: gnso-epdp-team@icann.org Subject: [EXTERNAL] [Gnso-epdp-team] Notes and action items - EPDP Meeting #43 - Thursday, 20 February 2020 Dear EPDP Team: Please find below the notes and action items from EPDP Meeting #43 on Thursday, 20 February 2020. As a reminder, the next plenary EPDP Team meeting will be Thursday, 27 February at 14:00 UTC. The small team of volunteers for automation use cases will meet on Tuesday, 25 February at 14:00 UTC. Thank you. Best regards, Marika, Berry, and Caitlin Action Items 1. EPDP Team to review the Priority 2 compilation overview and timetable<https://mm.icann.org/pipermail/gnso-epdp-team/2020-February/003076.html> in detail and flag any major scheduling concerns by Tuesday, 25 February. 2. EPDP Team members are encouraged to provide feedback on Priority 2 topics via the list in advance of the scheduled date(s) for discussion. 3. EPDP Team to review the EPDP Support Staff’s proposed updated recommendation for the display of information of affiliated vs. accredited privacy / proxy providers<https://docs.google.com/document/d/1izpX2C-RrfAdRgRDwBO9tQuJIBA9Xt38p1MTJgQNDGI/edit> by Wednesday, 26 February COB. Specifically, if any EPDP Team members cannot live with the updated recommendation as proposed, please provide an alternate proposal to the list by Wednesday, 26 February COB. 4. For those EPDP Team members interested in participating in the small team discussion on automation use cases, please attend the meeting on Tuesday, 25 February at 14:00 UTC. EPDP Support Staff sent a calendar invite to the Team; if you did not receive the invite and would like to attend, please reach out to gnso-secs@icann.org<mailto:gnso-secs@icann.org>. EPDP Phase 2 - Meeting #43 Proposed Agenda Thursday, 20 February 2020 at 14.00 UTC 1. Roll Call & SOI Updates (5 minutes) 2. Confirmation of agenda (Chair) 3. Welcome and housekeeping issues (Chair) (5 minutes) a. ICANN67 Update * The ICANN Board announced that ICANN67 will be a remote meeting. EPDP Team Feedback: * Would be helpful to ask groups to provide feedback following this announcement – it will likely be difficult to have a 10-hour meeting on a Saturday * There is value to F2F interactions – the location could be subject to discussion * Option that makes the most sense – two normal-sized meeting during ICANN67, and another meeting in May * 10-hour meeting on a Saturday is not viable b. ICANN Belgian DPA Update * See blog post<https://www.icann.org/news/blog/icann-meets-with-belgian-data-protection-authority> * Imperative that ICANN org and Janis provide more detail regarding the meeting with the Belgian DPA * Position of the roles of Janis and Georgios – Janis was there to present the work of the EPDP Team. * Question: was there any discussion on the DPA reviewing the Initial Report in detail and providing input during the public comment period, or input on the Final Report? * Blog post was very high level and did not seem to have anything actionable from the EPDP Team’s work * An important question that needed to be asked was the allocation of liability based on the allocation of processing * If there is not enough detail in the current draft recommendations, what does that mean? Does it mean there should be more details or are critical details being left to the implementation phase? Perhaps the Team should be more specific in its recommendations. It would be helpful if Janis could provide more detail in a future update. c. Update from legal committee * Legal Committee reviewed the previously-sent legal questions – decided the question regarding reverse look-ups should be removed from consideration since this topic is no longer part of the Initial Report * Recommended proceeding with the SSAC question re: representations b/w legal vs. natural. (Legal vs. Natural Question 2) * Did the legal committee consider the issue of instances where the inclusion of personal data is included within a legal person’s contact information? * Answer: yes * Legal Committee still reviewing additional questions * Reminder of the role of the legal committee – it is a representative group and approved questions will be sent to the EPDP Team as an FYI, but not for approval. All members of the EPDP Team may channel questions/concerns through their dedicated legal committee rep. 4. Timeline review<https://mm.icann.org/pipermail/gnso-epdp-team/2020-February/003076.html> and priority 2 worksheet compilation (20 minutes) a) Priority 2 worksheet compilation overview * EPDP Leadership and Support Staff have compiled the remaining Priority 2 issues, which includes both suggested dates when the Team will discuss the topic as well as leadership-proposed paths forward, where applicable. * The compilation includes links to the Priority 2 worksheets, which were populated as a result of small team calls. All EPDP Team members should review the Priority 2 worksheets in detail, as they include details regarding expected deliverables, required reading, etc. * Action: EPDP Team to review the compilation overview in detail and flag any concerns, alternative proposals, etc. EPDP Team members are encouraged to provide feedback in advance of the scheduled date for discussion. b) Consider input received to date c) EPDP team input d) Confirm volunteers for Automation Use Cases Small Team e) Confirm next steps 5. Display of information of affiliated vs. accredited privacy / proxy providers<https://docs.google.com/document/d/1izpX2C-RrfAdRgRDwBO9tQuJIBA9Xt38p1MTJgQNDGI/edit> (priority 2) (45 minutes) a. EPDP Team to review ICANN Org feedback * During Phase 1 deliberations, the EPDP Team was unsure whether one could tell if a domain name is a privacy or proxy registration by looking at the output. The answer to the question that the P/P recommendations would include a recommendation that would lead to a clear indication in the RDDS response if the registration was a P/P service. * This is a concern that all accredited P/P providers will be visible in RDDS – this has been addressed, and the recommendation as proposed by staff. * There is doubt that the accreditation program for these services is still needed – the recommendation should be that the PDP should be reopened to reassess the recommendations of that group * It’s a giant leap of faith to assume that P/P services will be deactivated b. Consider Support Staff proposed recommendation * No EPDP Team objections expressed on the call over Support Staff’s proposal for P/P services. * Action: EPDP Team to review the proposed recommendation in detail and flag objections on the list by Thursday, 27 February. c. Confirm next steps 6. Wrap and confirm next EPDP Team meeting (5 minutes): a. Thursday 27 February 2020 at 14.00 UTC (topics: data retention & feasibility of unique contacts to have a uniform anonymized email address) b. Confirm action items c. Confirm questions for ICANN Org, if any
participants (2)
-
Anderson, Marc -
Caitlin Tubergen