Amr, I am clearly not ICANN legal staff, but I will take a stab at this, and it is basically the same comment I made during the last call. At this stage, we are obliged to come up with a plan based on our best understanding of the tasks. It is possible that the legal review will introduce something new that we have not taken into account, and that could alter, delay or even cancel the entire project. I don't think we have much choice but to plan for what we know now, and adjust as necessary if and when the situation changes.

The alternative is to defer doing anything until the legal review is over that could add a lot of time to the overall process if no or easily rectifiable stumbling blocks are uncovered. What is at risk here is ICANN (and to a much lesser extent this IRT) doing work that later need to be redone or altered. In my mind, a reasonable risk. This is no different from any business decision made without full knowledge of all possible issues (ie the norm!).

Alan

At 13/08/2014 11:27 AM, Amr Elsadr wrote:

Hi,

I?d like to revisit two of the topics discussed during the last IRT call; the legal review, and the level of detail of the current plan to address the different implementation tasks (but actually that specific to the legal review).

The third recommendation of the ?thick? WHOIS PDP WG was:

"As part of the implementation process a legal review of law applicable to the transition of data from a thin to thick model that has not already been considered in the EWG memo is undertaken and due consideration is given to potential privacy issues that may arise from the discussions on the transition from thin to thick Whois, including, for example, guidance on how the long-standing contractual requirement that registrars give notice to, and obtain consent, from each registrant for uses of any personally identifiable data submitted by the registrant should apply to registrations involved in the transition. Should any privacy issues emerge from these transition discussions that were not anticipated by the WG and which would require additional policy consideration, the Implementation Review Team is expected to notify the GNSO Council of these so that appropriate action can be taken."

I?m curious considering the IRT?s proposed schedule to address the legal review between July and November of 2014. Is there a plan to address this recommendation, and if so, what are the details?

This was probably the most controversial topic of discussion during the WG?s deliberations, and unfortunately remained unresolved. The idea (if I recall correctly) was for the legal review to take action to mitigate any potential conflicts between the implementation of the ?thick? WHOIS policy and legal jurisdictions with strict privacy and data protection laws. This, I believe, was true for both ?data at rest? and ?data at motion?. I personally felt it was even more relevant concerning ?data at motion? since implementation of a ?thick? WHOIS policy will require a great deal of registrant data being transferred across legal jurisdictions for both existing ?thin? gTLD registries as well as all future gTLD registries in subsequent rounds of new gTLDs in the future.

Any insight on how this is being handled would be really appreciated at this point, especially from ICANN legal staff, who I assume have a significant role in implementing this recommendation.

Thanks.

Amr
_______________________________________________
Gnso-impl-thickwhois-rt mailing list
Gnso-impl-thickwhois-rt@icann.org
https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt