Thanks
for sharing these reflections. I
understand the desire not to complicate
this task. As someone who is new to the
ICANN community and its approach to
policy-making – and, also, someone who is
an advocate of privacy – it would seem to
me that all the costs and burdens
associated with rallying against an
open-access Registration Directory Service
have been put on some stakeholders, while
proponents of the status quo profit from
the lack of consensus or inertia on a
different path forward. I say this not to
demonise any views, but to clarify that I
do indeed share your perspective that we
don’t want to be permanently gridlocked
here.
This
is actually why my preference would be to
go down the path that was suggested on our
call yesterday – from what I recall, it
would mean three opportunities for public
comment, and a mandate to focus our
energies on understanding Users/Purposes,
Privacy, and Data Elements before we
consider whether or not gated access is
necessary or whether or not records should
be accurate. It seems a little premature
to me to consider the latter points when
we have not yet established if there is a
basis for collecting registration data in
the first place. I share your point,
though, that we should be distinguishing
between individuals and commercial
entities – which is not to presuppose that
there ultimately will be a need for
variations in treatment if the RDS is
warranted.
We
can make our work easier, however. If we
decide upon a standard by which to assess
whether or not the RDS complies with, say,
data privacy laws, we might have a more
straightforward exercise ahead. And on
that point I would like to note that just
because the Internet originated in the US
and its governance framework has been
historically dominated by US-based actors
does not mean we should by default turn to
US law for contextual protections or
principles. I would like to respectfully
suggest that European instruments such as
the European Convention on Human Rights,
standards set by the European Union Data
Protection Directive, and Convention 108
of the Council of Europe might be helpful
starting points. These are not obscure
laws or conventions which apply to no one:
the EU population is over 500 million
people, far greater than that of the US.
I
am not a lawyer and I do not come at this
topic with the same institutional
knowledge that others do have. I do not
know all the details or decisions that
have led us to this point where, it would
seem, the (political) cost to move away
from the current default is so very high.
I say this to be clear, from the onset,
that I might well be misinformed or wrong
about how we move forward in this working
group. However, it is my view that just
because the Internet is by nature
cross-border does not mean that it should
be treated as a self-governing realm
beyond the reach of national laws. WHOIS
today, to me, seems to subvert and/or
undermine domestic norms and institutions
in many territories worldwide. I don’t
want to get into the question of
sovereignty online, but it would be
helpful to at least establish whether or
not we believe ICANN should mandate
through its contracts with registrars that
they comply with local legal regulations,
or whether we instead believe that market
forces should be driving fundamental
decisions about the nature of the
Internet.
You
can probably guess my position here, but
I’d like to think we can reach some common
ground. What are we more concerned about –
the rights of the data subject and
controller, or the rights of those who
wish to monetise it? To come up with, like
we have, a list of something like 780
possible requirements for the RDS strikes
me as a recipe for disaster. It seems
inevitable that we will accidentally
impose huge costs on some stakeholder
groups – the unintended consequence of
trying to achieve some short-term policy
goal not to do with any functional
imperative of the Internet itself, but to
meet someone’s obscure interest. That’s
why I want to hammer down on what data is
being collected, why it is being used, and
what are the implications for privacy
before we proceed any further.
On
Tue, Jun 14, 2016 10:51 PM, Susan
Kawaguchi
susank@fb.com
wrote:
I
have been thinking about the RDS
discussion from this morning’s
meeting and wanted to clarify my
personal position (not as a vice
chair of the WG) I think we will
complicate our task if we initially
limit the discussion to three of
the charter questions relating to
users/purposes, privacy and data
elements. Much thought went into
drafting the charter and
brainstorming how a WG should
approach deliberations.
All
of the above are very interrelated
and I can’t imagine that we can
sufficiently discuss one or two
without the others.
One
other issue that comes to mind is
that we must keep in mind PII data
but we also have to be wary of
creating requirements that convey
data protection rights of
individuals to commercial entities.
For each of the topics above we
need to address how it would affect
an individual or a commercial
entity.
I
think we should move forward with
the original plan according to the
Charter and discuss all 5 issues in
the first pass.
|
|