[ALAC] ALAC Comment on IPC/BC Access Model

Bastiaan Goslings bastiaan.goslings at ams-ix.net
Sun Apr 8 15:19:36 UTC 2018


Hi Holly

Thanks a lot - very good to raise this issue.

I assume the draft you refer to is https://www.icann.org/en/system/files/files/gdpr-comments-ipbc-whois-access-accreditation-process-1-2-23mar18-en.pdf ?

I haven’t read it yet...

Bastiaan

--
Envoyé de mon iPhone

> On 8 Apr 2018, at 07:41, Holly Raiche <h.raiche at internode.on.net> wrote:
> 
> Folks
> 
>  As we said in the ALAC Statement on the GDPR – now being voted upon – one of the outstanding critical issues will be accreditation of those who are given access to personal information from the Whois database. 
> 
>  The IPC/BC community within the GNSO has developed a ‘Draft Accreditation and Access Model for non-public Whois Data’  which they are putting forward for discussion.  Indeed, they recently held a webinar on the model – at the usually impossible time for Australia. They have also set up a mailing list on the issue and the documents they used for the webinar are supposed to be available for those on the mailing list. (I haven’t seen them as yet)
> 
>  The first thing to note about that model is that is that it is very much the creature of the IPC/BC constituency.  The NCSG were not consulted and are developing their response to the accreditation model.  My understanding is that the Registries/Registrars also did not provide input into that model. We should also comment - either through a Google Doc or on the wiki, but - in a very short space of time - we should be developing at least some response to the IPC/BC proposal. No response to their model could otherwise be taken as tacit community consent to its proposals. 
> 
>  My two major issues with the model are as below. Please feel free to comment as well.
> 
>  My basic issue with their Access Model is that it confuses data ‘use’ with the ‘purpose’ of collection.  Under basic data protection law, personal information can only be collected for specified and legitimate purposes of the data collector  (ICANN and registrars) and not further processed in ways inconsistent  with the legitimate purpose(s).  The ALAC has suggested that feedback from the European DPAs will assist in determining the purposes consistent with ICANN and the Registries purpose in collection of that data. The purpose suggested in the Interim Model is not as broad as suggested by this Access Model and, in my view, preferable. (See Annex A, Access Model).
> 
>  The Access Model proposed suggests that, once parties are accredited, they would gain access to all the Whois Information.  In my view, any access to personal information should be in limited circumstances only -  that blanket access not be given.  In a law enforcement context, search warrants generally need some kind of judicial sanction, based on apprehension of possible criminality, before premises can be searched and/or persons apprehended. While an access request test probably would not be quite that stringent, I could not support access seekers being given blanket permission to access personal information generally; there should be a requirement for reasonable grounds to suspect unlawful or harmful action in specific circumstances (carefully defined) before access given. 
> 
> 
> Holly
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
> 
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180408/2ddd440b/attachment.html>


More information about the ALAC mailing list