Legal Inquiry to ICANN
Chuck, As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following: 1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues. Best regards, Michael
I do not support this as a path forward. We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it. And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR. To continue dwelling on this question will ensure that we never make any progress as a working group. — Ayden -------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com> wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
- Provide the list of questions to Hamilton for a response - Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
actually I think Michael's proposal is very logical and constructive. as I tried to point out in prior posts, the question is not that GDPR is extraterritorial, it is exactly how the language around the extraterritorial nature should be interpreted. Some areas are clear, such as Michele's repeated example of what he has to do as an Irish registrar, but other areas are much less clear. As I think these types of laws and regulations often are. since we're all going to continue to interpret the language in the way that best suits our own interests, which is getting unhelpful, why not try to get further clarity by specifically written questions to a law firm that is now very up to speed on this issue? put another way: certain EU constituents on this list have made it clear that they need legal clarity on their exposure, given the risks. Why deny non-EU constituents the same rights and abilities, since GDPR clearly applies to them as well? Tim On Wed, Feb 14, 2018 at 3:07 PM, Ayden Férdeline <icann@ferdeline.com> wrote:
I do not support this as a path forward.
We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it.
And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR.
To continue dwelling on this question will ensure that we never make any progress as a working group.
— Ayden
-------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com> wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Perhaps the assumption of bad faith might not be the best starting position for moving forward either. -- John Bambenek
On Feb 14, 2018, at 17:07, Ayden Férdeline <icann@ferdeline.com> wrote:
I do not support this as a path forward.
We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it.
And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR.
To continue dwelling on this question will ensure that we never make any progress as a working group.
— Ayden
-------- Original Message --------
On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com> wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
Provide the list of questions to Hamilton for a response Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
To simply assert that the extraterritorial nature of GDPR is the end all and be all falls into the realm of the absurd. If another jurisdiction passes legislation mandating publication of identifying (personal) information in whois, what then? What happens if you are "Trumped" by U.S. legislation? Do you really want to see a trade war or worse? We are dealing with a complex and difficult situation that is the equivalent of wrestling a jello snake in a vat of oil. We are best served by seeking outcomes that accommodate GDPR as best as possible and recognize that other jurisdictions do not necessarily follow the same principles as GDPR. I say this even though I agree with many of the principles embodied in GDPR. Michael Hammer On Wed, Feb 14, 2018 at 6:07 PM, Ayden Férdeline <icann@ferdeline.com> wrote:
I do not support this as a path forward.
We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it.
And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR.
To continue dwelling on this question will ensure that we never make any progress as a working group.
— Ayden
-------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com> wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
I do not totally disagree with you there. Having read the replies to this thread, I found the clarifications from Tim and Stephanie helpful and I can see some merit to the suggestion that Michael Palage put forward. But I remain concerned that developing these questions, and seeking this legal advice, would be a very time consuming process that would see us make no progress as a Working Group anytime soon. Best wishes, Ayden -------- Original Message -------- On 15 February 2018 2:58 PM, Dotzero <dotzero@gmail.com> wrote:
To simply assert that the extraterritorial nature of GDPR is the end all and be all falls into the realm of the absurd. If another jurisdiction passes legislation mandating publication of identifying (personal) information in whois, what then? What happens if you are "Trumped" by U.S. legislation? Do you really want to see a trade war or worse? We are dealing with a complex and difficult situation that is the equivalent of wrestling a jello snake in a vat of oil. We are best served by seeking outcomes that accommodate GDPR as best as possible and recognize that other jurisdictions do not necessarily follow the same principles as GDPR. I say this even though I agree with many of the principles embodied in GDPR.
Michael Hammer
On Wed, Feb 14, 2018 at 6:07 PM, Ayden Férdeline <icann@ferdeline.com> wrote:
I do not support this as a path forward.
We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it.
And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR.
To continue dwelling on this question will ensure that we never make any progress as a working group.
— Ayden
-------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com> wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
- Provide the list of questions to Hamilton for a response - Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
I don’t think that Michael is suggesting that we stop our current work while we develop and ask questions of experts. In some cases, we may need to make some assumptions until we get answers and then make adjustments later if our assumptions prove to be incorrect. Chuck From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Ayden Férdeline Sent: Thursday, February 15, 2018 6:09 AM To: Dotzero <dotzero@gmail.com> Cc: RDS PDP WG <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Legal Inquiry to ICANN I do not totally disagree with you there. Having read the replies to this thread, I found the clarifications from Tim and Stephanie helpful and I can see some merit to the suggestion that Michael Palage put forward. But I remain concerned that developing these questions, and seeking this legal advice, would be a very time consuming process that would see us make no progress as a Working Group anytime soon. Best wishes, Ayden -------- Original Message -------- On 15 February 2018 2:58 PM, Dotzero <dotzero@gmail.com <mailto:dotzero@gmail.com> > wrote: To simply assert that the extraterritorial nature of GDPR is the end all and be all falls into the realm of the absurd. If another jurisdiction passes legislation mandating publication of identifying (personal) information in whois, what then? What happens if you are "Trumped" by U.S. legislation? Do you really want to see a trade war or worse? We are dealing with a complex and difficult situation that is the equivalent of wrestling a jello snake in a vat of oil. We are best served by seeking outcomes that accommodate GDPR as best as possible and recognize that other jurisdictions do not necessarily follow the same principles as GDPR. I say this even though I agree with many of the principles embodied in GDPR. Michael Hammer On Wed, Feb 14, 2018 at 6:07 PM, Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com> > wrote: I do not support this as a path forward. We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it. And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR. To continue dwelling on this question will ensure that we never make any progress as a working group. — Ayden -------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com <mailto:michael@palage.com> > wrote: Chuck, As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following: 1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues. Best regards, Michael _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Michael, I never said it (the answers to some legal inquiries) was the be all end all of the GDPR. However, the GDPR is like a complex mathematical equation with various unknown variables, and by answering/narrowing down some fundamental legal questions we make the overall problem more manageable. As Chuck has noted this is something that I think can be done in parallel with our other work, this is NOT intended to be a gating/delay tactic. Having being involved in the domain name industry for almost 25 years the GDPR is not the FIRST national law that has created difficulties for the industry and lets begin with some US laws and regulations. The Office of Foreign Asset Control (OFAC) has imposed restrictions on US business engaging in commercial transactions with prohibited/sanctioned governments/individuals. I have had to deal with several such incidents over the years. In fact upon information and belief both VeriSign and ICANN have waivers from OFAC to preform certain DNS activity. Here is a good article summarizing this legal issue, see https://www.internetgovernance.org/2017/01/13/icanns-jurisdiction-sanctions-... Now some of my IP colleagues on this mailing list have expressed concern about the extraterritorial aspect of the GDPR and how it will impede their enforcement rights. However, when the US government passed the ACPA and provided for in rem jurisdiction in connection with every registered .COM domain regardless if the registrant and registrar were located elsewhere they did not complain. As I have tried to repeat on multiple instances the ICANN multi-stakeholder model is now facing a very real and systemic threat to its existence. In my opinion the IANA transition was a mixed blessing. While I think it was important to remove the perceived oversight and control that a single government had over a critical global resource, ICANN now finds itself somewhat on its own trying to navigate very complex international waters. It no longer can fall back and rely upon the USG to be its protector in chief. The GDPR is just the first of many national laws that will test the resolve of the multi-stakeholder model. Again not to sound like a broken record, but national data localization laws will be the next BIG challenge to confront ICANN and the domain name industry. If the ICANN model fails there will probably be no shortage of existing or to be created inter-governmental organization looking to fill the void. If my memory serves me correct the US has previous included domain name related issues into bi-lateral trade agreements with other countries. The idea of the ICANN multi-stakeholder model was to be a place to potential resolve these issues in a more efficient manner. Sadly the more bloated ICANN has become as an organization the slower it has become. Best regards, Michael From: Dotzero [mailto:dotzero@gmail.com] Sent: Thursday, February 15, 2018 8:59 AM To: Ayden Férdeline <icann@ferdeline.com> Cc: Michael Palage <michael@palage.com>; RDS PDP WG <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Legal Inquiry to ICANN To simply assert that the extraterritorial nature of GDPR is the end all and be all falls into the realm of the absurd. If another jurisdiction passes legislation mandating publication of identifying (personal) information in whois, what then? What happens if you are "Trumped" by U.S. legislation? Do you really want to see a trade war or worse? We are dealing with a complex and difficult situation that is the equivalent of wrestling a jello snake in a vat of oil. We are best served by seeking outcomes that accommodate GDPR as best as possible and recognize that other jurisdictions do not necessarily follow the same principles as GDPR. I say this even though I agree with many of the principles embodied in GDPR. Michael Hammer On Wed, Feb 14, 2018 at 6:07 PM, Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com> > wrote: I do not support this as a path forward. We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it. And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR. To continue dwelling on this question will ensure that we never make any progress as a working group. — Ayden -------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com <mailto:michael@palage.com> > wrote: Chuck, As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following: 1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues. Best regards, Michael _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
With great respect, the US has systematically been attempting to get WHOIS data output into recent trade agreements, including for ccTLDs, for a number of years. so we are already there.... Stephanie Perrin On 2018-02-15 08:58, Dotzero wrote:
To simply assert that the extraterritorial nature of GDPR is the end all and be all falls into the realm of the absurd. If another jurisdiction passes legislation mandating publication of identifying (personal) information in whois, what then? What happens if you are "Trumped" by U.S. legislation? Do you really want to see a trade war or worse? We are dealing with a complex and difficult situation that is the equivalent of wrestling a jello snake in a vat of oil. We are best served by seeking outcomes that accommodate GDPR as best as possible and recognize that other jurisdictions do not necessarily follow the same principles as GDPR. I say this even though I agree with many of the principles embodied in GDPR.
Michael Hammer
On Wed, Feb 14, 2018 at 6:07 PM, Ayden Férdeline <icann@ferdeline.com <mailto:icann@ferdeline.com>> wrote:
I do not support this as a path forward.
We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it.
And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR.
To continue dwelling on this question will ensure that we never make any progress as a working group.
— Ayden
-------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com <mailto:michael@palage.com>> wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
On 15/2/18 9:22 am, Stephanie Perrin wrote:
With great respect, the US has systematically been attempting to get WHOIS data output into recent trade agreements, including for ccTLDs, for a number of years. so we are already there....
And the US has also inserted this into resolutions of the OECD's Committee on Consumer Protection, while everyone who thinks that the world revolves around ICANN was sleeping. -- Jeremy Malcolm Senior Global Policy Analyst Electronic Frontier Foundation https://eff.org jmalcolm@eff.org Tel: 415.436.9333 ext 161 :: Defending Your Rights in the Digital World :: Public key: https://www.eff.org/files/2016/11/27/key_jmalcolm.txt PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122
Ayden, Any questions that the small group would collect or develop would be run by the WG before submitting them. And as always, the WG would have to carefully weigh any responses we receive. In my personal opinion, it is always better to have more information as long as we carefully evaluate it on a case by case basis and compare to other sources. Chuck From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Ayden Férdeline Sent: Wednesday, February 14, 2018 3:08 PM To: Michael Palage <michael@palage.com> Cc: 'RDS PDP WG' <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Legal Inquiry to ICANN I do not support this as a path forward. We have seen repeatedly that the legal advice we have been issued has been ignored by those who are unhappy with the message contained within it. And I disagree with the assertion that there is a "clear lack of consensus" on the question of the extraterritorial nature of the GDPR. To continue dwelling on this question will ensure that we never make any progress as a working group. — Ayden -------- Original Message -------- On 15 February 2018 12:01 AM, Michael Palage <michael@palage.com <mailto:michael@palage.com> > wrote: Chuck, As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following: 1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues. Best regards, Michael
I think this is an excellent suggestion. May I add to this a suggestion that we include the DPAs who so kindly came to Copenhagen last year? They indicated a willingness to engage further, and I see no evidence that we have done so. I am sure the Council of Europe would be happy to broker this for us and am copying Sophie and Peter to see if we can engage them to help with this task. I must say I am getting very weary of this endless debate, and commend the patience of folks like Michael who have been witnessing it for a decade longer than I have. I would remind everybody that there has been no substantive change in the actual application of the EU laws to ICANN, except for the 4% fines. Now, of course, as Bob Dylan famously said, money doesn't talk, it screams...... Stephanie Perrin On 2018-02-14 18:01, Michael Palage wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
I agree with this. The last this time the group met with the DPAs, there was zero representation of the cybersecurity needs in relation to WHOIS. The opportunity was totally blown. The DPAs need to be made aware of the societal costs to the loss of WHOIS. If they were aware of that, they would be much more receptive to the legitimate cybersecurity purposes for using the data. GDPR mentions a balance of interests and there is no sign the law was created with the intent to make cybersecurity work harder and increase the risk of breaches. Considering how minuscule the value of the entire domain industry is in comparison to the losses incurred by abuse of their product, I think that is a compelling argument for the DPAs to consider. If only it was ever presented to them. If they state that some scheme is legal and serves a legitimate purpose for society as a whole, then bam, it is legal. On Wed, Feb 14, 2018 at 8:56 PM, Stephanie Perrin < stephanie.perrin@mail.utoronto.ca> wrote:
I think this is an excellent suggestion. May I add to this a suggestion that we include the DPAs who so kindly came to Copenhagen last year? They indicated a willingness to engage further, and I see no evidence that we have done so. I am sure the Council of Europe would be happy to broker this for us and am copying Sophie and Peter to see if we can engage them to help with this task.
I must say I am getting very weary of this endless debate, and commend the patience of folks like Michael who have been witnessing it for a decade longer than I have. I would remind everybody that there has been no substantive change in the actual application of the EU laws to ICANN, except for the 4% fines. Now, of course, as Bob Dylan famously said, money doesn't talk, it screams......
Stephanie Perrin
On 2018-02-14 18:01, Michael Palage wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- _________________________________ Note to self: Pillage BEFORE burning.
+1 From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of allison nixon <elsakoo@gmail.com> Date: Thursday, February 15, 2018 at 2:48 PM To: Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> Cc: RDS PDP WG <gnso-rds-pdp-wg@icann.org>, KWASNY Sophie <Sophie.KWASNY@coe.int>, KIMPIAN Peter <Peter.KIMPIAN@coe.int> Subject: Re: [gnso-rds-pdp-wg] Legal Inquiry to ICANN
I agree with this. The last this time the group met with the DPAs, there was zero representation of the cybersecurity needs in relation to WHOIS. The opportunity was totally blown. The DPAs need to be made aware of the societal costs to the loss of WHOIS. If they were aware of that, they would be much more receptive to the legitimate cybersecurity purposes for using the data. GDPR mentions a balance of interests and there is no sign the law was created with the intent to make cybersecurity work harder and increase the risk of breaches. Considering how minuscule the value of the entire domain industry is in comparison to the losses incurred by abuse of their product, I think that is a compelling argument for the DPAs to consider. If only it was ever presented to them.
If they state that some scheme is legal and serves a legitimate purpose for society as a whole, then bam, it is legal.
On Wed, Feb 14, 2018 at 8:56 PM, Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> wrote:
I think this is an excellent suggestion. May I add to this a suggestion that we include the DPAs who so kindly came to Copenhagen last year? They indicated a willingness to engage further, and I see no evidence that we have done so. I am sure the Council of Europe would be happy to broker this for us and am copying Sophie and Peter to see if we can engage them to help with this task.
I must say I am getting very weary of this endless debate, and commend the patience of folks like Michael who have been witnessing it for a decade longer than I have. I would remind everybody that there has been no substantive change in the actual application of the EU laws to ICANN, except for the 4% fines. Now, of course, as Bob Dylan famously said, money doesn't talk, it screams......
Stephanie Perrin
On 2018-02-14 18:01, Michael Palage wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp- wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
+1 From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Stephanie Perrin <stephanie.perrin@mail.utoronto.ca> Date: Thursday, February 15, 2018 at 2:56 AM To: <gnso-rds-pdp-wg@icann.org>, KWASNY Sophie <Sophie.KWASNY@coe.int>, KIMPIAN Peter <Peter.KIMPIAN@coe.int> Subject: Re: [gnso-rds-pdp-wg] Legal Inquiry to ICANN
I think this is an excellent suggestion. May I add to this a suggestion that we include the DPAs who so kindly came to Copenhagen last year? They indicated a willingness to engage further, and I see no evidence that we have done so. I am sure the Council of Europe would be happy to broker this for us and am copying Sophie and Peter to see if we can engage them to help with this task.
I must say I am getting very weary of this endless debate, and commend the patience of folks like Michael who have been witnessing it for a decade longer than I have. I would remind everybody that there has been no substantive change in the actual application of the EU laws to ICANN, except for the 4% fines. Now, of course, as Bob Dylan famously said, money doesn't talk, it screams......
Stephanie Perrin
On 2018-02-14 18:01, Michael Palage wrote:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org and ask of them the following:
1. Provide the list of questions to Hamilton for a response 2. Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
Best regards,
Michael
_______________________________________________ gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-w>> g
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Em 14 de fev de 2018, à(s) 21:01:000, Michael Palage <Michael@palage.com> escreveu:
Chuck,
As one of the original authors to the this extraterritorial thread, I welcome all the legal interpretation by both lawyers and non-lawyers in connection the scope to Article 3 of the GDPR. I think it is fair to say there is a clear lack of consensus. Therefore I would like to propose the following. Allow the group to comprise a list of legal questions regarding this issue and forward it to ICANN.org <http://icann.org/> and ask of them the following:
Provide the list of questions to Hamilton for a response Have ICANN legal provide a response to these same questions
The reason for Number 2 is that John Jeffrey made very clear in the last webinar that he does NOT agree with all of the Hamilton analysis. I think us ICANN volunteers toiling away in the PDP coal mine are entitled/deserve an answer to these questions to allow us to move forward with more productive work It does the group no good for a bunch of well-intentioned individuals lacking the requisite legal training to debate these issues.
While I support the proposal, I believe that we should do a full description of a trial scenario and ask questions on that scenario. Could be something like this: "Scenario 1: Registrar X, not based in the EU, sells a number of domains in TLD .Y from registry Z, also not based in EU. When the registrant address is on the EU, registrar doesn't send [ ... data fields ] to registry and both registrar and registry WHOIS services do not display them. All other data is sent to registry and published. Scenario 2: Registrar X, not based in the EU, sells a number of domains in TLD .Y from registry Z, also not based in EU. When the registrant address is on the EU or declares to be a citizen of an EU country, registrar doesn't send [ ... data fields ] to registry and both registrar and registry WHOIS services do not display them. All other data is sent to registry and published. Scenario 3: Registrar X, not based in the EU, sells a number of domains in TLD .Y from registry Z, also not based in EU. When the registrant address is on the EU, registrar send [ ... data fields ] to registry but requests that to not be displayed. Both registrar and registry WHOIS services do not display them. Data is always sent to registry no matter what. (...) Scenario n: Registrar X, not based in the EU, sells a number of domains in TLD .Y from registry Z, also not based in EU. When the IP address of the registration on registrar's web portal is in the EU, registrar send [ ... data fields ] to registry but requests that to not be displayed. Both registrar and registry WHOIS services do not display them. Data is always sent to registry no matter what. (...) (... other combinations)" As for asking ICANN, I believe we should ask a more fundamental question before that: "Is ICANN a data controller, co-controller or joint controller regarding RDS data fields ?". If their answer is no, their opinion is moot since they won't be able to enforce anything not being a controller. If their answer is yes, then we can and should ask a bunch of questions to them. Rubens
participants (11)
-
allison nixon -
Ayden Férdeline -
Chen, Tim -
Chuck -
Dotzero -
Jeremy Malcolm -
John Bambenek -
Michael Palage -
Paul Keating -
Rubens Kuhl -
Stephanie Perrin