My comments regarding the draft questions are as follows. There are good questions, but need some work to crystallize what they are asking about. TG-4 is recursive. The regulations state that data may be collected for specified, explicit and legitimate purposes. If the purposes are specified, explicit and legitimate, then there is no violation of Article 6(1)(b). I think what Theo is trying to ask is: under what circumstances may the publication of personal registration data be allowable? TB-4 , TG-4 , and TG-2 all seem to be asking the same underlying thing and could be consolidated. VS-1: the question is obscured – can it be clarified? Here’s what I think is being asked: An EU directive requires service providers such as registrars to post contact data for their businesses. If registrars have to do that, does that mean that businesses in the EU could be required to have their contact data displayed in a registration data service? NC-3: Needs to be re-written, because private cybersecurity firms do not have the ability to obtain court orders in order to obtain evidence. Only law enforcement bodies and prosecutors can obtain court orders in criminal cases. Also, what about civil cases? They require information as well. Please note that court orders and subpoenas generally come after a court case is underway. They are not options beforehand, which is when much investigation takes place. SP-4: This question seems irrelevant or tangential. The 2014 issue was about registrars retaining data for two years after a domain was deleted. In contrast, our WG is talking about displaying data about currently registered domain names. And as far as the 2014 letter to ICANN, its reasoning speaks for itself and I don't see why we would ask them to explain what it says. NC-8: I can't follow this one; seems down in the weeds. TG-5: this one also seems recursive. If the contractual provisions are in keeping with the allowed cases, then there is no problem. What is this question really seeking? The parked questions are very hard to understand. All best, --Greg ********************************** Greg Aaron Vice-President, Product Management iThreat Cyber Group / Cybertoolbelt.com mobile: +1.215.858.2257 ********************************** The information contained in this message is privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Lisa Phifer Sent: Tuesday, February 28, 2017 1:46 PM To: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Notes, action items and WG agreements from today's meeting Dear all, Calling your attention to Action item #1: WG members requested to provide input on proposed questions to this mailing list by Friday 3 March at the latest. Attached please find the set of proposed questions introduced during today's WG call. This draft was developed by a small group of WG volunteers as explained in the document itself, in preparation for both the RDS PDP WG's Wednesday F2F session at ICANN58 and the Monday cross-community session with data protection experts. To make the best use of limited session time, we need to further narrow this draft list down. Feedback on prioritization is especially welcome to help the WG focus on those questions most likely to yield answers that will aid the WG in moving forward. Best, Lisa At 11:20 AM 2/28/2017, Marika Konings wrote: Dear All, Please find below the notes, action items and WG agreements from today’s meeting. Note that the upcoming WG meetings are scheduled as follows: * RDS PDP WG Call -- Tuesday 7 March 2017 at 17.00 UTC * RDS PDP WG F2F -- Saturday 11 March 2017 1:45-4:45 pm - See http://sched.co/9npN for further details. * RDS PDP WG Wrap-Up -- Wednesday 15 March 2017 1:45-3:00 pm. See http://sched.co/9npc for further details. Best regards, Marika Notes RDS PDP WG meeting 28 February 2017 These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at https://community.icann.org/x/HIzRAw 1. Roll call / SOI · Roll call will be taken from Adobe Connect · Please state name for transcription purposes and remember to mute your microphone when not speaking · Call will be chaired by Michele Neylon today 2. Review draft questions to discuss with Data Commissioners in Copenhagen a. Note WG plans to meet with DCs and Interpol's Caroline Goemans on Wednesday in Copenhagen · To take advantage of their presence in Copenhagen as well as the relevance to the current WG discussion b. Susan to introduce draft list developed by small group: Questions for Data Commissioners v5.pdf · See draft questions shared - more questions suggested than can possibly be asked. Leadership team went through the proposed questions and has re-organised / categorized the questions. A number of questions have been parked for now as may not be a priority or not directly relevant to WG deliberations. · Need to further narrow list down. Priority should be given to those questions that will aid the WG in moving forward. · Need to make sure that the questions are laid out in clear simple terms as not all may be familiar with WHOIS or some of the technical terms. · Some of these questions may be addressed in cross-community sessions, but as it is an open session, there may be many others asking questions. Make sure that in the Wednesday session any questions are covered that are of particular importance to WG's work. · Wednesday RDS PDP WG session will include guests to help answer these questions: - Joe Cannataci, UN Special Rapporteur on the right to privacy- Caroline Goemans, Interpol Data Protection Officer- TBD, from the European Data Protection Supervisor- Peter Kimpian, Data Protection Unit of the Council of Europe. Action item #1: WG members requested to provide input on proposed questions by Friday 3 March at the latest. Leadership team to review input and finalise questions for submission to data protection commissioners in advance of Wednesday's WG meeting. c. Action for WG members to provide feedback on-list by end of the week 3. Continue deliberation on the Purpose charter question: Question 2.3: What should the over-arching purpose be of collecting, maintaining, and providing access to gTLD registration (thin) data? a. Review & discuss 22 February poll results: SummaryResults-Poll-on-Purpose-from-22FebCall.pdf Q2 - should consistency with ICANN's mission be a goal for each RDS Purpose · In relation to question on not being able to find mission, please see briefing materials from previous session ( https://community.icann.org/download/attachments/64071050/28FebMeeting-Hando... ) · Nearly 85% agreed that "Consistency with ICANN's mission" should be a goal for each RDS purpose · Is it within domain to decide for which secondary purposes data is used? First need to decide what is going to be within RDS. Whether law enforcement is a purpose for collection or access is within the scope of this WG to recommend. Nothing is being foreclosed for now but will need to be further discussed. Q3 - should consistency with other consensus policies that pertain to gTLDs be a goal for each RDS purpose? · Just over 70% agreed that "Consistency with other consensus policies that pertain to gTLDs" should be a goal for each RDS purpose. · End result should definitely be consistency, but this shouldn't unnecessarily constrain the WG. · Leadership team observations: This WG's policy recommendations may require updates to aspects of other policies that relate directly to WHOIS/RDDS. If this WG's recommendations introduce inconsistencies with other policies, the IRT would be given direction to identify any updates that need to be made to other policies for consistency (e.g., new terminology), superseding other requirements that relate directly to RDDS. Consider possible goal rephrasing to acknowledge this? Q4 - Should "to provide a framework that enables compliance with applicable laws" be a goal for each RDS purpose? · Over 85% agreed that "Providing a framework that enables compliance with applicable laws" should be a goal for each RDS purpose. · Those who disagreed noted that: Not all purposes are related to applicable laws and General laws applicable to a subject matter might not apply in certain cases. · May wish to suggest adding this as a footnote to the statement of purpose? b. Action item to capture confirmed agreements in Section 2.3.2 of working draft · All rough agreements are being added to our working document to help us track points that have been covered. See https://community.icann.org/download/attachments/56986791/KeyConceptsDeliber... c. Resume deliberation on this WG's draft statement of purpose -- see 28FebMeeting-Handout.pdf · Review draft in light of discussions to date, in particular in relation to the data protection concepts / requirements discussed. Does the draft statement align with those concepts / requirements or should updates be considered? · #3 - "facilitate" does not necessarily equate to open access · Concept of accurate data is not a problem from the perspective of data protection legislation. Actually a high level requirement. · If there is a poll on this statement of purpose, would you be in support or if not, what objections would you be raising? · Nothing necessarily causing concern but there may be elements missing? WG may need a little bit more time to review. · Might be issues with how specific these purposes are from a EU data protection perspective? Combination of purposes for RDS and the collection of data may have complicated matters? May need a closer review from a data protection perspective. Possibly ask data protection commissioner's for guidance on how specific purposes must be? Unlikely that they will give specific input on the statement, but more likely to describe purpose in a more general way. Action item #2: Staff to develop and circulate poll on statement of purpose 4. Confirm action items and proposed decision points Action item #1: WG members requested to provide input on proposed questions by Friday 3 March at the latest. Leadership team to review input and finalise questions for submission to data protection commissioners in advance of Wednesday's WG meeting. Action item #2: Staff to develop and circulate poll on statement of purpose WG Agreement #1: "Consistency with ICANN's mission" should be a goal for each RDS purpose WG Agreement #2: "Consistency with other consensus policies that pertain to gTLDs" should be a goal for each RDS purpose. WG Agreement #3: "Providing a framework that enables compliance with applicable laws" should be a goal for each RDS purpose. 5. Confirm next meeting dates: · RDS PDP WG Call -- Tuesday 7 March 2017 at 17.00 UTC · Saturday session will be continuation of deliberation, Wednesday session will be devoted to data protection Q&A · RDS PDP WG F2F -- Saturday 11 March 2017 1:45-4:45 pm - aim to detail agenda with timings so that those that are in other sessions are able to join for the items of main importance. See http://sched.co/9npN for further details. · RDS PDP WG Wrap-Up -- Wednesday 15 March 2017 1:45-3:00 pm. See http://sched.co/9npc for further details. Marika Konings Vice President, Policy Development Support – GNSO,, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-e...>. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

This week’s poll is particularly important but as of now only eight (8) members completed it. I hope that many more will complete it today and tomorrow. It is helpful if the poll is completed by both those who were on the call on Tuesday and those who were not. Chuck From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Lisa Phifer Sent: Tuesday, February 28, 2017 1:46 PM To: gnso-rds-pdp-wg@icann.org Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Notes, action items and WG agreements from today's meeting Dear all, Calling your attention to Action item #1: WG members requested to provide input on proposed questions to this mailing list by Friday 3 March at the latest. Attached please find the set of proposed questions introduced during today's WG call. This draft was developed by a small group of WG volunteers as explained in the document itself, in preparation for both the RDS PDP WG's Wednesday F2F session at ICANN58 and the Monday cross-community session with data protection experts. To make the best use of limited session time, we need to further narrow this draft list down. Feedback on prioritization is especially welcome to help the WG focus on those questions most likely to yield answers that will aid the WG in moving forward. Best, Lisa At 11:20 AM 2/28/2017, Marika Konings wrote: Dear All, Please find below the notes, action items and WG agreements from today’s meeting. Note that the upcoming WG meetings are scheduled as follows: * RDS PDP WG Call -- Tuesday 7 March 2017 at 17.00 UTC * RDS PDP WG F2F -- Saturday 11 March 2017 1:45-4:45 pm - See http://sched.co/9npN for further details. * RDS PDP WG Wrap-Up -- Wednesday 15 March 2017 1:45-3:00 pm. See http://sched.co/9npc for further details. Best regards, Marika Notes RDS PDP WG meeting 28 February 2017 These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at https://community.icann.org/x/HIzRAw 1. Roll call / SOI · Roll call will be taken from Adobe Connect · Please state name for transcription purposes and remember to mute your microphone when not speaking · Call will be chaired by Michele Neylon today 2. Review draft questions to discuss with Data Commissioners in Copenhagen a. Note WG plans to meet with DCs and Interpol's Caroline Goemans on Wednesday in Copenhagen · To take advantage of their presence in Copenhagen as well as the relevance to the current WG discussion b. Susan to introduce draft list developed by small group: Questions for Data Commissioners v5.pdf · See draft questions shared - more questions suggested than can possibly be asked. Leadership team went through the proposed questions and has re-organised / categorized the questions. A number of questions have been parked for now as may not be a priority or not directly relevant to WG deliberations. · Need to further narrow list down. Priority should be given to those questions that will aid the WG in moving forward. · Need to make sure that the questions are laid out in clear simple terms as not all may be familiar with WHOIS or some of the technical terms. · Some of these questions may be addressed in cross-community sessions, but as it is an open session, there may be many others asking questions. Make sure that in the Wednesday session any questions are covered that are of particular importance to WG's work. · Wednesday RDS PDP WG session will include guests to help answer these questions: - Joe Cannataci, UN Special Rapporteur on the right to privacy- Caroline Goemans, Interpol Data Protection Officer- TBD, from the European Data Protection Supervisor- Peter Kimpian, Data Protection Unit of the Council of Europe. Action item #1: WG members requested to provide input on proposed questions by Friday 3 March at the latest. Leadership team to review input and finalise questions for submission to data protection commissioners in advance of Wednesday's WG meeting. c. Action for WG members to provide feedback on-list by end of the week 3. Continue deliberation on the Purpose charter question: Question 2.3: What should the over-arching purpose be of collecting, maintaining, and providing access to gTLD registration (thin) data? a. Review & discuss 22 February poll results: SummaryResults-Poll-on-Purpose-from-22FebCall.pdf Q2 - should consistency with ICANN's mission be a goal for each RDS Purpose · In relation to question on not being able to find mission, please see briefing materials from previous session ( https://community.icann.org/download/attachments/64071050/28FebMeeting-Hando... ) · Nearly 85% agreed that "Consistency with ICANN's mission" should be a goal for each RDS purpose · Is it within domain to decide for which secondary purposes data is used? First need to decide what is going to be within RDS. Whether law enforcement is a purpose for collection or access is within the scope of this WG to recommend. Nothing is being foreclosed for now but will need to be further discussed. Q3 - should consistency with other consensus policies that pertain to gTLDs be a goal for each RDS purpose? · Just over 70% agreed that "Consistency with other consensus policies that pertain to gTLDs" should be a goal for each RDS purpose. · End result should definitely be consistency, but this shouldn't unnecessarily constrain the WG. · Leadership team observations: This WG's policy recommendations may require updates to aspects of other policies that relate directly to WHOIS/RDDS. If this WG's recommendations introduce inconsistencies with other policies, the IRT would be given direction to identify any updates that need to be made to other policies for consistency (e.g., new terminology), superseding other requirements that relate directly to RDDS. Consider possible goal rephrasing to acknowledge this? Q4 - Should "to provide a framework that enables compliance with applicable laws" be a goal for each RDS purpose? · Over 85% agreed that "Providing a framework that enables compliance with applicable laws" should be a goal for each RDS purpose. · Those who disagreed noted that: Not all purposes are related to applicable laws and General laws applicable to a subject matter might not apply in certain cases. · May wish to suggest adding this as a footnote to the statement of purpose? b. Action item to capture confirmed agreements in Section 2.3.2 of working draft · All rough agreements are being added to our working document to help us track points that have been covered. See https://community.icann.org/download/attachments/56986791/KeyConceptsDeliber... c. Resume deliberation on this WG's draft statement of purpose -- see 28FebMeeting-Handout.pdf · Review draft in light of discussions to date, in particular in relation to the data protection concepts / requirements discussed. Does the draft statement align with those concepts / requirements or should updates be considered? · #3 - "facilitate" does not necessarily equate to open access · Concept of accurate data is not a problem from the perspective of data protection legislation. Actually a high level requirement. · If there is a poll on this statement of purpose, would you be in support or if not, what objections would you be raising? · Nothing necessarily causing concern but there may be elements missing? WG may need a little bit more time to review. · Might be issues with how specific these purposes are from a EU data protection perspective? Combination of purposes for RDS and the collection of data may have complicated matters? May need a closer review from a data protection perspective. Possibly ask data protection commissioner's for guidance on how specific purposes must be? Unlikely that they will give specific input on the statement, but more likely to describe purpose in a more general way. Action item #2: Staff to develop and circulate poll on statement of purpose 4. Confirm action items and proposed decision points Action item #1: WG members requested to provide input on proposed questions by Friday 3 March at the latest. Leadership team to review input and finalise questions for submission to data protection commissioners in advance of Wednesday's WG meeting. Action item #2: Staff to develop and circulate poll on statement of purpose WG Agreement #1: "Consistency with ICANN's mission" should be a goal for each RDS purpose WG Agreement #2: "Consistency with other consensus policies that pertain to gTLDs" should be a goal for each RDS purpose. WG Agreement #3: "Providing a framework that enables compliance with applicable laws" should be a goal for each RDS purpose. 5. Confirm next meeting dates: · RDS PDP WG Call -- Tuesday 7 March 2017 at 17.00 UTC · Saturday session will be continuation of deliberation, Wednesday session will be devoted to data protection Q&A · RDS PDP WG F2F -- Saturday 11 March 2017 1:45-4:45 pm - aim to detail agenda with timings so that those that are in other sessions are able to join for the items of main importance. See http://sched.co/9npN for further details. · RDS PDP WG Wrap-Up -- Wednesday 15 March 2017 1:45-3:00 pm. See http://sched.co/9npc for further details. Marika Konings Vice President, Policy Development Support – GNSO,, Internet Corporation for Assigned Names and Numbers (ICANN) Email: marika.konings@icann.org<mailto:marika.konings@icann.org> Follow the GNSO via Twitter @ICANN_GNSO Find out more about the GNSO by taking our interactive courses<http://learn.icann.org/courses/gnso> and visiting the GNSO Newcomer pages<http://gnso.icann.org/sites/gnso.icann.org/files/gnso/presentations/policy-e...>. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg