[ALAC] ALAC Statement regarding EPDP

John Laprise jlaprise at gmail.com
Wed Aug 8 12:10:11 UTC 2018 

GDPR only recognizes data subjects (their associated PII), controllers, and
processors. So should we. We should avoid confusion by singling out groups
and in most balance tests, privacy interests of data subjects is the
guiding factor.

On Wed, Aug 8, 2018, 6:40 AM Hadia Abdelsalam Mokhtar EL miniawi <
Hadia at tra.gov.eg> wrote:

> Hi Holly and all,
>
> Sorry could not reply earlier though I read the email and all the later
> comments because I was at the MEAC SIG and going through the EPDP survey.
>
> So for sure I am not asking for access for individual consumers, I edited
> Alan's original statement adding to it the customers but missing that the
> statement askes for access, my mistake. So first I don't think that in our
> statement we should specifically refer to access (Which is referenced in
> Annex A of the temporary specification) but we should rather state our
> position with regard to the whole EPDP. The EPDP addresses four parts
> 1. Purposes for processing Registration Data
> 2. Required Data Processing activities (with 10 items one of which
> addresses access)
> 3. Data Processing terms
> 4. Updates to other Consensus Policies
>
> The most important of which in my opinion is the purposes for processing
> registration data based on which the access would be granted. By no means
> do we want to send the message that data privacy is not important and that
> we are only concerned with law enforcement and cybersecurity. As  I
> mentioned before the impact of the GDPR on WHOIS will be felt by the
> individual internet customers and not only  those who identify cyber
> attackers and the law enforcement agencies.
>
> I don't think that it serves us right to be speaking solely about
> cybersecurity and law enforcement agencies or being regarded as  their
> advocates as for sure we are the advocates of the Internet end users.
>
> So I suggest the following edits with regard to item 4 of Alan's statement
> inviting others to modify/add if more clarity is required
>
> "our main concern is about protecting the rights and interests of
> individual internet users and consumers as well as third parties like
> consumer protection agencies, law enforcement, cybersecurity researchers,
> those combating fraud in domain names, and others who help protect users
> from phishing, malware, spam, fraud, DDoS attacks. Those who work to ensure
> that the Internet is a safe and secure place for users and to do so need
> timely information about certain websites, all within the constraints of
> GDPR of course."
>
>
> Best
> Hadia
>
> -----Original Message-----
> From: Holly Raiche [mailto:h.raiche at internode.on.net]
> Sent: Monday, August 06, 2018 12:47 AM
> To: Hadia Abdelsalam Mokhtar EL miniawi
> Cc: Jonathan Zuck; Carlton Samuels; Evan Leibovitch; At-Large Worldwide;
> Alan Greenberg
> Subject: Re: [ALAC] ALAC Statement regarding EPDP
>
> Sorry Hadia, but I absolutely cannot agree to your paragraph.
>
> We have made it clear from the beginning that whatever the final outcome
> reached by the EPDP, it must come within the GDPR.  As I have stated many
> times, the GDPR has to cover many industries, businesses, governmental
> practices, and therefore, is necessarily general - which gives room when
> applying those general rules to particular situations.  So there is room to
> talk about circumstances in which particular parties will have access to
> some/all of the information.
>
> We can argue for access within the recognised category of cybersafety,
> misuse of information, etc. But one thing the GDPR will not do is permit
> ordinary individuals unfettered access to personal information.  So arguing
> for individual, unfettered access puts us outside of the GDPR - and outside
> of the remit of the EPDP.
>
> Holly
>
> On 6 Aug 2018, at 12:31 am, Hadia Abdelsalam Mokhtar EL miniawi <
> Hadia at tra.gov.eg> wrote:
>
> > Hi All,
> >
> >
> > As Alan mentioned that we (the members and alternates) had agreed on the
> statement, however I was of the view of adding a few lines about the
> consumers, all Internet users are consumers in a way or another. The
> conflict between the obligations of the GDPR and WHOIS will hinder the work
> of  those who work on identifying cyber attackers and the law enforcement
> agencies but more importantly the impact of the GDPR on WHOIS will be felt
> by the individual internet customers. Therefore as the representatives of
> the interests of the   end users I see that we need to mention them in our
> statement. I also suggest removing WHOIS and just putting the need for
> access in a timely manner instead. We could end up with another system not
> necessarily WHOIS, so below is my suggestion for item number 4
> >
> >
> > "Although some Internet users consult WHOIS and will not be able to do
> so in some cases going forward, our main concern is access for individual
> consumers as well as third parties like consumer protection agencies, law
> enforcement, cybersecurity researchers, those combating fraud in domain
> names, and others who help protect users from phishing, malware, spam,
> fraud, DDoS attacks, those who work to ensure that the Internet is a safe
> and secure place for users and to do so need timely information about
> certain websites, all within the constraints of GDPR of course."
> >
> > Kind Regards
> > Hadia
> >
> > ​
> >
> >
> > ________________________________
> > From: ALAC <alac-bounces at atlarge-lists.icann.org> on behalf of Jonathan
> Zuck <JZuck at innovatorsnetwork.org>
> > Sent: 04 August 2018 18:29
> > To: Carlton Samuels; Evan Leibovitch
> > Cc: At-Large Worldwide; Alan Greenberg
> > Subject: Re: [ALAC] ALAC Statement regarding EPDP
> >
> > Wow. A “rancid falsehood.”  Agree, of course, but love the language.
> >
> > From: ALAC <alac-bounces at atlarge-lists.icann.org> On Behalf Of Carlton
> Samuels
> > Sent: Saturday, August 4, 2018 11:54 AM
> > To: Evan Leibovitch <evan at telly.org>
> > Cc: At-Large Worldwide <alac at atlarge-lists.icann.org>; Alan Greenberg <
> alan.greenberg at mcgill.ca>
> > Subject: Re: [ALAC] ALAC Statement regarding EPDP
> >
> > I have to tell you my friend this one leaves me gobsmacked every time.
> And, underscores the immorality of the false equivalence.
> >
> > Sure, let us accept that the bye-law change was orchestrated by some
> rube from SoyaBeanField, Nebraska who may be challenged by the ordinary
> meaning of 'individual internet users" to which the bye-law of title refers.
> >
> > And let us concede the term 'individual internet users' may be subject
> to interpretation.  But you cannot escape context in assessing meaning.
> >
> > If one knows anything of the domain name system and the domain name
> market, it should not be a stretch to consider and recognize that purely on
> these facts, if one chooses to take title to a domain name and become a
> registrant, the interests of a registrant will likely diverge, even pivot,
> from that of an individual internet user!
> >
> > This has troubled me as long as I have caucused with the At-Large. Yes,
> we should welcome every opinion in these councils. And yes, I will stand at
> the barricade to preserve the right for all opinions to contend and even be
> heard.
> >
> > But it is a rancid falsehood to ascribe the same value to all of them.
> >
> > -Carlton
> >
> >
> > ==============================
> > Carlton A Samuels
> > Mobile: 876-818-1799
> > Strategy, Process, Governance, Assessment & Turnaround
> > =============================
> >
> >
> > On Fri, Aug 3, 2018 at 4:28 PM Evan Leibovitch <evan at telly.org<mailto:
> evan at telly.org>> wrote:
> > Hi all.
> >
> > I agree with Holly, Carlton and Kan. I am frankly surprised that this
> debate continues to be litigated. How little has changed after a decade of
> talk. Two things:
> >
> >  1.  Alan's point that "if registrant needs differ from those of the 4
> billion Internet users  who are not registrants, those latter needs take
> precedence" ought not to be controversial, yet somehow it still is to some.
> The ICANN Bylaws assign to ALAC the role of representing the interests of
> those who are impacted by domains yet neither buy nor sell them. While
> there are those among us who own domains and even a few who sell them, such
> interests already have representation elsewhere in ICANN through multiple
> vectors. In the vast majority of instances the needs of domain owners align
> with those of the billions who would use those domains to access goods and
> services. Alan's statement, which is consistent with both the Bylaws and
> past practice, is that on the few occasions when those interests may
> collide, ALAC sides with those who have no other voice in ICANN. This is
> nothing new and has no reason to be renegotiated now.
> >  2.  It is neither inconsistent with the GRPR nor mocking its intentions
> to state accurately that privacy has been demonstrably abused within the
> world of domains to enable unethical and illegal conduct. It wholly
> appropriate for At-Large -- in speaking for those who have been scammed and
> those who wish not to be scammed in the future -- to request that the
> legitimate need for privacy be accompanied by safeguards against shielding
> those who cause harm. To me this takes two forms: (a) demand for robust and
> efficient due process to address such abuse when discovered and (b)
> accuracy of information so that the result of valid due process reveals
> useful data. It is reasonable to assert that the unintended consequence of
> privacy without such public safeguards may be worse than the problems
> privacy rules seek to fix.
> > - Evan
> > _______________________________________________
> > ALAC mailing list
> > ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: http://www.atlarge.icann.org
> > ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180808/e426e2be/attachment.html>

More information about the ALAC mailing list