For your review - revised language re. Geographic application
Dear All, Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest. Best regards, Caitlin, Berry and Marika Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
Marika and team - Still reviewing, but please add point 7 to the list of contrary arguments against differentiation. RDS policies should be as unified as possible. Domain names in the same TLDs should not have different WHOIS/RDS outputs based on circumstances their registration (registrant, registrar, involved processors) but rather present the same level of detail for all registrations. This argument was made multiple times during the WHOIS/RDS RT2 deliberations by both Alan G other non-contracted members K when reviewing issues involving dissimilar WHOIS/RDS outputs resulting from the 2013 RAA grandfathering rules, so I assume that this position will be broadly supported by the ePDP. Thanks— J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Marika Konings <marika.konings@icann.org> Date: Friday, November 9, 2018 at 09:34 To: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: [Gnso-epdp-team] For your review - revised language re. Geographic application Dear All, Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest. Best regards, Caitlin, Berry and Marika Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org> wrote:
Dear All,
Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest.
Best regards,
Caitlin, Berry and Marika
Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings@icann.org
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our [interactive courses](https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...) and visiting the [GNSO Newcomer pages](https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...).
Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible. J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Ayden Férdeline <icann@ferdeline.com> Reply-To: Ayden Férdeline <icann@ferdeline.com> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org> wrote: Dear All, Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest. Best regards, Caitlin, Berry and Marika Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
I agree with Ayden and James. As the term „over-application“ is not a legal term, there is the risk that it is understood as conveying a (negative) value judgement. In our report, we should rather present diverging views in an unbiased fashion. Kind regards, Thomas
Am 09.11.2018 um 17:11 schrieb James M. Bladel <jbladel@godaddy.com <mailto:jbladel@godaddy.com>>:
Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible.
J.
------------- James Bladel GoDaddy
From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org <mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com>> Reply-To: Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com>> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> Cc: "gnso-epdp-team@icann.org <mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org <mailto:gnso-epdp-team@icann.org>> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application
I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines.
Best wishes, Ayden Férdeline
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> wrote:
Dear All,
Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest.
Best regards,
Caitlin, Berry and Marika
Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org <mailto:marika.konings@icann.org>
Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org <mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
I agree with Ayden and James. As the term „over-application“ is not a legal term, there is the risk that it is understood as conveying a (negative) value judgement. In our report, we should rather present diverging views in an unbiased fashion. Kind regards, Thomas
Am 09.11.2018 um 17:11 schrieb James M. Bladel <jbladel@godaddy.com <mailto:jbladel@godaddy.com>>:
Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible.
J.
------------- James Bladel GoDaddy
From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org <mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com>> Reply-To: Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com>> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> Cc: "gnso-epdp-team@icann.org <mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org <mailto:gnso-epdp-team@icann.org>> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application
I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines.
Best wishes, Ayden Férdeline
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> wrote:
Dear All,
Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest.
Best regards,
Caitlin, Berry and Marika
Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org <mailto:marika.konings@icann.org>
Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses <https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages <https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>.
_______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org <mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team <https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
Dear Ayden and James, We have read your input and respect it but applying privacy and data protection laws involves balance. As the GDPR states, "the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights." Those other fundamental rights include the rights to personal security, rights to protect one's creations, rights to be free from sexual exploitation and a host of other rights and interests, as you certainly appreciate. For example, we heard in Barcelona from a Swedish law enforcement official that redaction of WHOIS data is impeding his unit's investigations into child sexual exploitation. It seems to us, your approach is not adequately taking into account the fundamental balance of competing rights that need to be weighed in striking an appropriate application of privacy law. We all value privacy rights but other rights must also be considered in balance, and although we may have different views from yours on the issue at hand, we feel just as strongly about ethical standards and ensuring those standards are met. We agree with James' statement that there is no such concept as "over-compliance" within privacy law--the accurate language, as written in our text is "over-application" rather than "over-compliance." Moreover, we point out that policy recommendations do not warrant the use of legal terms but descriptive language. There is legal and general definitional meaning of “over-application, ” but for full clarity purposes, we will amend our comments to: “misapplication of the GDPR specifically, and relevant data protection laws.” Lastly, we point out, as Milton stated at the end of our last team call, we should not be editing other group’s comments. Therefore, while we will edit the above-noted language to take into account your sentiments, the intent and meaning of our comments should not be changed. Sincerely, Diane Diane Plaut General Counsel and Privacy Officer [cid:image001.png@01D3CA70.18FC1D40] Direct +1 646-899-2806 diane.plaut@corsearch.com<mailto:diane.plaut@corsearch.com> 220 West 42nd Street, 11th Floor, New York, NY 10036, United States www.corsearch.com<http://www.corsearch.com/> Join Corsearch on Twitter<https://twitter.com/corsearch> Linkedin<https://www.linkedin.com/company/2593860/> Trademarks + Brands<http://trademarksandbrands.corsearch.com/> Customer Service/Platform Support: 1 800 SEARCH1™ (1 800 732 7241) Corsearch.USCustomerService@corsearch.com<mailto:Corsearch.USCustomerService@corsearch.com> Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession. From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Thomas Rickert <epdp@gdpr.ninja> Date: Friday, November 9, 2018 at 12:29 PM To: "James M. Bladel" <jbladel@godaddy.com> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I agree with Ayden and James. As the term „over-application“ is not a legal term, there is the risk that it is understood as conveying a (negative) value judgement. In our report, we should rather present diverging views in an unbiased fashion. Kind regards, Thomas Am 09.11.2018 um 17:11 schrieb James M. Bladel <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>: Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible. J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>> Reply-To: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Cc: "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: Dear All, Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest. Best regards, Caitlin, Berry and Marika Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team<https://mm.icann.org/mailman/listinfo/gnso-epdp-team>
Diane and team – I’m much more comfortable with the term “over-application” versus “over-compliance.” The former has some basis in aligning the policy to the law. The latter speaks to the risk tolerance of any given Contracted Party. Cheers— J. ------------- James Bladel GoDaddy From: "Plaut, Diane" <Diane.Plaut@corsearch.com> Date: Friday, November 9, 2018 at 16:05 To: Thomas Rickert <epdp@gdpr.ninja>, "James M. Bladel" <jbladel@godaddy.com>, Alex Deacon <alex@colevalleyconsulting.com>, "Mark Svancarek (CELA)" <marksv@microsoft.com>, Margie Milam <margiemilam@fb.com>, Steve DelBianco <sdelbianco@netchoice.org>, "King, Brian" <brian.king@markmonitor.com> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application Dear Ayden and James, We have read your input and respect it but applying privacy and data protection laws involves balance. As the GDPR states, "the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights." Those other fundamental rights include the rights to personal security, rights to protect one's creations, rights to be free from sexual exploitation and a host of other rights and interests, as you certainly appreciate. For example, we heard in Barcelona from a Swedish law enforcement official that redaction of WHOIS data is impeding his unit's investigations into child sexual exploitation. It seems to us, your approach is not adequately taking into account the fundamental balance of competing rights that need to be weighed in striking an appropriate application of privacy law. We all value privacy rights but other rights must also be considered in balance, and although we may have different views from yours on the issue at hand, we feel just as strongly about ethical standards and ensuring those standards are met. We agree with James' statement that there is no such concept as "over-compliance" within privacy law--the accurate language, as written in our text is "over-application" rather than "over-compliance." Moreover, we point out that policy recommendations do not warrant the use of legal terms but descriptive language. There is legal and general definitional meaning of “over-application, ” but for full clarity purposes, we will amend our comments to: “misapplication of the GDPR specifically, and relevant data protection laws.” Lastly, we point out, as Milton stated at the end of our last team call, we should not be editing other group’s comments. Therefore, while we will edit the above-noted language to take into account your sentiments, the intent and meaning of our comments should not be changed. Sincerely, Diane Diane Plaut General Counsel and Privacy Officer [cid:image001.png@01D3CA70.18FC1D40] Direct +1 646-899-2806 diane.plaut@corsearch.com<mailto:diane.plaut@corsearch.com> 220 West 42nd Street, 11th Floor, New York, NY 10036, United States www.corsearch.com<http://www.corsearch.com/> Join Corsearch on Twitter<https://twitter.com/corsearch> Linkedin<https://www.linkedin.com/company/2593860/> Trademarks + Brands<http://trademarksandbrands.corsearch.com/> Customer Service/Platform Support: 1 800 SEARCH1™ (1 800 732 7241) Corsearch.USCustomerService@corsearch.com<mailto:Corsearch.USCustomerService@corsearch.com> Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession. From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Thomas Rickert <epdp@gdpr.ninja> Date: Friday, November 9, 2018 at 12:29 PM To: "James M. Bladel" <jbladel@godaddy.com> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I agree with Ayden and James. As the term „over-application“ is not a legal term, there is the risk that it is understood as conveying a (negative) value judgement. In our report, we should rather present diverging views in an unbiased fashion. Kind regards, Thomas Am 09.11.2018 um 17:11 schrieb James M. Bladel <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>: Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible. J. ------------- James Bladel GoDaddy From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org<mailto:gnso-epdp-team-bounces@icann.org>> on behalf of Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>> Reply-To: Ayden Férdeline <icann@ferdeline.com<mailto:icann@ferdeline.com>> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Cc: "gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>" <gnso-epdp-team@icann.org<mailto:gnso-epdp-team@icann.org>> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines. Best wishes, Ayden Férdeline ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: Dear All, Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest. Best regards, Caitlin, Berry and Marika Marika Konings Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...> and visiting the GNSO Newcomer pages<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...>. _______________________________________________ Gnso-epdp-team mailing list Gnso-epdp-team@icann.org<mailto:Gnso-epdp-team@icann.org> https://mm.icann.org/mailman/listinfo/gnso-epdp-team
Hi Diane, I agree that privacy rights are not absolute, because of course they are not. But a balancing test must be completed proportionately against other rights. Whilst the example you cite of child sexual exploitation sounds very urgent and emotive and is something that no one in this working group would support, it is also something that can be resolved today. Registration data might not be public, but it has not been deleted. I doubt there are any contracted parties who would refuse to cooperate with legitimate law enforcement agencies investigating cases of child sexual exploitation. Finally, if it is language that has been proposed by the BC and IPC, then it should be clearly presented as such in the initial report, just like language proposed by the NCSG has been labelled. I note this because the text that I took objection to in my initial email offered no attribution of authorship. Rather, it could lead the reader to believe that it is the EPDP team’s position that the “GDPR should not be over-applied.” Many thanks, Ayden ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 9 November 2018 23:05, Plaut, Diane <Diane.Plaut@corsearch.com> wrote:
Dear Ayden and James,
We have read your input and respect it but applying privacy and data protection laws involves balance. As the GDPR states, "the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights." Those other fundamental rights include the rights to personal security, rights to protect one's creations, rights to be free from sexual exploitation and a host of other rights and interests, as you certainly appreciate. For example, we heard in Barcelona from a Swedish law enforcement official that redaction of WHOIS data is impeding his unit's investigations into child sexual exploitation. It seems to us, your approach is not adequately taking into account the fundamental balance of competing rights that need to be weighed in striking an appropriate application of privacy law. We all value privacy rights but other rights must also be considered in balance, and although we may have different views from yours on the issue at hand, we feel just as strongly about ethical standards and ensuring those standards are met. We agree with James' statement that there is no such concept as "over-compliance" within privacy law--the accurate language, as written in our text is "over-application" rather than "over-compliance." Moreover, we point out that policy recommendations do not warrant the use of legal terms but descriptive language. There is legal and general definitional meaning of “over-application, ” but for full clarity purposes, we will amend our comments to: “misapplication of the GDPR specifically, and relevant data protection laws.” Lastly, we point out, as Milton stated at the end of our last team call, we should not be editing other group’s comments. Therefore, while we will edit the above-noted language to take into account your sentiments, the intent and meaning of our comments should not be changed.
Sincerely,
Diane
Diane Plaut
General Counsel and Privacy Officer
[cid:image001.png@01D3CA70.18FC1D40]
Direct +1 646-899-2806 diane.plaut@corsearch.com
220 West 42nd Street, 11th Floor, New York, NY 10036, United States [www.corsearch.com](http://www.corsearch.com/)
Join Corsearch on [Twitter](https://twitter.com/corsearch) [Linkedin](https://www.linkedin.com/company/2593860/) [Trademarks + Brands](http://trademarksandbrands.corsearch.com/)
Customer Service/Platform Support: 1 800 SEARCH1™ (1 800 732 7241) Corsearch.USCustomerService@corsearch.com
Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession.
From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Thomas Rickert <epdp@gdpr.ninja> Date: Friday, November 9, 2018 at 12:29 PM To: "James M. Bladel" <jbladel@godaddy.com> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application
[I agree with Ayden and James. ]
As the term „over-application“ is not a legal term, there is the risk that it is understood as conveying a (negative) value judgement. In our report, we should rather present diverging views in an unbiased fashion.
Kind regards,
Thomas
Am 09.11.2018 um 17:11 schrieb James M. Bladel <jbladel@godaddy.com>:
Agree with Ayden, there is no such concept as “over-compliance” with the law. And I recommend replacing the specific (GDPR) with the generic (Data Protection law/requirements) wherever possible.
J.
-------------
James Bladel
GoDaddy
From: Gnso-epdp-team <gnso-epdp-team-bounces@icann.org> on behalf of Ayden Férdeline <icann@ferdeline.com> Reply-To: Ayden Férdeline <icann@ferdeline.com> Date: Friday, November 9, 2018 at 10:09 To: Marika Konings <marika.konings@icann.org> Cc: "gnso-epdp-team@icann.org" <gnso-epdp-team@icann.org> Subject: Re: [Gnso-epdp-team] For your review - revised language re. Geographic application
I take objection to the first bullet point that says the "GDPR should not be over-applied." While the law may set forward minimum standards of behaviour, ethical duties and obligations do not always neatly correspond, and I believe it is our responsibility to make decisions that are ethical, and not only strictly legal. I appreciate Alan Greenberg wrote on our list several days ago to say we may have differing opinions on what is ethical and what is not, and I do not dispute that. Of course there is a degree of subjectivity here, though I would also say it isn't actually all that fuzzy. We should not need laws and regulations to guide our actions, but a moral compass that tells us we should not violate the rights of others just because we can get away with it. All domain name registrants should be entitled to privacy protections, not just those in jurisdictions with data protection regulations backed by fines.
Best wishes,
Ayden Férdeline
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, 9 November 2018 16:34, Marika Konings <marika.konings@icann.org> wrote:
Dear All,
Please find attached for your review the proposed language in relation to geographic application for inclusion in the Initial Report, based on the input that has been received to date. Staff accepted the redlines of the previous version so the redlines on page 1-2 are the edits that have been made based on the discussions to date as well as edits suggested (in the subsequent pages you can find the original draft as well as input received). Please share any further comments you made have with the mailing list by Monday 12 November at the latest.
Best regards,
Caitlin, Berry and Marika
Marika Konings
Vice President, Policy Development Support – GNSO, Internet Corporation for Assigned Names and Numbers (ICANN)
Email: marika.konings@icann.org
Follow the GNSO via Twitter @ICANN_GNSO
Find out more about the GNSO by taking our [interactive courses](https://urldefense.proofpoint.com/v2/url?u=http-3A__learn.icann.org_courses_...) and visiting the [GNSO Newcomer pages](https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_sites_gns...).
_______________________________________________ Gnso-epdp-team mailing listGnso-epdp-team@icann.org https://mm.icann.org/mailman/listinfo/gnso-epdp-team
participants (5)
-
Ayden Férdeline -
James M. Bladel -
Marika Konings -
Plaut, Diane -
Thomas Rickert