[[--Translated text (es -> en)--]] Subject: Re: RV: ICANN News Alert - ICANN Seeks Public Comment on 2013 RAA Data Retention Specification Data Elements and Legitimate Purposes for Collection and Retention From: asoto@ibero-americano.org Impeccable Ada. The period I had said was to discuss the list, but until now there were only three comments. The term pblicos comments estarabierto to 23:59 UTC on April 21. Thank you and congratulations on your dedication! Alberto Soto From: Aida Noblia [mailto: aidanoblia@gmail.com] Posted on: Thursday, April 3, 2014 08:36 pm To: Alberto Soto CC: Fatima Cambronero; LACRALO Espaol Subject: Re: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN Seeks Public Comment on 2013 RAA Data Retention Data Elements Specification and Legitimate Purposes for Collection and Retention Hello everyone: Thanks Alberto for comprehensive information. Also not to bore and I have direct information, leave the link to the government site where legislacin are national and some of the Latin American and national jurisprudence <http://www.datospersonales.gub.uy/> www.datospersonales.gub.uy. Although the term is not estvencido you posted if the comment period or at least as Decas understand that the issue is very important. That and because I can not send this wiki because I can not enter because There were problems with the wiki, mailing them this vein that drafted A couple of comments, which are requested prior to focus specifically on the declaration: On the one hand these new rights to access personal data and information, ESTN will still not incorporated in the paradigms of the people, it is very asymmetrical process, many do not know it, human rights are new generation of the Digital Age, will inserting into the consciousness of the people. In different countries the real gap is so great that many people do not understand that these are your rights, claiming that ESTN other emergency department: safe streets, stop violence, hunger, right health, etc.. I understand that from the point of view of ICANN's good to know these provisions topic has already been studied for the last time in the EWG According mencionCarlton in B. Aires last year. On the other hand: the same laws have exceptions, pretty strict and limited, even in respect of periods of comunicacino preservation of data, there are other community interests priority, eg set them in the bublic data sources or lists, Database or the Central Bank on credit data, or the characteristics determined by law. What are the exception pblicos the data of your credit responsibility of persons (defaults, etc.) for a specified period, for protection of stability financial market.There are also other for certain FIELDS, but to omit the subject to focus on, we ESTN in laws. In the specific case raised from the declaration, the exencin occurs for protect interests of records, given their difficulties in meeting legal standards, according to the statement made by the interested parties. I think from the point of view of ICANN's good to know the laws, an issue that has already been studied in the EWG According mencionCarlton B. Aires last year. But it is also necessary to consider the specific reason and proposed target is a particular problem, referred to the Declaration dealing with the issue of establishing an appropriate policy of ICANN globally, that can address the needs of the services provides, without prejudice to laws, but assume no responsibility for issues that do not belong legally and without exemptions, the case, impair the reliability, stability and safety ICANN provides service to the community.Establishing the new AAR applicant's responsibilities and recorder, which, by exencin procedure referring to the Declaration under study, Free registration to release the preservation of data. Aquhay solve a particular problem is not only in this Declaration on the matter on which they are made these comments. ICANN not you can free the parties to a legal obligation because it has powers for that. Try to solve the problem for hold serve reliably and safely, mxime with the new risks posed by new gTLDs. But it is not and never was the owner of the database or which receive and control data or maintained. That was an obligation to the applicant, who will pay for manage the domain and is entitled to claim that you pay as legal. Also the applicant has in turn obligation to provide and update data.That "bottom-up" system applies regarding the as cooperation and responsibility for system operation global, because who is the owner of the data is that estprotegido by the system, usually the more interested in protecting their data, and that ms can contribute them directly in the minimum time. On the issue of liability, which is the game who are in the Records if you're seeing, it is very clear who they are the responsible and qu. Whether the new RAA (Registracin Agreements) In other cases even legal exemptions to the preservation of data personal, for example in Uruguay, with regard to the credit bureau credit that mencionantes, expressly provides that persons physically challenged and legal bodies of the system of financial intermediation that provide the information contained in the Central Credit Risk by the Central Bank of Uruguay Sern the Nicaraguan responsible for the accuracy and Upgrading of the same. The database takes the Central Bank, which is a third, but remains clearly not responsible for the content of the database because only maintains one computer system based on data that are provided. It is this responsibility who are game, which is governed by the logic of justice responding by themselves or dependent events. The Bank responds the proper functioning of the computer system holding base data online. I understand that in the case of ICANN, any exencin be made, it should be expressly stated that ICANN does not assume responsibility for any reglamacin that might arise in this regard. This I can not overemphasize importance to ICANN interspblico defense and compliance their own purposes. The problem arises reason of the complexity added by the incorporation of new gTLDs, which increases exponentially the Administration and handling a much larger amount of data, which means reception, control data quality, conservation, modification processes where appropriate, or if cancelacin. The way in which regulates Now mejorarindidablemente the quality of data and service general. The position of the records before this is trying to break free from the complexity and in the case of the obligation of preservation of data Ass have these problems and these responsibilities, but ms delegacin there, ICANN is not and never was the owner of the database are as earlier records responsible recoleccin as both the conservation. The interest of ICANN, is not the same as the registers, it is more Overall, properly manage and secure and reliable Internet and all domains.Must be address the interests and needs of PARTS AND all involved, that's what your own funciny purpose. In this case, ICANN requires desempear well the function that has good of the Internet community, not in their benefit, working for the same security network and generated the least amount possible Conflict: accurate, relevant, not excessive, and timely data ... quality and quantity of data, delete Erroneous, extemporneos data store the necessary for the time necessary to better meet your function. The records remain responsible base as always, what they can handle in maintaining recolecciny data, but with a specialized service that supports them so that they can better fulfill their function in the new era and these new domains. What is outsourced to improve is a part of their work, which is part of your business. This is not a criticism, but simply the situation is in fact what we are expressing. I understand why estbien the Declaration, agree with it and with trying those who are responsible and have its economic advantage in activity they provide, also comply with the rules properly, and that if ICANN internally exonerate the relationship, arise sb injury is not ICANN OF ANY way responsible for it, subsisting liability on those who have legally. although they but involves higher costs. I understand this must be expressly drawn up and signed by both parties. Otherwise injured party will be able to understand that ICANN exempt registrars of the responsibility is on the keychain subrogating consequences that may prepare legal bodies for the fact registrars not comply with the conservation of the data. Greetings to all The March 27, 2014, 0:58, Alberto Soto <asoto@ibero-americano.org <mailto:asoto@ibero-americano.org> > Wrote: Ada and all.Our laws (Uruguay and Argentina), inspired ESTN LSI espaola, asque may differ somewhat in form but not in substance. Argentina's Law of Personal Data Protection does not speak of retention of data communications. S, there was a law on this last topic, but was left in suspension by the numerous criticisms received. The Act Argentina is the No. 25326, which also defines personal data (Information of any kind referred to physical persons or existence ideally determined or determinable; and sensitive data (personal data revealing racial and ethnic background, policies opinions, convictions religious, Philosophical or moral, union affiliation and information concerning health or sex life). Also defines Data processing: Operations and procedures sistemticos, electrnicos or not, enabling the recoleccin, conservation, ordenacin, storage, modification, relationship, evaluation, blockade, destruction, and general processing of personal data, as as also his third cesina to Travs communications, consultations, interconnections or transfers. With regard to information security, our law says: 1. The responsible or user data file must adopt measures techniques and organizational measures necessary to ensure the safety and confidentiality of personal data, in order to avoid adulteracin, loss, or unauthorized consultation, and to detect deviations, intentional or otherwise, of information, whether the risks from human action or technician medium used. Two. It is prohibited to record personal data in files, records or banks not renan techniques Payment integrity and security. Regarding confidentiality: 1.And responsible persons involved at any stage of the processing of personal data ESTN bound to secrecy regarding the same. Such obligation subsistiraun completed after his relationship with the owner of the file data. Two. The forced podrser relieved of secrecy by resolution court and for compelling grounds relating to public safety, national defense or public health. Regarding the Cesin Data: 1. Personal data object treatment can only be assigned to fulfill the purposes directly related to the legitimate interest of the transferor and assignee and with the consent of the owner of the data, which must be informed about the purpose of identifying the CESINE transferee or the elements to do so. After this long introduction, I must agree with you on virtually everything. I understand that both a Registrar as a Registrant, have (or MUST have!) an appropriate technology infrastructure needs.This is say that they have an adequate system of information security, with separations between their servers and production management areas, including systems development if they have this area. In addition to its internal communications network, separated and denied access between different areas, elemental a service provider internet. This, in addition to comply with the local laws of protection of personal data. This would involve, for example, that the data elements described in the points 1.1.8 (Processing recurring payments); and 1.2.1. (Information on concurrent payments) ESTN sheltered in a different place elements Whois data, which access to them is only possible for this last free, and internal staff registrar or registrant to information of the aforementioned tems, which contain associated names, credit cards, addresses, etc.. It states that if the source of payment information is deleted, not a registrant tendrmanera evaluate claims dispute facturacino Returns the position of the process.In many cases in dispute with credit cards or bank charges. The legislation this estrelacionado with each country. In Argentina, the credit cards and banks have the obligation to keep such of information for many years; at this time I do not remember if there are seven or ten years. If as there are at least two places with information necessary. With regard to the issues of hacking, irregular domain sale by deception Buyer, etc.., speaks of a aooms of data retention. This term must have prescripcin relationship with the crime, because if barred two years, I should not keep them for three years. I understand that retention periods are set, because this issue has been and remains very controversial because it requires storage measures additional security, etc.. And msan being traffic data. I hope I have not bored Best Regards Alberto Soto From: Aida Noblia [mailto: aidanoblia@gmail.com <mailto:aidanoblia@gmail.com> ] Posted on: Wednesdays, March 26, 2014 4:55 pm To: Alberto Soto CC: Fatima Cambronero; LACRALO Espaol Subject: Re: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN Seeks Public Comment on 2013 RAA Data Retention Data Elements Specification and Legitimate Purposes for Collection and Retention Fatima, Alberto, Alejandro and all Ses understand that a very important issue, and also in the complex laws, I could not attend the roundtable mencionFtima is You can listen any recording? is still some time for comments? I am not clear what is the closing date for comments. National legislation on protection of personal data are rather strict, and also the right of access to information pblica because ahestara the limit necessary to know what can and must publish and what not, with quextensin, for how long, quines they can do it, you can publish lbremente qudatos cules and require free, express, written consent of the owner ... In Uruguay the Law 18331 and its implementing regulations refer to the protection of personal data (qualified in two types (sensitive or not) As a human right protected by the constitution of the Republic. It provides the owner of the personal data ARCO rights acronym that level legislation includes right to access the database, Corrigendum of Erroneous or modified in reality data correction of Erroneous or inaccurate data and Oposicina done what the law calls "Treatment" of the data that is generally any use of such data personal, without the express written consent of its owner. There is a Regulatory Unit Registration and Control of such data by the Agency electronic government, in the Register of the Specifications contain mandatory for all personal data that has a base, and is of public or private persons, controls, and procedures performed auditing and punishing violators with fines and even closure of the database. There is a base charge and take charge of the practice by account of others or their own. The law regulates their responsibilities. The Database Owner, or physical person jurdica is responding by use or processing of personal data to the owner of that data. An when they can use or deal in certain circumstances, consent of the owner or in cases of data that supports your treatment without l, personal data can not be used for other purposes for which the owner permitted use. The base is responsible for its own use or who decides: The data personal is collected for a purpose and should be eliminated one Once cumplila purpose for which it was collected, can be transmit only in certain conditions .. etc.. It is the responsibility of the base, which can be physical or legal person to whom the owner of the Data may be enforced or penalties that may apply. With variations, this is repeated in the legislation. In case of transfer international data international law applies, and therefore there will to analyze what is the applicable law and jurisdiction competition. In the case of ICANN, the owner of the database is not ICANN, for therefore is not legally responsible for processing that may occur to the personal data. According saw, in the system of the new agreement, the service is outsourced, To improve it in terms of the quality of the data and also about its treatment, but that does not mean the change of ownership. So ICANN agrees the "excencin" of data retention in some analyzing specific cases and by a special procedure, but harming the intended service users improve this new medium. This is done at the request of the records to be released from their liability because by not having to keep the data in accordance with According to ICANN no longer have to answer to the law for their conservation, damage, misuse, etc.. It emphasizes the need for the good faith by the owner or holder of the database (check in) which contains the data, though this good faith is a matter of difficult certain proof. Also, to not keep such data prevents any possibility fulfill the functions of ICANN in such cases, with respect to the prevention of damages that may result from misuse of domain names and similar. The issue in each case is to analyze these requests, if you really retention of such data is necessary for the service prestacin to Travs registry is provided or if it constitutes a violation of the law. The blog that cases can be referred to and do not appear so rare. And the position of registrars is clearly find that facilitate their task. but in this case may be against the effectiveness and completeness of the service provided by ICANN. From what has already been given and can see on the web, it seems that security prevails. But the ms allde presentation requirements of having the case (with reports of attorney, etc. ) Should be studied very well in that case is given rather than presumed good faith as a way to resolve these cases. Otherwise give an endorsement by the owners of the Records released from liability, affect the risk of compliance other obligations, affect all other obligations of the Register and its owner as dueoo who treats data. As decan seems a matter of interest. Regards 3/22/2014 20:59 GMT-03: 00 Alberto Soto <asoto@ibero-americano.org <mailto:asoto@ibero-americano.org> >: Fatima, only Sern 04:00 am in Buenos Aires but I promise participate. Thank you! Alberto Soto From: Fatima Cambronero [mailto: fatimacambronero@gmail.com <mailto:fatimacambronero@gmail.com> ] Posted on: by saturday, March 22, 2014 8:54 pm To: Alberto Soto CC: Dr. Alejandro Pisanty Baruch; LACRALO Espaol Subject: Re: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN Seeks Public Comment on 2013 RAA Data Retention Data Elements Specification and Legitimate Purposes for Collection and Retention Alejandro, Alberto, I share the view of that we are facing an interesting topic deberamos to analyze and speak out from our region. The da Monday 24 at 15 pm. Local Singapore estprevista a Table Round about Directory Services Registration: present and future. If While this issue is not specifically on the agenda estincluido of the meeting is closely related perhaps a topic that appears in the discussions. It will be good to participate in this Roundtable to hear and discuss the comments you may have about it. I understand that the hours of our countries is in a strip a little complicated. I'll be attending this meeting. If there sb who want to comment or view to get, I offer to transmit. This is the link to the agenda of the Roundtable: https://community.icann.org/display/atlarge/At-Large+Roundtable+on+Registrat < https://community.icann.org/display/atlarge/At-Large+Roundtable+on+Registra tion + Directory + Services% 3A + Now + and + the + Future + - +2014.03.24 + - + Singapore> ion + Directory + Services% 3A + Now + and + the + Future + - +2014.03.24 + - + Singapore That link to the Adobe Connect: https://icann.adobeconnect.com/sin49-vip/ (This is the same for all meetings of At-Large of the week). Best Regards, Fatima Cambronero 3/21/2014 23:40 GMT-03: 00 Alberto Soto <asoto@ibero-americano.org <mailto:asoto@ibero-americano.org> <mailto:asoto@ibero-americano.org <mailto:asoto@ibero-americano.org> >>: I think the interest should be sufficient. It is just one of the topics make the existence of end-user oriented entities Internet ie U.S.. Surely there are different laws for each country, at least in some substantial tems. Although there are countries that do not have an legislation. There are 30 days for comments, there is little time for the importance of the subject. Suggest that very quickly the respective ALS each country of our Regin, read the history of this item, then inform the legislacin force in their respective country, with reviews.Also I suggest that for this first phase, the closing date is the Friday Prximo 28/03/2014. Also suggest that those who are participating in Singapore, are exempt from participate, have very important things to do for us. Best Regards Alberto Soto ----- Original Message ----- From: lac-discuss-es-bounces@atlarge-lists.icann.org <mailto:lac-discuss-es-bounces@atlarge-lists.icann.org> <mailto:lac-discuss-es-bounces@atlarge-lists.icann.org <mailto:lac-discuss-es-bounces@atlarge-lists.icann.org> > [Mailto: lac-discuss-es-bounces@atlarge-lists.icann.org <mailto:lac-discuss-es-bounces@atlarge-lists.icann.org> <mailto:lac-discuss-es-bounces@atlarge-lists.icann.org <mailto:lac-discuss-es-bounces@atlarge-lists.icann.org> >] On behalf of Dr. Alejandro Pisanty Baruch Posted on: Friday, March 21, 2014 11:25 pm To: lac-discuss-es@atlarge-lists.icann.org <mailto:lac-discuss-es@atlarge-lists.icann.org> <mailto:lac-discuss-es@atlarge-lists.icann.org <mailto:lac-discuss-es@atlarge-lists.icann.org> > Subject: [lac-discuss-en] Re: [ALAC-Announce] ICANN News Alert - ICANN Seeks Public Comment on Data Retention RAA 2013 Specification and Data Elements Legitimate Purposes for Collection and Retention Colleagues, called Annex may have significant legal implications in our region. Let us summon experts in protection of personal data and other issues related to data retention (Computational forensics, law telecommunications, Civil Marco in the case of Brazil) to form a opininslida, if there is enough interest. Alejandro Pisanty --------------------------- Dr. Alejandro Pisanty UNAM Faculty of Chemistry 3000 University Avenue, 04510 Mexico DF Mexico +52-1-5541444475 <tel:%2B52-1-5541444475> FROM ABROAD +525541444475 <tel:%2B525541444475> SMS +525541444475 FROM MEXICO <tel:%2B525541444475> Blog: http://pisanty.blogspot.com LinkedIn: http://www.linkedin.com/in/pisanty Join the LinkedIn group UNAM, http://www.linkedin.com/e/gis/22285/4A106C0C8614 Twitter: http://twitter.com/apisanty ---- >> Join ISOC Mexico, http://www.isoc.org . . . . . . . . . . . . . . . . ________________________________________ From: alac-announce-bounces@atlarge-lists.icann.org <mailto:alac-announce-bounces@atlarge-lists.icann.org> <mailto:alac-announce-bounces@atlarge-lists.icann.org <mailto:alac-announce-bounces@atlarge-lists.icann.org> > [Alac-announce-bounces@atlarge-lists.icann.org <mailto:alac-announce-bounces@atlarge-lists.icann.org> <mailto:alac-announce-bounces@atlarge-lists.icann.org <mailto:alac-announce-bounces@atlarge-lists.icann.org> >] On behalf of ICANN At-Large Staff [staff@atlarge.icann.org <mailto:staff@atlarge.icann.org> <mailto:staff@atlarge.icann.org <mailto:staff@atlarge.icann.org> >] Sent on: Friday, March 21, 2014 20:00 To: ALAC-Announce@atlarge-lists.icann.org <mailto:ALAC-Announce@atlarge-lists.icann.org> <mailto:ALAC-Announce@atlarge-lists.icann.org <mailto:ALAC-Announce@atlarge-lists.icann.org> > Subject: [ALAC-Announce] ICANN News Alert - ICANN Seeks Public Comment on RAA 2013 Specification Data Retention Data Elements and Legitimate Purposes for Collection and Retention [Http://www.icann.org/images/gradlogo_bow.jpg] <http://www.icann.org/> News Alert http://www.icann.org/en/news/announcements/announcement-3-21mar14-en.htm ________________________________ ICANN Seeks Public Comment on 2013 RAA Data Retention Data Specification Elements and Legitimate Purposes for Collection and Retention 21 March 2014 ICANN has-been in discussions with a number of Registrars Regarding data retention requests waiver ("Waiver Requests") submitted under the 2013 Registrar Accreditation Agreement (the "2013 RAA").Some Registrars are seeking an exemption from Un certain collection and / or retention requirements under the Data Retention Specification (the "Specification") of the 2013 RAA. Section 2 of the Data Retention Specification sets forth requirements Regarding the written materials to register must submit in support of its good faith determination That the collection and / or retention of any data element specified in the Specification Violates applicable law, and Provides That Following notice to ICANN of the Waiver Request, ICANN and the Register applicable Shall discuss the matter in good faith in an effort to reach a mutually acceptable resolution of the matter. An update on the 2013 RAA data retention and the waiver process can be found here: http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver-p <http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver- <http://blog.icann.org/2014/02/update-on-2013-raa-and-data-retention-waiver- process /> process /> rocess / ICANN staff Understands That data Should be Treated in Accordance with applicable data protection laws, que Generally permit gathering and personnel retention of data for legitimate purpose (s). ICANN Also Understands That the law may vary from country to country as to (i) what is Considered to legitimate purpose, (ii) Whether the personnel data is adequate, relevant and not excessive in relation to the legitimate purpose for Which They are collected and (iii) how long for Un Certain data elements May be Retained. In other words, what is Considered a legitimate purpose for collection of Un certain data in one country May not be Considered a legitimate purpose in another country. During ICANN's discussions in an effort to reach a mutually acceptable resolution of the matter, some have Requested That ICANN Registrars (a) AMclarify and better define Un certain data elements in the Data Described Retention Specification Maintain That the Registrars are not Clearly defined; and (b) describes Potentially legitimate ministering purposes for collection and retention of each data element That would help Provide guidance for Both Whether Registrars Such elements as to Lawfully May be collected, and, if so, for how long Such elements Lawfully Might be Retained. In response to requests from some These Registrars, ICANN is posting for seeking public comment a document to what is meant by AMclarify Un certain data elements Described in the Specification and Describing Data Retention Potentially legitimate ministering purposes for collection and retention of Those data elements. That document can be found here <http://www.icann.org/en/resources/registrars/raa/draft-data-retention-s <http://www.icann.org/en/resources/registrars/raa/draft-data-retention-spec- <http://www.icann.org/en/resources/registrars/raa/draft-data-retention-spec- elements-21mar14-en.pdf> elements-21mar14-en.pdf> Breast-elements-21mar14-en.pdf> [PDF, 116 KB]. The document will be posted for a period of thirty (30) days to seek feedback and input from the community on (i) Whether the data elements are Appropriately described, (ii) Whether ministering purposes cited for the collection and retention are Appropriate and legitimate, and (iii) Whether there are other legitimate Potentially ministering purposes for collection and retention of data Such elements. After the thirty (30) day period has expired Following this posting, ICANN will Consider all feedback and input received in Connection with Ongoing ICANNs discussions to reach a mutually acceptable resolution of Waiver Requests. In the interim, ICANN will continue its Ongoing discussions to reach a mutually acceptable resolution of Waiver Requests with Single Registrars With the additional goal of Granting Waiver Requests as and when to Appropriate. A public comment period will REMAIN open until 11:59 p.m. PDT / California, 21 April 2014. Public comments will be available for consideration by ICANN ICANN staff and the Board. * Comments can be posted to: comments-retention-21mar14@icann.org <mailto:comments-retention-21mar14@icann.org> <mailto:comments-retention-21mar14@icann.org <mailto:comments-retention-21mar14@icann.org> > <mailto:comments-retention-21mar14@icann <mailto:comments-retention-21mar14@icann> <mailto:comments-retention-21mar14@icann <mailto:comments-retention-21mar14@icann> > . Org> * Comments can be viewed at: http://forum.icann.org/lists/comments-retention-21mar14/ _______________________________________________ [[--Original text (es) http://mm.icann.org/transbot_archive/437a65c4cd.html --]]