|
Hi Susan, Thanks for sharing these reflections. I understand the desire not to complicate
this task. As someone who is new to the ICANN community and its approach to
policy-making – and, also, someone who is an advocate of privacy – it would
seem to me that all the costs and burdens associated with rallying against an
open-access Registration Directory Service have been put on some stakeholders, while
proponents of the status quo profit from the lack of consensus or inertia on a
different path forward. I say this not to demonise any views, but to clarify that
I do indeed share your perspective that we don’t want to be permanently
gridlocked here. This is actually
why my preference would be to go down the path that was suggested on our call
yesterday – from what I recall, it would mean three opportunities for public
comment, and a mandate to focus our energies on understanding Users/Purposes,
Privacy, and Data Elements before we consider whether or not gated access is
necessary or whether or not records should be accurate. It seems a little
premature to me to consider the latter points when we have not yet established
if there is a basis for collecting registration data in the first place. I
share your point, though, that we should be distinguishing between individuals
and commercial entities – which is not to presuppose that there ultimately will
be a need for variations in treatment if the RDS is warranted. We can make our
work easier, however. If we decide upon a standard by which to assess whether
or not the RDS complies with, say, data privacy laws, we might have a more
straightforward exercise ahead. And on that point I would like to note that
just because the Internet originated in the US and its governance framework has
been historically dominated by US-based actors does not mean we should by
default turn to US law for contextual protections or principles. I would like
to respectfully suggest that European instruments such as the European
Convention on Human Rights, standards set by the European Union Data Protection
Directive, and Convention 108 of the Council of Europe might be helpful
starting points. These are not obscure laws or conventions which apply to no one: the EU population is over 500 million people, far greater than
that of the US. I am not a
lawyer and I do not come at this topic with the same institutional knowledge
that others do have. I do not know all the details or decisions that have led
us to this point where, it would seem, the (political) cost to move away from
the current default is so very high. I say this to be clear, from the onset,
that I might well be misinformed or wrong about how we move forward in this
working group. However, it is my view that just because the Internet is by
nature cross-border does not mean that it should be treated as a self-governing
realm beyond the reach of national laws. WHOIS today, to me, seems to subvert
and/or undermine domestic norms and institutions in many territories worldwide.
I don’t want to get into the question of sovereignty online, but it would be
helpful to at least establish whether or not we believe ICANN should mandate through
its contracts with registrars that they comply with local legal regulations, or
whether we instead believe that market forces should be driving fundamental
decisions about the nature of the Internet. You can probably
guess my position here, but I’d like to think we can reach some common ground. What
are we more concerned about – the rights of the data subject and controller, or
the rights of those who wish to monetise it? To come up with, like we have, a
list of something like 780 possible requirements for the RDS strikes me as a
recipe for disaster. It seems inevitable that we will accidentally impose huge
costs on some stakeholder groups – the unintended consequence of trying to achieve some
short-term policy goal not to do with any functional
imperative of the Internet itself, but to meet someone’s obscure interest. That’s
why I want to hammer down on what data is being collected, why it is being
used, and what are the implications for privacy before we proceed any further. Just my $0.02. - Ayden
On Tue, Jun 14, 2016 10:51 PM, Susan Kawaguchi susank@fb.com
wrote:
Ayden Férdeline |