That is an excellent recap, thanks.

However this does not cover the new EU regulations and this is starting to become an issue the further we move in time.

Back in the day when I made the legal analysis based on the recommendations, there was not much of an issue. If we as a wholesale Registrar require explicit consent then we actually need to chase down like 400k registrants.

Now there are several solutions here. Just thought I point out this possible barrier that might slow down our migration. We'll see what the GNSO comes up with.

Thanks,

Theo Geurts


Fabien Betremieux schreef op 2016-07-08 12:29 AM:

Dear IRT Members,

Please find below the notes Erika Mann referred to in our discussion
on 30 June.

Best Regards

--
Fabien Betremieux
Sr. Registry Services & Engagement Manager
Global Domains Division, ICANN

PRIVACY SHIELD

* Commissioner Ansip and Jourova will explain status to European
Commissioners on July 5
* Internal EU Member States adoption under written procedure is
expected on July 11
* Austria is still not happy about the agreement and Germany raised
new concern but it's expected that Germany will support the
agreement
* Commissioner Jourova and Pritzker will formally sign on July 12
* Companies can in theory sign on from July 13 although the USG
will need until "autumn" to set up the system to allow companies to
start self-certifying. Pritzker will give more information on this
process on July 12
* "Our legal people would have preferred to spend more time but it
is time to conclude." Already three Safe Harbour companies have been
fined in Germany
* The new adequacy agreement includes a review clause, means that
the doc will be a 'living doc'. The EC and USG agreed to further
monitor "automated decision making".
* The first workshop on implementation of GDPR will be co-hosted
with Art 29 and take place on July 26-27. Ansip encouraged industry
participation.

* What is new?

* Clarity on Ombudsperson including on its autonomy
*  USG access to bulk data for national security reasons
* Companies' obligation to delete (this was only implicit before
* Clear data retention obligations on companies to delete what is
not necessary
* Clarity on onwards transfer
* PS will require strict compliance with self-certification needed
annually
* Companies can voluntarily provide transparency reports to
demonstrate that USG requests are "within limits"
* PS' effective redress mechanisms will apply to all transatlantic
transfer mechanisms which is even more important given the new
Ireland case
* Commissioner Jourova expect many thousands of companies to sign
on including new ones
* The adoption of the PS adequacy decision is not the end. The EC
will continue to monitor authorities and companies
* PS includes new elements of relevance to the Ireland case,
notably the Ombudsperson and independent investigatory authorities
in the U.S.  Commission expect the USG to present these new features
to the Irish High Court
* Companies can chose between dispute settlement with European DPAs
or arbitration system in the U.S. He strongly encouraged the former.

Link to leaked PS text [1].

Links:
------
[1]
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.politico.eu_wp-2Dcontent_uploads_2016_06_Privacy-2Dshield-2Dtext-2Dfor-2Dopinion-2Dand-2Dannexes.pdf&d=CwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=4dtdp_msuCJBqD11_KMJzg&m=2T41VZ0O1X__6axcoUFXjYDQNcPUspTTMpFkI8g7awo&s=KpBg9K02C3hO6s_GmJaLpgjjx8g9PjB3HKZYwRjCLq4&e=
_______________________________________________
Gnso-impl-thickwhois-rt mailing list
Gnso-impl-thickwhois-rt@icann.org
https://mm.icann.org/mailman/listinfo/gnso-impl-thickwhois-rt