Template for Privacy team output
To coordinate our work, staff have created a Template that suggests the form our output should take, and that includes a list of the many documents already suggested as relevant to this teams work. It is attached to this message. Please note that the list of documents is quite extensive already - which certainly doesn’t mean we can’t add more. I’d like volunteers to start looking at documents added and summarising some of their contents. Summaries should focus on describing its relevance to our work, and the questions it addresses, rather than opinions about the substantive issues it covers. Regards David
Hello David, Thank for all your efforts towards the achievement of our goal. I will take tomorrow and Friday to review some of the documentts and get back to you ASAP and or NLT saturday. Le mer. 30 mars 2016 à 16:28, David Cake via Gnso-rds-pdp-privacy < gnso-rds-pdp-privacy@icann.org> a écrit :
To coordinate our work, staff have created a Template that suggests the form our output should take, and that includes a list of the many documents already suggested as relevant to this teams work. It is attached to this message.
Please note that the list of documents is quite extensive already - which certainly doesn’t mean we can’t add more.
I’d like volunteers to start looking at documents added and summarising some of their contents. Summaries should focus on describing its relevance to our work, and the questions it addresses, rather than opinions about the substantive issues it covers.
Regards
David
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
-- Best regards, @__f_f__
David and All, I appreciate this Privacy sub-group mission of seeking additional information about privacy and data protection frameworks and laws that impact our work in this WG. The world has changed significantly since the founding of ICANN, particularly re: privacy and data protection laws. Currently, 109 countries have data protection laws – more than half the world – and the number is growing rapidly. I. *Global Data Protection Laws * These countries exist in ICANN's key regions, with countries in Africa, Asia & the Pacific, Europe, Latin America and North America. I can't imagine any registrar who is not touched by these laws or representing registrants in these regions. Per the mandate of this sub-group, we are asked to lay out information about these data protection laws and frameworks and to that end, I attach: 1. “Global Tables of Data Privacy Laws and Bills (4^th Ed, January 2015)” with 109 countries; and 2. “Global data privacy laws 2015,” an article by Professor Greenleaf, which lays out the clear and rapid path of privacy law adoption. He writes in the opening to this article: “This is the fourth in a series of articles which has documented the increasing number of countries with data privacy laws, initially assessed in mid-2011 to an (unexpected high) 76, expanding through new laws and further research to 89 by early 2012, and then by mid-2013 to 99. The number of countries which have now enacted data privacy laws has risen to 109 over the past eighteen months.” (attached) *II. Council of Europe* Further, the Council of Europe's Treaty 108 on Data Protection is signed by 47 countries with 3 more in the process of signing. All are listed in this attachment and I would like to request that this treaty and its signatories become an official part of our sub-group record: http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/sig... III. *European Union* Finally, the European Data Protection Directive, 1995, is a key document for the 28 countries of the European Union and a foundation document for the dozens of data protection laws that followed around the world. The 28 members of the EU are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. I would ask that the Directive be included in our materials, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012. Tx again for this important collection of documents. Best, Kathy
Hello All, 1. Dear kathy, Thank you very much for this information. I was about to suggest we proceed to a benchmark study for data protection and privacy in all countries, or we submit our later report to a larger community (UN or any organization with a high number of member states compare to the Council of Europe(an) -Union). It is a very good point to have such a list of countries with or without data privacy laws. 2. However, we don't have the content of all those laws (to know other countries'requirements also) and time won't permit us to doing so. Therefore, I suggest we base our job on the principles which are accepted by a highest number of countries, or collected let's say an organization with the highest number of member states in the world that ratified such laws. 3. The Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, adopted on April 2014 ("ARTICLE 29 DATA PROTECTION WORKING PARTY"), is in my opinion a very good document, but it is based on European principles under 95/46/EC. The good news is many African countries (include mine) adopted most of legal principles of Europe but not all them, nor the countries outside Europe and Africa. So we really need to check whether the six grounds stated in this document apply everywhere or whether there is an incompatibility with those six grounds with another principle in any country outside Europe. 4. Most of the grounds are related to the user consent while one explicitly recommends to make some balance tests : necessity against data subject freedom or right to protection against freedom of expression. 5. *All the documents provided by most of us are mostly dealing with "what information can be accessed and why", but according to EWG final report data privacy/protection should also address mechanisms (systems, equipements, procedures) to implement to ensure. That is the HOW (to access and to ensure that information is accessed in the right manner)*. My suggestion : is let's brainstorm (may be too late) about - what information is required for a domain name management : efficiency, traceability, openness ? - what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true. WHOIS informations should have some mandatory information and optional depending on local regulation. Users can choose which information can be made public and the conditions associated with. Some policies might apply to registrars to not make those information public, but available, however, for efficiency, traceability and any other legal reason. Le sam. 2 avr. 2016 à 23:54, Kathy Kleiman via Gnso-rds-pdp-privacy < gnso-rds-pdp-privacy@icann.org> a écrit :
David and All, I appreciate this Privacy sub-group mission of seeking additional information about privacy and data protection frameworks and laws that impact our work in this WG. The world has changed significantly since the founding of ICANN, particularly re: privacy and data protection laws. Currently, 109 countries have data protection laws – more than half the world – and the number is growing rapidly.
I. *Global Data Protection Laws *
These countries exist in ICANN's key regions, with countries in Africa, Asia & the Pacific, Europe, Latin America and North America. I can't imagine any registrar who is not touched by these laws or representing registrants in these regions. Per the mandate of this sub-group, we are asked to lay out information about these data protection laws and frameworks and to that end, I attach:
1.
“Global Tables of Data Privacy Laws and Bills (4th Ed, January 2015)” with 109 countries; and 2.
“Global data privacy laws 2015,” an article by Professor Greenleaf, which lays out the clear and rapid path of privacy law adoption. He writes in the opening to this article:
“This is the fourth in a series of articles which has documented the increasing number of countries with data privacy laws, initially assessed in mid-2011 to an (unexpected high) 76, expanding through new laws and further research to 89 by early 2012, and then by mid-2013 to 99. The number of countries which have now enacted data privacy laws has risen to 109 over the past eighteen months.” (attached)
*II. Council of Europe*
Further, the Council of Europe's Treaty 108 on Data Protection is signed by 47 countries with 3 more in the process of signing. All are listed in this attachment and I would like to request that this treaty and its signatories become an official part of our sub-group record:
<http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/sig...> http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/sig...
III. *European Union*
Finally, the European Data Protection Directive, 1995, is a key document for the 28 countries of the European Union and a foundation document for the dozens of data protection laws that followed around the world. The 28 members of the EU are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. I would ask that the Directive be included in our materials, <http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012> http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012.
Tx again for this important collection of documents.
Best, Kathy _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
-- Best regards, @__f_f__
Hello All, Kathy has given some great insights on Privacy and Data protection laws, I believe with the 109 countries that have these laws, we can start the work to review the intersection of these laws as we do two things 1. Proceed with what Farrels was about to suggest - Benchmark study for data protection and privacy in all countried and later submit a report to a larger community. 2. Since we have the laws in 109 countries we can proceed to make a review assessment. On the suggestion made by Farell; - what information is required for a domain name management : efficiency, traceability, openness ? - what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true. I think this is the point to start the Brainstorming. Could we use a google docs as we start the Review process and Assessment? Based on the opening suggestions given by Farell. I am beginning to see the direction of Assessment and Review. ᐧ Regards Nanghaka Daniel K. Executive Director - ILICIT Africa / Council Member - FOSSFA / Community Lead - ISOC Uganda Chapter Mobile +256 772 898298 (Uganda) Skype: daniel.nanghaka ----------------------------------------- *"Working for Africa" * ----------------------------------------- On Sun, Apr 3, 2016 at 2:57 PM, Farell Folly via Gnso-rds-pdp-privacy < gnso-rds-pdp-privacy@icann.org> wrote:
Hello All,
1. Dear kathy, Thank you very much for this information. I was about to suggest we proceed to a benchmark study for data protection and privacy in all countries, or we submit our later report to a larger community (UN or any organization with a high number of member states compare to the Council of Europe(an) -Union). It is a very good point to have such a list of countries with or without data privacy laws. 2. However, we don't have the content of all those laws (to know other countries'requirements also) and time won't permit us to doing so. Therefore, I suggest we base our job on the principles which are accepted by a highest number of countries, or collected let's say an organization with the highest number of member states in the world that ratified such laws. 3. The Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, adopted on April 2014 ("ARTICLE 29 DATA PROTECTION WORKING PARTY"), is in my opinion a very good document, but it is based on European principles under 95/46/EC. The good news is many African countries (include mine) adopted most of legal principles of Europe but not all them, nor the countries outside Europe and Africa. So we really need to check whether the six grounds stated in this document apply everywhere or whether there is an incompatibility with those six grounds with another principle in any country outside Europe. 4. Most of the grounds are related to the user consent while one explicitly recommends to make some balance tests : necessity against data subject freedom or right to protection against freedom of expression. 5. *All the documents provided by most of us are mostly dealing with "what information can be accessed and why", but according to EWG final report data privacy/protection should also address mechanisms (systems, equipements, procedures) to implement to ensure. That is the HOW (to access and to ensure that information is accessed in the right manner)*.
My suggestion : is let's brainstorm (may be too late) about
- what information is required for a domain name management : efficiency, traceability, openness ? - what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true.
WHOIS informations should have some mandatory information and optional depending on local regulation. Users can choose which information can be made public and the conditions associated with. Some policies might apply to registrars to not make those information public, but available, however, for efficiency, traceability and any other legal reason.
Le sam. 2 avr. 2016 à 23:54, Kathy Kleiman via Gnso-rds-pdp-privacy < gnso-rds-pdp-privacy@icann.org> a écrit :
David and All, I appreciate this Privacy sub-group mission of seeking additional information about privacy and data protection frameworks and laws that impact our work in this WG. The world has changed significantly since the founding of ICANN, particularly re: privacy and data protection laws. Currently, 109 countries have data protection laws – more than half the world – and the number is growing rapidly.
I. *Global Data Protection Laws *
These countries exist in ICANN's key regions, with countries in Africa, Asia & the Pacific, Europe, Latin America and North America. I can't imagine any registrar who is not touched by these laws or representing registrants in these regions. Per the mandate of this sub-group, we are asked to lay out information about these data protection laws and frameworks and to that end, I attach:
1.
“Global Tables of Data Privacy Laws and Bills (4th Ed, January 2015)” with 109 countries; and 2.
“Global data privacy laws 2015,” an article by Professor Greenleaf, which lays out the clear and rapid path of privacy law adoption. He writes in the opening to this article:
“This is the fourth in a series of articles which has documented the increasing number of countries with data privacy laws, initially assessed in mid-2011 to an (unexpected high) 76, expanding through new laws and further research to 89 by early 2012, and then by mid-2013 to 99. The number of countries which have now enacted data privacy laws has risen to 109 over the past eighteen months.” (attached)
*II. Council of Europe*
Further, the Council of Europe's Treaty 108 on Data Protection is signed by 47 countries with 3 more in the process of signing. All are listed in this attachment and I would like to request that this treaty and its signatories become an official part of our sub-group record:
<http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/sig...> http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/sig...
III. *European Union*
Finally, the European Data Protection Directive, 1995, is a key document for the 28 countries of the European Union and a foundation document for the dozens of data protection laws that followed around the world. The 28 members of the EU are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. I would ask that the Directive be included in our materials, <http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012> http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012.
Tx again for this important collection of documents.
Best, Kathy _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
-- Best regards,
@__f_f__
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
Hopefully this point has already been made but in case not, the privacy teams task is not to do the brainstorming and cataloging of data protection laws. The full WG will do that later in our work. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of DANIEL NANGHAKA via Gnso-rds-pdp-privacy Sent: Sunday, April 03, 2016 5:21 PM To: Farell Folly Cc: gnso-rds-pdp-privacy@icann.org Subject: Re: [Gnso-rds-pdp-privacy] Global Data Protections Laws - a rapidly growing number Hello All, Kathy has given some great insights on Privacy and Data protection laws, I believe with the 109 countries that have these laws, we can start the work to review the intersection of these laws as we do two things 1. Proceed with what Farrels was about to suggest - Benchmark study for data protection and privacy in all countried and later submit a report to a larger community. 2. Since we have the laws in 109 countries we can proceed to make a review assessment. On the suggestion made by Farell; · what information is required for a domain name management : efficiency, traceability, openness ? · what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true. I think this is the point to start the Brainstorming. Could we use a google docs as we start the Review process and Assessment? Based on the opening suggestions given by Farell. I am beginning to see the direction of Assessment and Review. [https://mailfoogae.appspot.com/t?sender=aZG5kYW5uYW5nQGdtYWlsLmNvbQ%3D%3D&type=zerocontent&guid=e6ef04ac-8f04-4bfe-9c6a-f23cda9a04aa]ᐧ Regards Nanghaka Daniel K. Executive Director - ILICIT Africa / Council Member - FOSSFA / Community Lead - ISOC Uganda Chapter Mobile +256 772 898298 (Uganda) Skype: daniel.nanghaka ----------------------------------------- "Working for Africa" ----------------------------------------- [https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPOGxHaDhJMGZwN2c&revid=0BwH7MatcY6gPWmQyTXJIdWtScmN2ZUxpRDBpZG8wZUd5ZkhBPQ][https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPeFAxdFF3Skk4b3M&revid=0BwH7MatcY6gPK2MxMkFyME5BWS9hb0VQMFRmTVFTMlB2SENRPQ] [https://docs.google.com/uc?export=download&id=0BwH7MatcY6gPSF9OWXFHYkV3ZVk&r...] On Sun, Apr 3, 2016 at 2:57 PM, Farell Folly via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org>> wrote: Hello All, 1. Dear kathy, Thank you very much for this information. I was about to suggest we proceed to a benchmark study for data protection and privacy in all countries, or we submit our later report to a larger community (UN or any organization with a high number of member states compare to the Council of Europe(an) -Union). It is a very good point to have such a list of countries with or without data privacy laws. 2. However, we don't have the content of all those laws (to know other countries'requirements also) and time won't permit us to doing so. Therefore, I suggest we base our job on the principles which are accepted by a highest number of countries, or collected let's say an organization with the highest number of member states in the world that ratified such laws. 3. The Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, adopted on April 2014 ("ARTICLE 29 DATA PROTECTION WORKING PARTY"), is in my opinion a very good document, but it is based on European principles under 95/46/EC. The good news is many African countries (include mine) adopted most of legal principles of Europe but not all them, nor the countries outside Europe and Africa. So we really need to check whether the six grounds stated in this document apply everywhere or whether there is an incompatibility with those six grounds with another principle in any country outside Europe. 4. Most of the grounds are related to the user consent while one explicitly recommends to make some balance tests : necessity against data subject freedom or right to protection against freedom of expression. 5. All the documents provided by most of us are mostly dealing with "what information can be accessed and why", but according to EWG final report data privacy/protection should also address mechanisms (systems, equipements, procedures) to implement to ensure. That is the HOW (to access and to ensure that information is accessed in the right manner). My suggestion : is let's brainstorm (may be too late) about * what information is required for a domain name management : efficiency, traceability, openness ? * what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true. WHOIS informations should have some mandatory information and optional depending on local regulation. Users can choose which information can be made public and the conditions associated with. Some policies might apply to registrars to not make those information public, but available, however, for efficiency, traceability and any other legal reason. Le sam. 2 avr. 2016 à 23:54, Kathy Kleiman via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org>> a écrit : David and All, I appreciate this Privacy sub-group mission of seeking additional information about privacy and data protection frameworks and laws that impact our work in this WG. The world has changed significantly since the founding of ICANN, particularly re: privacy and data protection laws. Currently, 109 countries have data protection laws – more than half the world – and the number is growing rapidly. I. Global Data Protection Laws These countries exist in ICANN's key regions, with countries in Africa, Asia & the Pacific, Europe, Latin America and North America. I can't imagine any registrar who is not touched by these laws or representing registrants in these regions. Per the mandate of this sub-group, we are asked to lay out information about these data protection laws and frameworks and to that end, I attach: 1. “Global Tables of Data Privacy Laws and Bills (4th Ed, January 2015)” with 109 countries; and 2. “Global data privacy laws 2015,” an article by Professor Greenleaf, which lays out the clear and rapid path of privacy law adoption. He writes in the opening to this article: “This is the fourth in a series of articles which has documented the increasing number of countries with data privacy laws, initially assessed in mid-2011 to an (unexpected high) 76, expanding through new laws and further research to 89 by early 2012, and then by mid-2013 to 99. The number of countries which have now enacted data privacy laws has risen to 109 over the past eighteen months.” (attached) II. Council of Europe Further, the Council of Europe's Treaty 108 on Data Protection is signed by 47 countries with 3 more in the process of signing. All are listed in this attachment and I would like to request that this treaty and its signatories become an official part of our sub-group record: http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/sig... III. European Union Finally, the European Data Protection Directive, 1995, is a key document for the 28 countries of the European Union and a foundation document for the dozens of data protection laws that followed around the world. The 28 members of the EU are: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. I would ask that the Directive be included in our materials, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012. Tx again for this important collection of documents. Best, Kathy _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org<mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy -- Best regards, @__f_f__ _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org<mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
On 3 Apr 2016, at 7:57 PM, Farell Folly via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org> wrote:
Most of the grounds are related to the user consent while one explicitly recommends to make some balance tests : necessity against data subject freedom or right to protection against freedom of expression. All the documents provided by most of us are mostly dealing with "what information can be accessed and why", but according to EWG final report data privacy/protection should also address mechanisms (systems, equipements, procedures) to implement to ensure. That is the HOW (to access and to ensure that information is accessed in the right manner). My suggestion : is let's brainstorm (may be too late) about what information is required for a domain name management : efficiency, traceability, openness ? what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true.
Please remember that this group is strictly focussed on dealing with documentation. I thought Kathys suggestions are very useful documents, but the purpose of this group is to help make those documents accessible to the wider working group - so if you think these documents are useful, please summarise why and leave it at that for now, the questions you are asking above are the sort of deliberative questions that should be addressed by the whole WG not this sub-group. David
Sorry Cake, I see. I went too far too fast. Le lundi 4 avril 2016, David Cake <davecake@gmail.com> a écrit :
On 3 Apr 2016, at 7:57 PM, Farell Folly via Gnso-rds-pdp-privacy < gnso-rds-pdp-privacy@icann.org <javascript:_e(%7B%7D,'cvml','gnso-rds-pdp-privacy@icann.org');>> wrote:
1. 2. Most of the grounds are related to the user consent while one explicitly recommends to make some balance tests : necessity against data subject freedom or right to protection against freedom of expression. 3. *All the documents provided by most of us are mostly dealing with "what information can be accessed and why", but according to EWG final report data privacy/protection should also address mechanisms (systems, equipements, procedures) to implement to ensure. That is the HOW (to access and to ensure that information is accessed in the right manner)*.
My suggestion : is let's brainstorm (may be too late) about
- what information is required for a domain name management : efficiency, traceability, openness ? - what information really needs to be public : in my opinion, if somebody does not hold a domain name, I don't know why it should access somebody else's domain name information by only using WHOIS (unless the intended recipient explictly wishes it so). If a lawyer, for any legal purpose, wants to access a registrant's WHOIS information, I am pretty sure that there is legal reason and in this case the associated registrar/registry has the information to provide; so the lawyer does need a WHOIS request to access all the registrant's info. Necessity must always be proved before somebody uses WHOIS to access such an information. And when a registrant A is allowed to access registrant B's information, the reverse should be true.
Please remember that this group is strictly focussed on dealing with documentation. I thought Kathys suggestions are very useful documents, but the purpose of this group is to help make those documents accessible to the wider working group - so if you think these documents are useful, please summarise why and leave it at that for now, the questions you are asking above are the sort of deliberative questions that should be addressed by the whole WG not this sub-group.
David
-- Meilleures salutations, --ff--
That would be terrific, Farell. David
On 31 Mar 2016, at 6:26 AM, Farell Folly <farellfolly@gmail.com> wrote:
Hello David,
Thank for all your efforts towards the achievement of our goal. I will take tomorrow and Friday to review some of the documentts and get back to you ASAP and or NLT saturday.
Le mer. 30 mars 2016 à 16:28, David Cake via Gnso-rds-pdp-privacy <gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org>> a écrit : To coordinate our work, staff have created a Template that suggests the form our output should take, and that includes a list of the many documents already suggested as relevant to this teams work. It is attached to this message.
Please note that the list of documents is quite extensive already - which certainly doesn’t mean we can’t add more.
I’d like volunteers to start looking at documents added and summarising some of their contents. Summaries should focus on describing its relevance to our work, and the questions it addresses, rather than opinions about the substantive issues it covers.
Regards
David
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy> -- Best regards,
@__f_f__
This is indeed an impressive compendium of documents, which Kathy has subsequently supplemented further. One of our challenges will be to maintain a focus on those resources most directly relevant to our tasks (as distinguished from privacy/data protection topics more generally). In that regard, I’ll suggest one additional document which is focused on an aspect of RDS: the legal review memorandum prepared by ICANN (with outside counsel assistance) pursuant to the Board resolution adopting thick Whois architecture as a consensus policy applicable to all gTLD registries. It can be found at Legal Review Memorandum (8 June 2015): ICANN Memorandum to the IRT - Thin to Thick WHOIS Transition_Final_2015-06-08.pdf<https://community.icann.org/download/attachments/52889541/ICANN%20Memorandum...>. [image001] Steven J. Metalitz | Partner, through his professional corporation T: 202.355.7902 | met@msk.com<mailto:met@msk.com> Mitchell Silberberg & Knupp LLP | www.msk.com<http://www.msk.com/> 1818 N Street NW, 8th Floor, Washington, DC 20036 THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS. THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU. From: gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of David Cake via Gnso-rds-pdp-privacy Sent: Wednesday, March 30, 2016 11:28 AM To: gnso-rds-pdp-privacy@icann.org Subject: [Gnso-rds-pdp-privacy] Template for Privacy team output To coordinate our work, staff have created a Template that suggests the form our output should take, and that includes a list of the many documents already suggested as relevant to this teams work. It is attached to this message. Please note that the list of documents is quite extensive already - which certainly doesn’t mean we can’t add more. I’d like volunteers to start looking at documents added and summarising some of their contents. Summaries should focus on describing its relevance to our work, and the questions it addresses, rather than opinions about the substantive issues it covers. Regards David _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org<mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
It might be useful to supplement that with the report presented to the EWG on legal considerations, dated August 2013. Before attaching that report, as it was supplied in confidence to the EWG, and I cannot figure out whether it is on the public part of the EWG website or not, I would ask Lisa if it is ok to circulate that email. Nothing earth shattering in there in my view, and it not marked solicitor-client privilege, so I would think we could distribute it but I am not the boss. cheers Stephanie On 2016-04-04 14:43, Metalitz, Steven via Gnso-rds-pdp-privacy wrote:
This is indeed an impressive compendium of documents, which Kathy has subsequently supplemented further. One of our challenges will be to maintain a focus on those resources most directly relevant to our tasks (as distinguished from privacy/data protection topics more generally).
In that regard, I’ll suggest one additional document which is focused on an aspect of RDS: the legal review memorandum prepared by ICANN (with outside counsel assistance) pursuant to the Board resolution adopting thick Whois architecture as a consensus policy applicable to all gTLD registries. It can be found at Legal Review Memorandum (8 June 2015): ICANN Memorandum to the IRT - Thin to Thick WHOIS Transition_Final_2015-06-08.pdf <https://community.icann.org/download/attachments/52889541/ICANN%20Memorandum...>.
*image001*
*Steven J. Metalitz *|***Partner, through his professional corporation*
T: 202.355.7902 |met@msk.com <mailto:met@msk.com>**
*Mitchell Silberberg & Knupp**LLP*|*www.msk.com <http://www.msk.com/>*
1818 N Street NW, 8th Floor, Washington, DC 20036
*_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS._**THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU.*
*From:*gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] *On Behalf Of *David Cake via Gnso-rds-pdp-privacy *Sent:* Wednesday, March 30, 2016 11:28 AM *To:* gnso-rds-pdp-privacy@icann.org *Subject:* [Gnso-rds-pdp-privacy] Template for Privacy team output
To coordinate our work, staff have created a Template that suggests the form our output should take, and that includes a list of the many documents already suggested as relevant to this teams work. It is attached to this message.
Please note that the list of documents is quite extensive already - which certainly doesn’t mean we can’t add more.
I’d like volunteers to start looking at documents added and summarising some of their contents. Summaries should focus on describing its relevance to our work, and the questions it addresses, rather than opinions about the substantive issues it covers.
Regards
David
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://protect-us.mimecast.com/s/NV8XBVh95doTx <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
Thanks Lisa! SP On 2016-04-04 15:21, Lisa Phifer wrote:
Stephanie, yes, that public memo is in the Privacy small team's input list, as it was identified as an input to this PDP's question on Privacy in the process framework and thus charter.
You can find it posted here in the EWG's public wiki:
https://community.icann.org/download/attachments/43982771/Memo%20to%20EWG%20...
It's also on this PDP WG's wiki in a couple of places, where you will find it entitled:
EWG Research:Data Protection Considerations Applicable to Collection of gTLD Reg Data Memo <https://community.icann.org/download/attachments/43982771/Memo%20to%20EWG%20...>
Steve, the Thick to Think memo is also on this PDP WG's wiki, but highlighted under a different question (system model). I'll add to the privacy inputs list now, but in the meantime, the two wiki links associated with that input are:
Thick WHOIS PDP Final Report <http://gnso.icann.org/en/issues/whois/thick-final-21oct13-en.pdf> (2011-2013) and IRT Legal Review <https://community.icann.org/download/attachments/52889541/ICANN%20Memorandum...>
Best, Lisa
At 12:56 PM 4/4/2016, Stephanie Perrin wrote:
It might be useful to supplement that with the report presented to the EWG on legal considerations, dated August 2013. Before attaching that report, as it was supplied in confidence to the EWG, and I cannot figure out whether it is on the public part of the EWG website or not, I would ask Lisa if it is ok to circulate that email. Nothing earth shattering in there in my view, and it not marked solicitor-client privilege, so I would think we could distribute it but I am not the boss. cheers Stephanie
On 2016-04-04 14:43, Metalitz, Steven via Gnso-rds-pdp-privacy wrote:
This is indeed an impressive compendium of documents, which Kathy has subsequently supplemented further. One of our challenges will be to maintain a focus on those resources most directly relevant to our tasks (as distinguished from privacy/data protection topics more generally).
In that regard, I?ll suggest one additional document which is focused on an aspect of RDS: the legal review memorandum prepared by ICANN (with outside counsel assistance) pursuant to the Board resolution adopting thick Whois architecture as a consensus policy applicable to all gTLD registries. It can be found at Legal Review Memorandum (8 June 2015): ICANN Memorandum to the IRT - Thin to Thick WHOIS Transition_Final_2015-06-08.pdf <https://community.icann.org/download/attachments/52889541/ICANN%20Memorandum...>.
image001 *Steven J. Metalitz *|*Partner, through his professional corporation *T: 202.355.7902 | met@msk.com <mailto:met@msk.com> *Mitchell Silberberg & KnuppLLP* | *www.msk.com* <http://www.msk.com/>* *1818 N Street NW, 8th Floor, Washington, DC 20036
*_THE INFORMATION CONTAINED IN THIS E-MAIL MESSAGE IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENTS._ THIS MESSAGE MAY BE AN ATTORNEY-CLIENT COMMUNICATION, AND AS SUCH IS PRIVILEGED AND CONFIDENTIAL. IF THE READER OF THIS MESSAGE IS NOT AN INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY REVIEW, USE, DISSEMINATION, FORWARDING OR COPYING OF THIS MESSAGE IS STRICTLY PROHIBITED. PLEASE NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR TELEPHONE, AND DELETE THE ORIGINAL MESSAGE AND ALL ATTACHMENTS FROM YOUR SYSTEM. THANK YOU. * *From:* gnso-rds-pdp-privacy-bounces@icann.org <mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org <mailto:gnso-rds-pdp-privacy-bounces@icann.org>] *On Behalf Of *David Cake via Gnso-rds-pdp-privacy *Sent:* Wednesday, March 30, 2016 11:28 AM *To:* gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org> *Subject:* [Gnso-rds-pdp-privacy] Template for Privacy team output
To coordinate our work, staff have created a Template that suggests the form our output should take, and that includes a list of the many documents already suggested as relevant to this teams work. It is attached to this message.
Please note that the list of documents is quite extensive already - which certainly doesn?t mean we can?t add more.
I?d like volunteers to start looking at documents added and summarising some of their contents. Summaries should focus on describing its relevance to our work, and the questions it addresses, rather than opinions about the substantive issues it covers.
Regards
David
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://protect-us.mimecast.com/s/NV8XBVh95doTx <https://protect-us.mimecast.com/s/NV8XBVh95doTx>
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
participants (8)
-
DANIEL NANGHAKA -
David Cake -
Farell Folly -
Gomes, Chuck -
Kathy Kleiman -
Lisa Phifer -
Metalitz, Steven -
Stephanie Perrin