Good morning,

 

Thomas, I really like the idea of providing suggested wording which Registrars could use to inform their users of how to reach the RDRS. We should see about providing it in the various UN languages that ICANN translates things into.

 

I do not think (and you aren’t suggesting this, but want to mention it anyways) that Registrars should redirect a requestor to the RDRS after the requestor has already found the Registrar’s direct request submission path. That would be a waste of time or unnecessary, as the requestor would be sent from the Registrar to the RDRS and then right back to the registrar again.

 

Thanks,

 
 
-- 
Sarah Wyld, CIPP/E
 
Policy & Privacy Manager
Pronouns: she/they
 
swyld@tucows.com 

 

From: Thomas Rickert | rickert.law
Sent: March 19, 2023 1:40 PM
To: Sarah Wyld; Anderson,Marc via GNSO-EPDPP2-SmallTeam
Subject: Re: [GNSO-EPDPP2-SmallTeam] RDRS (née WDS) Reporting Points

 

Hi Sarah, all,

I like these points. 

 

We exchanged messages during one session at ICANN76 when I suggested that registrars should inform users about the existence of the RDRS and advise them that Art 6 I f GDPR-based requests should go through the RDRS. Maybe we could include in the reporting how many registrars have published such information on their websites where they take disclosure requests.

 

Our group could consider providing language that can serve as insporation for contracted parties that wish to inform their users.

 

Best,

Thomas  

 

 

 

Gesendet von Outlook für iOS

Von: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org> im Auftrag von Sarah Wyld <swyld@tucows.com>
Gesendet: Wednesday, March 15, 2023 9:13:30 PM
An: Anderson,Marc via GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam@icann.org>
Betreff: [GNSO-EPDPP2-SmallTeam] RDRS (née WDS) Reporting Points

 

Hello Team!

 

I hope those of you present in Cancun are having a great time, and those of you remaining at home are having less snow than we got here in Toronto this week!

 

I’ve been thinking about the data that will be included in the RDRS reporting and would like to suggest a couple additions to the list. I’m working off the 7 November 2022 addendum’s list of reporting points (page 4).

 

Suggestion 1: Number of Requests by Requestor (may be pseudonymized/anonymized if needed)

 

What if one requestor submits the majority of the requests? That may be helpful information for the Board.

 

To accompany this suggestion, I have reviewed the just-over-5000 disclosure requests which Tucows has received directly since we began tracking in early 2018. I found that a full 49% of those requests were submitted by AppDetex on behalf of one client. The next-largest requestor submitted only 3% of the total received. This suggests to me that an industry-wide system may also see itself dominated by one user, and if that is the case I think it should be identified and communicated to the Board.

 

Suggestion 2: Denial Rate by Reason Type

 

The Logging section of the WDS Design Paper includes disposition of requests, and “If denied, the reason for the denial”, so the RDRS will have information about why requests are denied -- but it’s not expected to report on them. I think this could also be valuable information; if a significant number of requests are denied because they lack basic information necessary to make a decision, that could mean there’s a failure of system design (why can an incomplete request be submitted?), while conversely if many requests are denied because what they lack is legal basis to receive the data, that may say something about the quality of requests being submitted.


With that said, I’m not entirely certain what room there is for modifying the reporting plans at this time, but I would think it should be possible and I hope this sparks some discussion!

 

Thank you,

 
 
-- 
Sarah Wyld, CIPP/E
 
Policy & Privacy Manager
Pronouns: she/they
 
swyld@tucows.com