Thanks, Kathy, And you are right, we keep circling back to old purposes and sometimes fail to ask the question why are we even doing this? Which somewhat highlights my issue with the examples Steve mentioned. And not to pick on those examples, we can sit back a few hours contemplating on the why and the how, but these are classic examples you easily can avoid with strategic privacy by design approach (there is a difference there compared to the original PbD). Theo On 7-3-2018 16:11, Kathy Kleiman wrote:
Hi Chuck,
I've removed Maguy from the list as it is a DT5 issue that I raise here. But is our "deliverable" ready for ICANN Compliance Review. In light of the issues that Theo has raised, the questions I am raising, have we done the tough work of trying to rethink our collection and processing of information to maximize the private of registrant data?? Are we engaged in a "privacy by design" process that is required by European law??
I see us asking questions about we (ICANN) does now, but not really why we do it, how it can be done better, how it is done when the data it not easily available (e.g., proxy), and whether direct access to the data is even needed by ICANN Compliance? Not whether they use it now, but how they might obtain it if circumstances were different. If we don't ask the hard questions, who will?
For ultimately, the question we get back to is how these answers involve the collection and processing of registrant data in the WHOIS/future RDS, right?
I object to sending "our deliverable" up to ICANN Contractual Compliance for review. Questions, yes, but our discussion document -- which is really a vague and ambiguous document with undefined terms -- to ICANN Contractual Compliance "for review" -- No. It is not the right or proper time for that, and we have not done the proper foundation on our side of options and alternatives.
Questions make a lot of sense -- but not documents. Our documents have not been approved by the team, much less the WG. They should not be going out to others. I really have to object.
BTW, isn't it the chain of data that we need to ask Compliance for -- if they need to contact the registrants, who can they obtain the data from?
Best, Kathy
On 3/7/2018 9:56 AM, Chuck wrote:
Maguy,
I will send you the final deliverable from the drafting team later today. Any input you have on that would be appreciated in the session on Saturday morning.
The overall question related to that is this: Does ICANN Compliance need to identify and contact registrants, registrars and registries to fulfill its responsibilities of monitoring and enforcing contract compliance with registrars and registries? If the answer is yes for any of these three categories, what are your objectives for identifying and/or contacting them and what are your expectations from those parties?
As you will see when I send the final deliverable, the DT was tasked with answering these same questions. So, one way for you to answer them will be to review the DT deliverable and see if our answers are correct from your perspective and let us know if we have left anything out.
As you have seen, Kathy sent an additional question: “/if ICANN Contractual Compliance wants to reach a registrant who uses a privacy service, how then would you go about getting the registrant contact data and reaching the registrant?/”
It is quite possible that additional questions will come up in the WG session on Saturday.
Chuck
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Maguy Serad *Sent:* Wednesday, March 7, 2018 6:35 AM *To:* Kathy Kleiman <kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org *Subject:* Re: [Gnso-rds-pdp-5] [Ext] Re: FW: FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Hello Kathy and Check –
Thank you for reaching out.
May I please suggest you compile a list of your questions on behalf of the subgroup and send my way. Will that be possible?
It will bring a structured approach to addressing your questions and most importantly, I won’t miss any questions in the string of emails or misunderstand one either.
I am not in PR yet Kathy. Please take a picture of the snow in DC w/spring flowers. I can imagine how beautiful that is.
Sorry Chuck not in Sheraton, but I commit to keeping the workout tradition!
Safe travels to all and see you in PR.
Maguy Serad
Vice President, Contractual Compliance
ICANN
12025 Waterfront Dr. Suite 300
Los Angeles, CA USA 90094-2536
*From: *Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> *Date: *Wednesday, March 7, 2018 at 5:57 AM *To: *"gnso-rds-pdp-5@icann.org <mailto:gnso-rds-pdp-5@icann.org>" <gnso-rds-pdp-5@icann.org <mailto:gnso-rds-pdp-5@icann.org>>, "Maguy.Serad" <maguy.serad@icann.org <mailto:maguy.serad@icann.org>> *Subject: *[Ext] Re: [Gnso-rds-pdp-5] FW: FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Hi Maguy, How's the weather in PR? It's snowing here in DC -- atop our spring flowers!
As Chuck pointed out, Steve and I are in the midst of a discussion with an RDS PDP WG subgroup. Can I add a small wrinkle to the question Steve asked yesterday? It is: /if ICANN Contractual Compliance wants to reach a registrant who uses a privacy service, how then would you go about getting the registrant contact data and reaching the registrant? / Many thanks, Kathy
On 3/6/2018 5:47 PM, Chuck wrote:
Maguy,
I am looking forward to seeing you in San Juan. If you are staying in the Sheraton, maybe we will see each other in the fitness center.
I was happy to see that you plan to attend the RDS PDP WG on Saturday morning. In preparation for that meeting we reconvened several drafting teams to answer the following questions regarding possible purposes for processing RDS data. One of those proposed purposes is ICANN Contractual Compliance. I am the coordinator for the team that is developing answers for that purpose, and I plan to send you our final deliverable tomorrow or early Thursday to facilitate feedback from you when the team presents its answers to the full WG in our meeting Saturday morning.
In the meantime, I want to call your attention to the following message from one our team members, Steve Metalitz in answer to another team member’s (Kathy Kleiman’s) question about why ICANN Compliance might need to contact a domain name registrant. Any feedback you or one of your Compliance Team members can provide us before or in our Saturday meaning would be greatly appreciated.
Chuck
*From:*Metalitz, Steven [mailto:met@msk.com] *Sent:* Tuesday, March 6, 2018 1:28 PM *To:* 'Chuck' <consult@cgomes.com><mailto:consult@cgomes.com>; gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org> *Subject:* RE: [Gnso-rds-pdp-5] FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
I think there could be a number of scenarios in which ICANN compliance would wish to contact the Registered Name Holder (a/k/a RNH) in order to verify registrar compliance with its obligations under the RAA, and/or investigate possible non-compliance. While it is true that the RNH is not a party to the RAA, RAA section 3.7 (entitled “Business Dealings Including with Registered Name Holders”) imposes a number of obligations involving registrar communication with RNHs. Compliance issues regarding these obligations include but are not limited to:
* Whether registrar made to RNH any of the representations prohibited by section 3.7.3; * Whether registrar received reasonable assurance of payment from RNH prior to activation of the Registered Name, or forgave or revoked the obligation to pay, contrary to section 3.7.4; * Whether RNH gave explicit consent to renewal of the registration as required by section 3.7.5; * Whether the RNH gave the consents required in section 3.7.7.5 or obtained the third-party individual consents required in section 3.7.7.6; * Whether the registrar took reasonable steps to investigate and/or to correct claimed contact information inaccuracies, pursuant to section 3.7.8, since many of such steps could require contact with the RNH.
Of course ICANN compliance would be far better situated than I to confirm the extent to which they would need to contact the RNH in these or other circumstances.
Steve
*image001*
*Steven J. Metalitz *|***Partner, through his professional corporation*
T: 202.355.7902 | met@msk.com<mailto:met@msk.com>
*Mitchell Silberberg & Knupp**LLP*|*www.msk.com**[msk.com]*<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.msk.com_&d=DwMD-g&c=...>
1818 N Street NW, 8th Floor, Washington, DC 20036
*_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Chuck *Sent:* Tuesday, March 06, 2018 12:25 PM *To:* gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org> *Subject:* [Gnso-rds-pdp-5] FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
We really need everyone to respond to this TODAY.
Steve – please note that we need you to respond to Kathy’s questions.
Chuck
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Chuck *Sent:* Monday, March 5, 2018 4:04 PM *To:* 'Kathy Kleiman' <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>>; gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org> *Subject:* Re: [Gnso-rds-pdp-5] Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review *Importance:* High
Thanks Kathy and Beth. I inserted comments in response to the edits and questions from Kathy and Beth in the attached file. I think most of the edits are not applicable to the DT task as I tried to explain in my comments.
Steve – I would appreciate it if you would answer Kathy’s questions about why ICANN Compliance would need to contact the registrant.
It seems to me that the decision we need to make is whether or not the registrant may need to be contacted by ICANN Compliance in some instances and to describe what the objective would be.
Chuck
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Monday, March 5, 2018 11:58 AM *To:* gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org> *Subject:* [Gnso-rds-pdp-5] Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Hi Chuck, Beth and All,
Attached is Chuck's document, as edited by me, and then by Beth. People seemed to be missing it, so let me recirculate. I have recommended edits to the answers to all three questions.
As Chuck confirmed below, this "Contractual Compliance" discussion is about the Registries and Registrars, not the Customer (Registrant). The Registries' and Registrars' contact data is known in many places and many ways to ICANN through signed agreements and other contact lists. The Registrant data -- the focus of our work in this RDS WG, right? -- does not appear to be implicated in this discussion at all.
Best, Kathy
-------- Forwarded Message --------
*Subject: *
Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
*Date: *
Mon, 5 Mar 2018 17:20:37 +0000
*From: *
Beth Bacon <bbacon@pir.org><mailto:bbacon@pir.org>
*To: *
gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org><gnso-rds-pdp-5@icann.org><mailto:gnso-rds-pdp-5@icann.org>
Hello all,
I made a few small edits to what Kathy contributed, but I do think that the bulk of the comments are more suited to broader RDS WG conversations rather than the narrow focus of DT5.
Thanks, Beth
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Chuck *Sent:* Monday, March 05, 2018 9:40 AM *To:* 'Kathy Kleiman' <kathy@kathykleiman.com><mailto:kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org> *Subject:* Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Kathy,
Please see my responses below.
Chuck
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Sunday, March 4, 2018 7:31 PM *To:* gnso-rds-pdp-5@icann.org<mailto:gnso-rds-pdp-5@icann.org> *Subject:* Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Hi Chuck and All,
Would it be possible to use a Google Doc? I think I used the most recent version of the DT5 document.
*/[Chuck Gomes] Our deliverable is due not later than Wednesday so I don’t think that we have time to switch now. Also, this is a very short document so I don’t understand the problem./*
I have to say that this document is very difficult for me to understand. Perhaps because the terms are ambiguous. "Contracted party" in ICANN generally means a registry and registrar. Is that how you are using it here?
*/[Chuck Gomes] For now yes, but in the future, there could be other contracted parties such as privacy/proxy providers depending on what policies are approved and implemented./*
Further, throughout the world, contractual compliance documents (often third party documents to the customer and involving how a customer's data is processed by vendors, for example) are being modified to ensure that the fundamental protections and rights provided by data protection laws to the customers (registrants, in our case) are protected fully and consistent with the purpose of that collection and processing.
*/[Chuck Gomes] How does this relate to the DT5 task? Do you have a specific suggestion for our answers to the three questions?/*
Here, we seem to be making the contractual compliance obligations of third parties to the customer/registrant subservient to other agreements. I think we may have it backwards, but I am, of course new to the group. (I have however, studied and written about the EU-US Privacy Shield -- happy to share the links).
*/[Chuck Gomes] All we are doing here is examining the contractual compliance issue to see if there is common understanding of it with the hope that the WG will then be better able to deliberate on whether it is a legitimate purpose for which some sort of processing is appropriate. I think you are reading way to much into what we are doing. Our focus is not on the contractual compliance obligations of third parties. Our focus for this deliverable is only on ICANN’s RDS needs for enforcing its contracts with domain name registrars and registries./*
Best regards, Kathy (with edited version of what I think is the most recent version of the document attached -- with Track Changes)
*/[Chuck Gomes] Is there supposed to be an attached redline version? If so, I didn’t receive it./*
On 3/2/2018 3:13 PM, Chuck wrote:
Thanks for the edits Steve.
I saved the redline version from Steve as version 2 of our deliverable. Does anyone have any more suggested edits? If so, please let us know by mid-day on Monday. Otherwise, I will assume that this is our final version for ICANN Contractual Compliance.
Who from this DT is going to be in Puerto Rico? It would be great if one of you could present our deliverable to the WG on Saturday morning. It could also be presented remotely.
Chuck
*From:* Metalitz, Steven [mailto:met@msk.com] *Sent:* Friday, March 2, 2018 9:04 AM *To:* 'Beth Bacon' <bbacon@pir.org><mailto:bbacon@pir.org>; 'Chuck' <consult@cgomes.com><mailto:consult@cgomes.com>; 'GNSO-RDS-pdp-5@icann.org<mailto:GNSO-RDS-pdp-5@icann.org>' <GNSO-RDS-pdp-5@icann.org><mailto:GNSO-RDS-pdp-5@icann.org> *Subject:* RE: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
And here are a few edits re the ICANN contractual compliance piece, mainly to indicate that (1) compliance issues other than RDS compliance might apply and (2) ICANN compliance may need to contact registrants as part of a compliance investigation. Perhaps we should run this document by ICANN compliance to get their perspective….
Steve
*image001*
*Steven J. Metalitz *|***Partner, through his professional corporation*
T: 202.355.7902 | met@msk.com<mailto:met@msk.com>
*Mitchell Silberberg & Knupp**LLP*|*www.msk.com**[msk.com]*<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.msk.com_&d=DwMD-g&c=...>
1818 N Street NW, 8th Floor, Washington, DC 20036
*_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
*From:*Metalitz, Steven *Sent:* Friday, March 02, 2018 11:46 AM *To:* 'Beth Bacon'; Chuck; GNSO-RDS-pdp-5@icann.org<mailto:GNSO-RDS-pdp-5@icann.org> *Subject:* RE: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Thanks for getting the ball rolling Beth. See my edits/comments in attached.
*image001*
*Steven J. Metalitz *|***Partner, through his professional corporation*
T: 202.355.7902 | met@msk.com<mailto:met@msk.com>
*Mitchell Silberberg & Knupp**LLP*|*www.msk.com**[msk.com]*<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.msk.com_&d=DwMD-g&c=...>
1818 N Street NW, 8th Floor, Washington, DC 20036
*_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
*From:*Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Beth Bacon *Sent:* Friday, March 02, 2018 11:22 AM *To:* Chuck; GNSO-RDS-pdp-5@icann.org<mailto:GNSO-RDS-pdp-5@icann.org> *Subject:* Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Hello Team,
Please see my edits and comments in the attached. Please feel free to argue with me about my comments and questions. I’ve missed a few of the calls this month so my questions may be based on incorrect assumptions. I don’t have any edits to the compliance document.
Looking forward to seeing you in PR.
Best, Beth
*From:* Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Chuck *Sent:* Friday, March 02, 2018 11:00 AM *To:* GNSO-RDS-pdp-5@icann.org<mailto:GNSO-RDS-pdp-5@icann.org> *Subject:* [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review *Importance:* High
I have only heard from one team member so far and she plans to respond today. I sure hope the rest of you can respond today as well. I understand how much is going on including ICANN’s posting of the latest info on the GDPR memo, but please try to spend 30 minutes or so today and provide your initial input on these two documents so that we can have an email discussion about them over the weekend and on Monday.
Chuck
*From:* Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] *On Behalf Of *Chuck *Sent:* Thursday, March 1, 2018 9:01 AM *To:* GNSO-RDS-pdp-5@icann.org<mailto:GNSO-RDS-pdp-5@icann.org> *Subject:* [Gnso-rds-pdp-5] DT5 Answers to Questions - First Draft for DT Review *Importance:* High
It would be very helpful if each of you could review and provide any first thoughts you have on the following two drafts TODAY. Note that the first one is less than two pages and the second is only about half a page.
Chuck
_______________________________________________
Gnso-rds-pdp-5 mailing list
Gnso-rds-pdp-5@icann.org<mailto:Gnso-rds-pdp-5@icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5
_______________________________________________
Gnso-rds-pdp-5 mailing list
Gnso-rds-pdp-5@icann.org<mailto:Gnso-rds-pdp-5@icann.org>
_______________________________________________ Gnso-rds-pdp-5 mailing list Gnso-rds-pdp-5@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5
