[ALAC] Draft Principles for GDPR

h.raiche at internode.on.net h.raiche at internode.on.net
Tue Jul 10 21:21:51 UTC 2018


Folks
Since we all think principles are a good idea, I have set down the
basics from the Temporary Spec - very simplistic, but it's a start. 
What we need now is discussion on the principles.
Evin - I'm not sure if you have a new wiki page for discussion on the
temporary spec, but if not, would you create on.
And Olivier - the Temporary Spec necessarily will deal with access -
at the least, guiding principles, so whoever is on the EPDP will have
some guidance on our red lines on access.
So please everyone - comments
Thanks
Holly

	TEMPORARY SPECIFICATION FOR GTLD REGISTRATION DATA  

	  

	  

	PRINCIPLES FOR REQUIREMENTS TO REPLACE THE RAA/REGISTRY REQUIREMENTS 

	_(within the context of compliance with the GDPR)_ 

	_ _ 

	PURPOSE OF COLLECTION OF DATA 

	Quoting from the Temporary Spec – which is quoting from the ICANN
Bylaws: 

	_purpose is to coordinate the bottom-up, multistakeholder development
and implementation of policies “[f]or which uniform or coordinated
resolution is reasonably necessary to facilitate the openness,
interoperability, resilience, security and/or stability of the DNS
including, with respect to gTLD registrars and registries” _ 

	_Purpose includes_ 

	·       􏰂  resolution of disputes regarding the
registration of domain names (as opposed to the use of such domain
names, but including where such policies take into account use of the
domain names);  

	·       􏰂  maintenance of and access to accurate and
up-to-date information concerning registered names and name servers;  

	·       􏰂  procedures to avoid disruptions of domain name
registrations due to suspension or termination of operations by a
registry operator or a registrar (e.g, escrow); and  

	·       􏰂  the transfer of registration data upon a change
in registrar sponsoring one or more registered names.  

	  

	the Bylaws specifically obligate ICANN, in carrying out its mandate,
to “adequately address issues of competition, consumer protection,
security, stability and resiliency, malicious abuse issues,
sovereignty concerns, and rights protection”  

	_ _ 

	GEOGRAPHIC COVERAGE OF EPDP OUTCOME: 

	·      Apply globally OR 

	·      Apply only to European Economic Area (the coverage of
the GD
 R) and otherwise lesser requirements (existing RAA requirements?) 

	  

	DATA COLLECTED 

	·      ‘Thick Whois” – based on the differing uses of the
data is listed in the purpose above – OR 

	·      Some lesser amount of information 

	  

	CONSENT 

	·      Registrants must be told, at the time of collection,
what personal information is collected, why the collection is 
necessary to achieve the purposes, who will have access and in what
circumstances  access will be given to what information, and all
circumstances in which the data will be transferred (to Registry,
Escrow) and where held.They must also be told their consent can be
withdrawn at any time (and consequences of withdrawal) and how to
withdraw consent 

	  

	ACCESS TO DATA – TIERED ACCESS (LARGELY WHAT IS IN THE TECHNICAL
SPECIFICATION) 

	·      Applies to all Registrants – natural or corporate
persons 

	·      Information generally publicly available 

	o   Registrant name 

	o   Anonymised email or other anonymous contact means 

	·      Access to other personal information –  

	o   Only to accredited entities (not individuals)–  

	o   Only in specific circumstances that warrant access  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180711/c73d4452/attachment.html>


More information about the ALAC mailing list