[ALAC] Draft Principles for GDPR

Carlton Samuels carlton.samuels at gmail.com
Wed Jul 11 00:53:19 UTC 2018 

Good man!

Keep going.  And while at it, tell us why (grounding of principle) and how
(that plays out in context of WHOIS)!

-Carlton

==============================
*Carlton A Samuels*

*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround*
=============================


On Tue, Jul 10, 2018 at 4:27 PM Jonathan Zuck <JZuck at innovatorsnetwork.org>
wrote:

> Thanks Holly for getting this started.  I guess what we’re after are some
> basic principles on our *perspective* on the GDPR. The temp spec is the
> temp spec so some of this will apply for sure, if we reach some consensus
> on these but there are areas that are simply part of the law over which we
> don’t have influence. A principle might be something like
>
>
>
>    1. The ALAC feels responsible to represent the interests of
>    non-registrants more so than registrants as they represent the majority of
>    users.
>
> I’m not saying we’ve agreed to that but that’s the kind of filter we could
> send our reps in with?
>
> Jonathan
>
>
>
>
>
> *From: *ALAC <alac-bounces at atlarge-lists.icann.org> on behalf of "
> h.raiche at internode.on.net" <h.raiche at internode.on.net>
> *Reply-To: *"h.raiche at internode.on.net" <h.raiche at internode.on.net>
> *Date: *Tuesday, July 10, 2018 at 5:22 PM
> *To: *ALAC List <alac at atlarge-lists.icann.org>, A t <
> staff at atlarge.icann.org>
> *Subject: *[ALAC] Draft Principles for GDPR
>
>
>
> Folks
>
>
>
> Since we all think principles are a good idea, I have set down the basics
> from the Temporary Spec - very simplistic, but it's a start.  What we need
> now is discussion on the principles.
>
>
>
> Evin - I'm not sure if you have a new wiki page for discussion on the
> temporary spec, but if not, would you create on.
>
>
>
> And Olivier - the Temporary Spec necessarily will deal with access - at
> the least, guiding principles, so whoever is on the EPDP will have some
> guidance on our red lines on access.
>
>
>
> So please everyone - comments
>
>
>
> Thanks
>
>
>
> Holly
>
>
>
> *Temporary Specification for gTLD Registration Data *
>
>
>
>
>
> *Principles for requirements to replace the RAA/Registry Requirements*
>
> *(within the context of compliance with the GDPR)*
>
>
>
> *Purpose of Collection of Data*
>
> Quoting from the Temporary Spec – which is quoting from the ICANN Bylaws:
>
> *purpose is to coordinate the bottom-up, multistakeholder development and
> implementation of policies “[f]or which uniform or coordinated resolution
> is reasonably necessary to facilitate the openness, interoperability,
> resilience, security and/or stability of the DNS including, with respect to
> gTLD registrars and registries” *
>
> *Purpose includes*
>
> ·       􏰂  resolution of disputes regarding the registration of domain
> names (as opposed to the use of such domain names, but including where such
> policies take into account use of the domain names);
>
> ·       􏰂  maintenance of and access to accurate and up-to-date
> information concerning registered names and name servers;
>
> ·       􏰂  procedures to avoid disruptions of domain name registrations
> due to suspension or termination of operations by a registry operator or a
> registrar (e.g., escrow); and
>
> ·       􏰂  the transfer of registration data upon a change in registrar
> sponsoring one or more registered names.
>
>
>
> the Bylaws specifically obligate ICANN, in carrying out its mandate, to
> “adequately address issues of competition, consumer protection, security,
> stability and resiliency, malicious abuse issues, sovereignty concerns, and
> rights protection”
>
>
>
> *Geographic Coverage of EPDP Outcome:*
>
> ·      Apply globally *or*
>
> ·      Apply only to European Economic Area (the coverage of the GD
> R) and otherwise lesser requirements (existing RAA requirements?)
>
>
>
> *Data Collected*
>
> ·      ‘Thick Whois” – based on the differing uses of the data is listed
> in the purpose above – OR
>
> ·      Some lesser amount of information
>
>
>
> *Consent*
>
> ·      Registrants must be told, at the time of collection, what personal
> information is collected, why the collection is  necessary to achieve the
> purposes, who will have access and in what circumstances  access will be
> given to what information, and all circumstances in which the data will be
> transferred (to Registry, Escrow) and where heldThey must also be told
> their consent can be withdrawn at any time (and consequences of withdrawal)
> and how to withdraw consent
>
>
>
> *Access to Data – Tiered access (largely what is in the Technical
> Specification)*
>
> ·      Applies to all Registrants – natural or corporate persons
>
> ·      Information generally publicly available
>
> o   Registrant name
>
> o   Anonymised email or other anonymous contact means
>
> ·      Access to other personal information –
>
> o   Only to accredited entities (not individuals)–
>
> o   Only in specific circumstances that warrant access
>
>
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180710/8880caf3/attachment.html>

More information about the ALAC mailing list