Also note that our goal is not to reach consensus.   That would be nice, but it is not necessary.  The goal is to surface the issues so that when we deliberate on the purpose we will have a head start on the issues to consider.

Chuck

Agreed Farell,

Another complicating factor is, these data protection laws operate on principles.

I have been a member of the International Association of Privacy Professionals (IAPP.ORG) for half a year now, the edge cases that pop up on the discussion list, it is mental sometimes.

One of my favorites, is the one, that goes like: A European goes to a hospital in New York, does the GDPR apply?
After 80 (could have been more) in-depth email exchanges on the list by privacy professionals, our answer is: it depends.

And we will run into these issues also when get to discuss the purposes and view that from a data protection principle and the GDPR.

Theo

Hello Theo,

 

You are very right about this separation. Most of the time it's this confusion that makes us keep circling in addition to the fact, sometimes, members of this PDP WG argue as if they were not ICANN, but actually everything we are doing now should be done as if we were ICANN and we have to propose inputs for drafting policies that will be applied to the community: how would we do that efficiently (not if we were running the business for our own profits)?

 

I just want to point out that all purposes stated, according to the procedure we have been following so far, are possible reasons for collecting and not definitive - as there will still be a moment in the future for that (whether to keep some purposes or not.)

 

Coming from the telecommunication regulatory area, I endorse the fact that different types of data need to be collected for a regulatory purpose: but how the data should be collected who can collect the data and how to process the data are separate things that rely among others on each national legal framework or jurisdiction. Not allowing or giving the possibility to collect some data at an earlier stage may render the task infeasible for some legal purposes, I guess. Of course, ICANN is not a regulatory agency in this context, but if contracts that bind it to the registrars are not applicable according to national regulatory agencies, it may pose a problem. 

 

I may miss something but it may for we ICANN to open some possibilities that can be locked by national jurisdiction than locking some rules that national authorities would require as no go. (Juts thinking)

 

I hope to see you all again in San Juan at the Saturday meeting.

 

Le mer. 7 mars 2018 à 16:26, theo geurts <gtheo@xs4all.nl> a écrit :

Chuck we might want to separate it?

-From contractual compliance, be it audits, or complaints filed by registrants, registrars, can demonstrate compliance towards ICANN compliance, where ICANN compliance does not have to reach out to registrants.

-Does ICANN compliance need to contact registrants? Only when they need to check up on registrants who filed a complaint.

I think that is the distinction.

But it is still good to let Maguy weigh in as I am not the all-seeing eye here ;)  I can only observe on my experience as a registrar.

Theo

 

On 7-3-2018 16:00, Chuck wrote:

Theo,

 

On the one hand you seem to agree that ICANN Compliance may need to contact registrants but then you seem to say that they would not need to do that for the questions Steve listed?  Am I correct on that?  If so, what would be the objectives of contacting the registrants?

 

All – should we add the questions Steve lists as examples in response to Q2?

 

Chuck

 

From: theo geurts [mailto:gtheo@xs4all.nl]
Sent: Wednesday, March 7, 2018 6:23 AM
To: Metalitz, Steven <met@msk.com>; 'Chuck' <consult@cgomes.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review

 

Steve,

If a registrant files a complaint, I think it is normal that compliance would follow up somewhere in the process with the registrant if required.

The examples you mention, I am not sure why they are even in the RAA 2013, and I do not see why compliance should contact registrants regarding the below.  They can check with the Registrar, and they do audit registrars on this. We can handle this audits with the below criteria in a GDPR compliant manner.

Thanks,

Theo

On 6-3-2018 22:27, Metalitz, Steven wrote:

            I think there could be a number of scenarios in which ICANN compliance would wish to contact the Registered Name Holder (a/k/a RNH) in order to verify registrar compliance with its obligations under the RAA, and/or investigate possible non-compliance.  While it is true that the RNH is not a party to the RAA, RAA section 3.7 (entitled “Business Dealings Including with Registered Name Holders”) imposes a number of obligations involving registrar communication with RNHs.  Compliance issues regarding these obligations include but are not limited to: 

·         Whether registrar made to RNH any of the representations prohibited by section 3.7.3;

·         Whether registrar received reasonable assurance of payment from RNH prior to activation of the Registered Name, or forgave or revoked the obligation to pay, contrary to section 3.7.4;

·         Whether RNH gave explicit consent to renewal of the registration as required by section 3.7.5;

·         Whether the RNH gave the consents required in section 3.7.7.5 or obtained the third-party individual consents required in section 3.7.7.6;

·         Whether the registrar took reasonable steps to investigate and/or to correct claimed contact information inaccuracies, pursuant to section 3.7.8, since many of such steps could require contact with the RNH.      

Of course ICANN compliance would be far better situated than I to confirm the extent to which they would need to contact the RNH in these or other circumstances. 

Steve

 

Steven J. Metalitz | Partner, through his professional corporation

T: 202.355.7902 | met@msk.com

Mitchell Silberberg & Knupp LLP | www.msk.com

1818 N Street NW, 8th Floor, Washington, DC 20036

 

THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Tuesday, March 06, 2018 12:25 PM
To: gnso-rds-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] FW: Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review

 

We really need everyone to respond to this TODAY.

 

Steve – please note that we need you to respond to Kathy’s questions.

 

Chuck

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Monday, March 5, 2018 4:04 PM
To: 'Kathy Kleiman' <kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review
Importance: High

 

Thanks Kathy and Beth.  I inserted comments in response to the edits and questions from Kathy and Beth in the attached file.  I think most of the edits are not applicable to the DT task as I tried to explain in my comments.

 

Steve – I would appreciate it if you would answer Kathy’s questions about why ICANN Compliance would need to contact the registrant.

 

It seems to me that the decision we need to make is whether or not the registrant may need to be contacted by ICANN Compliance in some instances and to describe what the objective would be.

 

Chuck

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Monday, March 5, 2018 11:58 AM
To: gnso-rds-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] Fwd: Re: FW: DT5 Answers to Questions - First Draft for DT Review

 

Hi Chuck, Beth and All,

Attached is Chuck's document, as edited by me, and then by Beth.  People seemed to be missing it, so let me recirculate. I have recommended edits to the answers to all three questions.

As Chuck confirmed below, this "Contractual Compliance" discussion is about the Registries and Registrars, not the Customer (Registrant). The Registries' and Registrars' contact data is known in many places and many ways to ICANN through signed agreements and other contact lists. The Registrant data -- the focus of our work in this RDS WG, right? -- does not appear to be implicated in this discussion at all. 

Best, Kathy

-------- Forwarded Message --------

Subject:	Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Date:	Mon, 5 Mar 2018 17:20:37 +0000
From:	Beth Bacon <bbacon@pir.org>
To:	gnso-rds-pdp-5@icann.org <gnso-rds-pdp-5@icann.org>

 

Hello all,

I made a few small edits to what Kathy contributed, but I do think that the bulk of the comments are more suited to broader RDS WG conversations rather than the narrow focus of DT5.

Thanks,
Beth

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Monday, March 05, 2018 9:40 AM
To: 'Kathy Kleiman' <kathy@kathykleiman.com>; gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review

 

Kathy,

 

Please see my responses below.

 

Chuck

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Sunday, March 4, 2018 7:31 PM
To: gnso-rds-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review

 

Hi Chuck and All,

Would it be possible to use a Google Doc? I think I used the most recent version of the DT5 document.

[Chuck Gomes] Our deliverable is due not later than Wednesday so I don’t think that we have time to switch now.  Also, this is a very short document so I don’t understand the problem.

  I have to say that this document is very difficult for me to understand. Perhaps because the terms are ambiguous. "Contracted party" in ICANN generally means a registry and registrar. Is that how you are using it here?

[Chuck Gomes] For now yes, but in the future, there could be other contracted parties such as privacy/proxy providers depending on what policies are approved and implemented.

Further, throughout the world, contractual compliance documents (often third party documents to the customer and involving how a customer's data is processed by vendors, for example) are being modified to ensure that the fundamental protections and rights provided by data protection laws to the customers (registrants, in our case) are protected fully and consistent with the purpose of that collection and processing.

[Chuck Gomes] How does this relate to the DT5 task?  Do you have a specific suggestion for our answers to the three questions?

Here, we seem to be making the contractual compliance obligations of third parties to the customer/registrant subservient to other agreements.  I think we may have it backwards, but I am, of course new to the group. (I have however, studied and written about the EU-US Privacy Shield -- happy to share the links).

[Chuck Gomes] All we are doing here is examining the contractual compliance issue to see if there is common understanding of it with the hope that the WG will then be better able to deliberate on whether it is a legitimate purpose for which some sort of processing is appropriate.  I think you are reading way to much into what we are doing.  Our focus is not on the contractual compliance obligations of third parties.  Our focus for this deliverable is only on ICANN’s RDS needs for enforcing its contracts with domain name registrars and registries.

Best regards, Kathy (with edited version of what I think is the most recent version of the document attached -- with Track Changes)

[Chuck Gomes] Is there supposed to be an attached redline version?  If so, I didn’t receive it.

 

On 3/2/2018 3:13 PM, Chuck wrote:

Thanks for the edits Steve.

 

I saved the redline version from Steve as version 2 of our deliverable. Does anyone have any more suggested edits?  If so, please let us know by mid-day on Monday.  Otherwise, I will assume that this is our final version for ICANN Contractual Compliance.

 

Who from this DT is going to be in Puerto Rico?  It would be great if one of you could present our deliverable to the WG on Saturday morning.  It could also be presented remotely.

 

Chuck

 

From: Metalitz, Steven [mailto:met@msk.com]
Sent: Friday, March 2, 2018 9:04 AM
To: 'Beth Bacon' <bbacon@pir.org>; 'Chuck' <consult@cgomes.com>; 'GNSO-RDS-pdp-5@icann.org' <GNSO-RDS-pdp-5@icann.org>
Subject: RE: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review

 

And here are a few edits re the ICANN contractual compliance piece, mainly to indicate that (1) compliance issues other than RDS compliance might apply and (2) ICANN compliance may need to contact registrants as part of a compliance investigation.  Perhaps we should run this document by ICANN compliance to get their perspective….

 

Steve

 

 

 

Steven J. Metalitz | Partner, through his professional corporation

T: 202.355.7902 | met@msk.com

Mitchell Silberberg & Knupp LLP | www.msk.com

1818 N Street NW, 8th Floor, Washington, DC 20036

 

THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.

 

From: Metalitz, Steven
Sent: Friday, March 02, 2018 11:46 AM
To: 'Beth Bacon'; Chuck; GNSO-RDS-pdp-5@icann.org
Subject: RE: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review

 

Thanks for getting the ball rolling Beth.  See my edits/comments in attached. 

 

 

 

Steven J. Metalitz | Partner, through his professional corporation

T: 202.355.7902 | met@msk.com

Mitchell Silberberg & Knupp LLP | www.msk.com

1818 N Street NW, 8th Floor, Washington, DC 20036

 

THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Beth Bacon
Sent: Friday, March 02, 2018 11:22 AM
To: Chuck; GNSO-RDS-pdp-5@icann.org
Subject: Re: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review

 

Hello Team,

Please see my edits and comments in the attached.  Please feel free to argue with me about my comments and questions.  I’ve missed a few of the calls this month so my questions may be based on incorrect assumptions.  I don’t have any edits to the compliance document. 

 

Looking forward to seeing you in PR.

Best,
Beth

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Friday, March 02, 2018 11:00 AM
To: GNSO-RDS-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] FW: DT5 Answers to Questions - First Draft for DT Review
Importance: High

 

I have only heard from one team member so far and she plans to respond today. I sure hope the rest of you can respond today as well.  I understand how much is going on including ICANN’s posting of the latest info on the GDPR memo, but please try to spend 30 minutes or so today and provide your initial input on these two documents so that we can have an email discussion about them over the weekend and on Monday.

 

Chuck

 

From: Gnso-rds-pdp-5 [mailto:gnso-rds-pdp-5-bounces@icann.org] On Behalf Of Chuck
Sent: Thursday, March 1, 2018 9:01 AM
To: GNSO-RDS-pdp-5@icann.org
Subject: [Gnso-rds-pdp-5] DT5 Answers to Questions - First Draft for DT Review
Importance: High

 

It would be very helpful if each of you could review and provide any first thoughts you have on the following two drafts TODAY.  Note that the first one is less than two pages and the second is only about half a page.

 

Chuck

 

_______________________________________________

Gnso-rds-pdp-5 mailing list

Gnso-rds-pdp-5@icann.org

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5

 

_______________________________________________

Gnso-rds-pdp-5 mailing list

Gnso-rds-pdp-5@icann.org

https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5

 

 

_______________________________________________
Gnso-rds-pdp-5 mailing list
Gnso-rds-pdp-5@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-5

--

Regards

@__f_f__

https://www.linkedin.com/in/farellf