Hi Sarah, all, I like these points. We exchanged messages during one session at ICANN76 when I suggested that registrars should inform users about the existence of the RDRS and advise them that Art 6 I f GDPR-based requests should go through the RDRS. Maybe we could include in the reporting how many registrars have published such information on their websites where they take disclosure requests. Our group could consider providing language that can serve as insporation for contracted parties that wish to inform their users. Best, Thomas Gesendet von Outlook für iOS<https://aka.ms/o0ukef> ________________________________ Von: GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam-bounces@icann.org> im Auftrag von Sarah Wyld <swyld@tucows.com> Gesendet: Wednesday, March 15, 2023 9:13:30 PM An: Anderson,Marc via GNSO-EPDPP2-SmallTeam <gnso-epdpp2-smallteam@icann.org> Betreff: [GNSO-EPDPP2-SmallTeam] RDRS (née WDS) Reporting Points Hello Team! I hope those of you present in Cancun are having a great time, and those of you remaining at home are having less snow than we got here in Toronto this week! I’ve been thinking about the data that will be included in the RDRS reporting and would like to suggest a couple additions to the list. I’m working off the 7 November 2022 addendum<https://gnso.icann.org/sites/default/files/policy/2022/correspondence/ducos-to-gnso-council-07nov22-en.pdf>’s list of reporting points (page 4). Suggestion 1: Number of Requests by Requestor (may be pseudonymized/anonymized if needed) What if one requestor submits the majority of the requests? That may be helpful information for the Board. To accompany this suggestion, I have reviewed the just-over-5000 disclosure requests which Tucows has received directly since we began tracking<https://opensrs.com/blog/tiered-access-update-policy-check-in-and-updated-st...> in early 2018. I found that a full 49% of those requests were submitted by AppDetex on behalf of one client. The next-largest requestor submitted only 3% of the total received. This suggests to me that an industry-wide system may also see itself dominated by one user, and if that is the case I think it should be identified and communicated to the Board. Suggestion 2: Denial Rate by Reason Type The Logging section of the WDS Design Paper includes disposition of requests, and “If denied, the reason for the denial”, so the RDRS will have information about why requests are denied -- but it’s not expected to report on them. I think this could also be valuable information; if a significant number of requests are denied because they lack basic information necessary to make a decision, that could mean there’s a failure of system design (why can an incomplete request be submitted?), while conversely if many requests are denied because what they lack is legal basis to receive the data, that may say something about the quality of requests being submitted. With that said, I’m not entirely certain what room there is for modifying the reporting plans at this time, but I would think it should be possible and I hope this sparks some discussion! Thank you, -- Sarah Wyld, CIPP/E Policy & Privacy Manager Pronouns: she/they swyld@tucows.com<mailto:swyld@tucows.com>