Docs most relevant in our Privacy Subgroup summary
Hi All, I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared! My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below. Best regards, Kathy In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share: 1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws) 3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks. 4) Schrems v.Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks. 5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work? 6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements. Best regards, Kathy
I think those are great choices Kathy, bearing in mind that we do not have a summary (unless I am wrong, if so please tell me) of the 400 page DP regulation that just passed in Europe. Since it has two years to come into force, we are ok for now, but we really do need to examine that document rather closely as well, noting that EEA countries are already moving to meet the new standard as well. I am still ruminating about which ones I think are the most important, but absolutely we know that the DPAs still consider the Opinion 2/2003 is relevant, and they are also committed to the Summary of Article 29 Data Protection Working Party Opinion 03/2013 on purpose limitation 00569/13/EN WP 203 adopted April 2, 2013 which I summarized for the purpose group. It is vital to an understanding of how the DPAs evaluate the purpose of collection, use and disclosure of registrant data at ICANN. more later SP On 2016-04-25 15:03, Kathy Kleiman wrote:
Hi All, I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared!
My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below.
Best regards, Kathy
In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share:
1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws)
3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks.
4) Schrems v.Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks.
5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work?
6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements.
Best regards, Kathy
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
I think ‘relevant’ is a key word, a point that Lisa made to the leadership team a few days ago. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, April 25, 2016 9:03 AM To: gnso-rds-pdp-privacy@icann.org Subject: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Hi All, I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared! My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below. Best regards, Kathy In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share: 1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws) 3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks. 4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks. 5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work? 6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements. Best regards, Kathy
Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused. cheers Stephanie On 2016-04-25 15:19, Gomes, Chuck wrote:
I think ‘relevant’ is a key word, a point that Lisa made to the leadership team a few days ago.
Chuck
*From:*gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Monday, April 25, 2016 9:03 AM *To:* gnso-rds-pdp-privacy@icann.org *Subject:* [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Hi All,tand I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared!
My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below.
Best regards, Kathy
In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share:
1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws)
3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks.
4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks.
5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work?
6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements.
Best regards, Kathy
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
Good question Stephanie. I don't want to interfere with David's role as leader of this team but here is my answer: Relevant = most helpful in the WG's task of finalizing a work plan and in the deliberation we are tasked with doing regarding the list of charter questions from our charter. Keep in mind something I said in one of our meetings: Identifying what are thought to be the most relevant documents does not mean we will exclude other documents but rather will help us know which documents to start with. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Monday, April 25, 2016 9:23 AM To: gnso-rds-pdp-privacy@icann.org Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused. cheers Stephanie On 2016-04-25 15:19, Gomes, Chuck wrote: I think 'relevant' is a key word, a point that Lisa made to the leadership team a few days ago. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org<mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, April 25, 2016 9:03 AM To: gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org> Subject: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Hi All,tand I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared! My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below. Best regards, Kathy In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share: 1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws) 3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks. 4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks. 5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work? 6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements. Best regards, Kathy _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org<mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy
At this stage I have one nomination for inclusion among "most relevant documents"; one comment on previous nominations; and one question/concern. First, I believe that the Thick Whois PDP report, and the legal review presented to the Implementation Review Team on Thick Whois (this is document #6 in the list from the consolidated PDF) is highly relevant, since it represents the most recent thinking from ICANN concerning the impact of privacy/data protection laws on one aspect of the current RDS (a/k/a Whois). Second, while the Schrems decision, the resulting Privacy Shield document, and WP 29's opinion thereon (there is a very extensive presentation on all this in item #22 of the consolidated PDF) are certainly important in data protection discussions generally, I question whether they meet the "most relevant" criterion for our work. To my knowledge (and I know I will be corrected if I am wrong!), no ICANN accredited registrar or registry has ever explicitly relied upon the former US-EU "safe harbor" regime to justify its processing or transfer of Whois data. The fact that Schrems invalidated the safe harbor regime decision, and that the US and the European Commission subsequently negotiated the Privacy Shield to replace it, would appear to have no direct impact on the registration data status quo, at least. To be clear, I am not questioning the importance of these documents, only whether they meet the criterion of "greatest relevance" to our WG's work. Third, as has been pointed out more than once on this list, the new EU Data Protection Regulation will come into force in two years (i.e., almost certainly before the output of this Working Group will have been implemented), and as I understand it the Regulation will supplant the Data Protection Framework Directive that has been in force for more than 20 years. Since the 1995 Framework Directive provides the basis for many of the documents we have compiled (including but not limited to all the Article 29 WP documents), has anyone assessed the extent to which these other documents remain directly applicable to the issues before our WG? In other words, leaving to one side the significance of any given Article 29 WP document for our work, how will that significance be affected by the fact that the legal instrument which these documents interpret or apply will no longer be in force by the time ICANN acts on our WG's recommendations? I think we would benefit from hearing the views of those much closer to the details of the European developments than I am. Steve Metalitz From: gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Gomes, Chuck Sent: Monday, April 25, 2016 9:38 AM To: Stephanie Perrin; gnso-rds-pdp-privacy@icann.org Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Good question Stephanie. I don't want to interfere with David's role as leader of this team but here is my answer: Relevant = most helpful in the WG's task of finalizing a work plan and in the deliberation we are tasked with doing regarding the list of charter questions from our charter. Keep in mind something I said in one of our meetings: Identifying what are thought to be the most relevant documents does not mean we will exclude other documents but rather will help us know which documents to start with. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org<mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Monday, April 25, 2016 9:23 AM To: gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org> Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused. cheers Stephanie On 2016-04-25 15:19, Gomes, Chuck wrote: I think 'relevant' is a key word, a point that Lisa made to the leadership team a few days ago. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org<mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, April 25, 2016 9:03 AM To: gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org> Subject: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Hi All,tand I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared! My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below. Best regards, Kathy In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share: 1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws) 3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks. 4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks. 5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work? 6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements. Best regards, Kathy _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org<mailto:Gnso-rds-pdp-privacy@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy<https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy>
These are good questions Steve. I am at the IWGDPT spring meeting and will ask if the group or leadership would be able to answer them. I can assure folks, however, even though I have not personally gone through the 400 page regulation (many of the folks here at the meeting are still working their way through the detailed analysis) that the basic principles of the Directive, on which the WHOIS analysis is based have not been made irrelevant. I doubt I will be able to get a formal statement, but I will certainly ask for guidance from the members of the group who are engaged on the issue of the RDS. Everyone I have spoken to expect a rather smooth transition to the new regime, although certainly there are enough administrative and enforcement changes to require a great deal of work over the next few years. Our group, alternatively and for greater certainty, could of course simply write to the Article 29 working party and ask what repercussions the new Regulation might have on their previous guidance. kind regards, Stephanie Perrin On 2016-04-25 22:47, Metalitz, Steven wrote:
At this stage I have one nomination for inclusion among “most relevant documents”; one comment on previous nominations; and one question/concern.
First, I believe that the Thick Whois PDP report, and the legal review presented to the Implementation Review Team on Thick Whois (this is document #6 in the list from the consolidated PDF) is highly relevant, since it represents the most recent thinking from ICANN concerning the impact of privacy/data protection laws on one aspect of the current RDS (a/k/a Whois).
Second, while the Schrems decision, the resulting Privacy Shield document, and WP 29’s opinion thereon (there is a very extensive presentation on all this in item #22 of the consolidated PDF) are certainly important in data protection discussions generally, I question whether they meet the “most relevant” criterion for our work. To my knowledge (and I know I will be corrected if I am wrong!), no ICANN accredited registrar or registry has ever explicitly relied upon the former US-EU “safe harbor” regime to justify its processing or transfer of Whois data. The fact that Schrems invalidated the safe harbor regime decision, and that the US and the European Commission subsequently negotiated the Privacy Shield to replace it, would appear to have no direct impact on the registration data status quo, at least. To be clear, I am not questioning the importance of these documents, only whether they meet the criterion of “greatest relevance” to our WG’s work.
Third, as has been pointed out more than once on this list, the new EU Data Protection Regulation will come into force in two years (i.e., almost certainly before the output of this Working Group will have been implemented), and as I understand it the Regulation will supplant the Data Protection Framework Directive that has been in force for more than 20 years. Since the 1995 Framework Directive provides the basis for many of the documents we have compiled (including but not limited to all the Article 29 WP documents), has anyone assessed the extent to which these other documents remain directly applicable to the issues before our WG? In other words, leaving to one side the significance of any given Article 29 WP document for our work, how will that significance be affected by the fact that the legal instrument which these documents interpret or apply will no longer be in force by the time ICANN acts on our WG’s recommendations? I think we would benefit from hearing the views of those much closer to the details of the European developments than I am.
Steve Metalitz
**
*From:*gnso-rds-pdp-privacy-bounces@icann.org [mailto:gnso-rds-pdp-privacy-bounces@icann.org] *On Behalf Of *Gomes, Chuck *Sent:* Monday, April 25, 2016 9:38 AM *To:* Stephanie Perrin; gnso-rds-pdp-privacy@icann.org *Subject:* Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Good question Stephanie. I don’t want to interfere with David’s role as leader of this team but here is my answer: Relevant = most helpful in the WG’s task of finalizing a work plan and in the deliberation we are tasked with doing regarding the list of charter questions from our charter. Keep in mind something I said in one of our meetings: Identifying what are thought to be the most relevant documents does not mean we will exclude other documents but rather will help us know which documents to start with.
Chuck
*From:*gnso-rds-pdp-privacy-bounces@icann.org <mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] *On Behalf Of *Stephanie Perrin *Sent:* Monday, April 25, 2016 9:23 AM *To:* gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org> *Subject:* Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused.
cheers Stephanie
On 2016-04-25 15:19, Gomes, Chuck wrote:
I think ‘relevant’ is a key word, a point that Lisa made to the leadership team a few days ago.
Chuck
*From:*gnso-rds-pdp-privacy-bounces@icann.org <mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Monday, April 25, 2016 9:03 AM *To:* gnso-rds-pdp-privacy@icann.org <mailto:gnso-rds-pdp-privacy@icann.org> *Subject:* [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Hi All,tand I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared!
My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below.
Best regards, Kathy
In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share:
1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws)
3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks.
4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks.
5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work?
6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements.
Best regards, Kathy
_______________________________________________
Gnso-rds-pdp-privacy mailing list
Gnso-rds-pdp-privacy@icann.org <mailto:Gnso-rds-pdp-privacy@icann.org>
Hi Stephanie, You may not need this response after the call this morning but we arbitrarily chose top 5 documents to focus on last weeks call. No intent to limit the documents it was just to spark discussion. Obviously, we are including all documents the sub teams deem relevant. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: <gnso-rds-pdp-privacy-bounces@icann.org<mailto:gnso-rds-pdp-privacy-bounces@icann.org>> on behalf of Stephanie Perrin <stephanie.perrin@mail.utoronto.ca<mailto:stephanie.perrin@mail.utoronto.ca>> Date: Monday, April 25, 2016 at 6:23 AM To: "gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org>" <gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org>> Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused. cheers Stephanie On 2016-04-25 15:19, Gomes, Chuck wrote: I think ‘relevant’ is a key word, a point that Lisa made to the leadership team a few days ago. Chuck From: gnso-rds-pdp-privacy-bounces@icann.org<mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, April 25, 2016 9:03 AM To: gnso-rds-pdp-privacy@icann.org<mailto:gnso-rds-pdp-privacy@icann.org> Subject: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Hi All,tand I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared! My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below. Best regards, Kathy In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share: 1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws) 3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks. 4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks. 5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work? 6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements. Best regards, Kathy _______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.org<mailto:Gnso-rds-pdp-privacy@icann.org>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dprivacy&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=8ZHbYcFXWJDJhaCtGG-GSqMqvLhyg5LxKRUtwOVAsB0&s=ftw0bmWfrrB2VoCis93gMjMywpJsm8lneJROn5OsqAk&e=>
In relation to relevant¹, I would like to share again the feedback that Chuck shared on the list yesterday: Relevant = most helpful in the WG¹s task of finalizing a work plan and in the deliberation we are tasked with doing regarding the list of charter questions from our charter. Keep in mind something I said in one of our meetings: Identifying what are thought to be the most relevant documents does not mean we will exclude other documents but rather will help us know which documents to start with. Best regards, Marika From: <gnso-rds-pdp-privacy-bounces@icann.org> on behalf of Susan Kawaguchi <susank@fb.com> Date: Tuesday 26 April 2016 at 13:54 To: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca>, "gnso-rds-pdp-privacy@icann.org" <gnso-rds-pdp-privacy@icann.org> Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Hi Stephanie, You may not need this response after the call this morning but we arbitrarily chose top 5 documents to focus on last weeks call. No intent to limit the documents it was just to spark discussion. Obviously, we are including all documents the sub teams deem relevant. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: <gnso-rds-pdp-privacy-bounces@icann.org> on behalf of Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> Date: Monday, April 25, 2016 at 6:23 AM To: "gnso-rds-pdp-privacy@icann.org" <gnso-rds-pdp-privacy@icann.org> Subject: Re: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary Could we please clarify 1) why we are picking our top 5 and 2) what we mean by relevant? if we are evaluating ICANN's role as a data controller in dictating the collection, use, and disclosure of information, the 2013 RAA is probably the most relevant document. IF we are trying to help colleagues from different backgrounds understand what we are talking about in terms of data protection, Kathy's list is an excellent one. We need both, in my view. Hence my slowness in getting off the mark, I am confused. cheers Stephanie On 2016-04-25 15:19, Gomes, Chuck wrote:
I think relevant¹ is a key word, a point that Lisa made to the leadership team a few days ago.
Chuck
From: gnso-rds-pdp-privacy-bounces@icann.org <mailto:gnso-rds-pdp-privacy-bounces@icann.org> [mailto:gnso-rds-pdp-privacy-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, April 25, 2016 9:03 AM To: gnso-rds-pdp-privacy@icann.org Subject: [Gnso-rds-pdp-privacy] Docs most relevant in our Privacy Subgroup summary
Hi All,tand I think we have been asked for our list of the most relevant documents for the Working Group from our Privacy subgroup. It is hard to choose from the excellent list and summaries prepared!
My thoughts are that the documents below provide the best overview of pivotal legal principles of data protection, show the enormous spread of these principles around the world (particularly recently), and give us guidance for interpretation of these principles (including what it means to be a "data controller" and requires) are below.
Best regards, Kathy
In answer to subgroup question "(ii) Which inputs are likely to be the most important [relevant] during WG deliberations and why?", I share:
1) The EU Data Protection Directive 1995 (the best known of all data protection laws; the legal obligations of all countries in the EU) 2) The Council of Europe's Treaty 108 on Data Protection (created in 1981, and signed about 47 countries within and outside the EU, this is a key founding document of comprehensive data protection laws)
3) Professor Greenleaf's two articles (part of the same book) set out his studies showing that the adoption of data protection laws is growing rapidly -- and in 2015 the number of countries with comprehensive data protection laws surpassed those without data protections laws. More than a majority of the countries of the world have now adopted comprehensive data protection laws and legal frameworks.
4) Schrems v. Data Protection Commissioner (2015)/EU-US Privacy Shield (2016) - very recent cases and agreements which clearly show that rigorous enforcement of EU data protection laws is on the rise by high courts and their decisions are forcing new agreements to be negotiated which raise the legal requirements for transferring data from the EU countries to other parts of the world. The new EU-U.S. Privacy Shield is an important example of these higher legal requirements. The Article 29 Working Party Opinion on the Privacy Shield -- only about two weeks old -- is important for its discussion of these newest of major legal data protection frameworks.
5) Opinion 2/2003 on the Application of the Data Protection Principles to the Whois directories is the Article 29 Working Party's opinion expressly guiding ICANN on how to apply data protection laws and frameworks to the Whois issues. What could be more "on point" for our full Working Group's work?
6) McIntyre v. Ohio Elections Commission, a decision in 1995 by the US Supreme Court, affirming the importance of anonymous speech in creating an avenue for important, but unpopular and minority ideas to enter into a country's robust political, cultural and artistic discussions. In this decision, the US Supreme Court found that anonymity speech is a protected under the US First Amendment and a person cannot be forced to put her/his name and address on all of statements.
Best regards, Kathy
_______________________________________________ Gnso-rds-pdp-privacy mailing list Gnso-rds-pdp-privacy@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-p dp-privacy <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_li... tinfo_gnso-2Drds-2Dpdp-2Dprivacy&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7y nrYQ7wShqEr-w&m=8ZHbYcFXWJDJhaCtGG-GSqMqvLhyg5LxKRUtwOVAsB0&s=ftw0bmWfrrB2VoCi s93gMjMywpJsm8lneJROn5OsqAk&e=>
participants (6)
-
Gomes, Chuck -
Kathy Kleiman -
Marika Konings -
Metalitz, Steven -
Stephanie Perrin -
Susan Kawaguchi