I think the important point here from a privacy perspective is that the registrant information is not under the individual's control, from the moment it is given to the registrar.  They have access and correction rights/requirements, but they do not control the data.  We perhaps need a diagram that tracks that data and maps it to the life cycle of a domain (which is a different diagram). There will be points of connection where registrant data is entering new spheres (ie is shared) and some of these existing shares may not conform to data protection law.  Given the lack of case law in this area, I think it is worth pointing out here that most of the focus in ICANN privacy discussions has been on the public directory (WHOIS) and the data retention requirement.  (less on escrow).  I am unaware of a DPA focus on the RPMS and their use of data, but if anyone knows otherwise I would be grateful for the information.

cheers

Stephanie Perrin


On 2016-09-09 03:09, Chris Pelling wrote:
We also need to consider that the life-cycle of the domain is not entirely under the control of the registrant whom provided the data, which then brings in Privacy law for example.  The life-cycle meaning for this purpose would need to be very well defined.

Kind regards,

Chris

From: "Greg Shatan" <gregshatanipc@gmail.com>
To: "Gomes, Chuck" <cgomes@verisign.com>
Cc: "gnso-rds-pdp-wg" <gnso-rds-pdp-wg@icann.org>
Sent: Thursday, 8 September, 2016 20:21:03
Subject: Re: [gnso-rds-pdp-wg] RDS Statement of Purpose

I expressed a concern about this on the call (it may have been in the chat), along the following lines:  What exactly is meant by "the life-cycle of a domain name"?

Also, is this meant to be a minimum standard (i.e., RDS must, at a minimum, support the life-cycle of a domain name), to which other elements can be added?

Or is this meant to be a limiting standard (i.e., RDS must not do more than support the life-cycle of a domain name), to which other elements can be added only if they fit within the "life-cycle of a domain name"?

Or is this meant to be a "primary purpose" standard, where other elements can be added, but they would not be considered a "primary purpose" (which has a significant downstream effect, e.g., in certain privacy legislation)?

Finally, I would ask which of the use cases that we have on our list fall within "the life-cycle of a domain name" and which do not?  (I suppose this last question is intertwined with my first question above.

Depending on what other participants believe the answers to these questions should be, and what their effect may be, I may have significant concerns about this statement. 

Greg

On Thu, Sep 8, 2016 at 2:52 PM, Gomes, Chuck <cgomes@verisign.com> wrote:

In our call earlier this week there seemed to be support for one element of a RDS Statement of Purpose as suggested by Jim Galvin:  “The RDS should support the life cycle of a domain name.”  No one on the call disagreed with this; if anyone not on the call has comments on this please communicate so on this list prior to our call next week. Also, if any one who was on the call has comments that you did not share, please do so before next week’s meeting.

 

Also, it would be helpful if everyone could be thinking about answers to the following questions:

·         What are the criteria for a statement of purpose?

·         What elements, if any, from the EWG statement of purpose should be reflected in the statement of purpose?

·         What other elements need to be reflected in the statement of purpose?

We plan to discuss these questions in next week’s meeting but comments would be appreciated on the list before then.

 

Chuck

 

Here’s the EWG statement of purpose that we discussed in our meeting earlier this week:

 

To help guide the EWG in its deliberations, the group developed a high-level statement of purpose from which to test its conclusions and recommendations, as follows:

In support of ICANN’s mission to coordinate the global Internet’s system of unique identifiers, and to ensure the stable and secure operation of the Internet’s unique identifier system, information about gTLD domain names is necessary to promote trust and confidence in the Internet for all stakeholders.

Accordingly, it is desirable to design a system to support domain name registration and maintenance which:

·         Provides appropriate access to accurate, reliable, and uniform registration data

·         Protects the privacy of personal information

·         Enables a reliable mechanism for identifying, establishing and maintaining the ability to contact Registrants

·         Supports a framework to address issues involving Registrants, including but not limited to: consumer protection, investigation of cybercrime, and intellectual property protection

·        Provides an infrastructure to address appropriate law enforcement needs

 

 

 


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg



_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg