[ALAC] Draft Principles for GDPR

h.raiche at internode.on.net h.raiche at internode.on.net
Wed Jul 11 01:43:56 UTC 2018 

Thanks Jonathan
Agreed.  And as soon as there is an agreed wiki for this, please put
your comments there.
(I find that putting ANYTHING down on paper (so to speak) makes it
easier for others to comment - so the more text we put down, the
better)
Holly
Would other principels be something like:
general agreement with the TempSec?

----- Original Message -----
From: "Jonathan Zuck" 
To:"h.raiche at internode.on.net" , "ALAC List" , "A t" 
Cc:
Sent:Tue, 10 Jul 2018 21:27:15 +0000
Subject:Re: [ALAC] Draft Principles for GDPR

	Thanks Holly for getting this started.  I guess what we’re after
are some basic principles on our _perspective_ on the GDPR. The temp
spec is the temp spec so some of this will apply for sure, if we reach
some consensus on these but there are areas that are simply part of
the law over which we don’t have influence. A principle might be
something like

	 

	* The ALAC feels responsible to represent the interests of
non-registrants more so than registrants as they represent the
majority of users.

	I’m not saying we’ve agreed to that but that’s the kind of
filter we could send our reps in with?

	Jonathan

	 

	 

	FROM: ALAC  on behalf of "h.raiche at internode.on.net" 
REPLY-TO: "h.raiche at internode.on.net" 
DATE: Tuesday, July 10, 2018 at 5:22 PM
TO: ALAC List , A t 
SUBJECT: [ALAC] Draft Principles for GDPR

	 

	Folks

	 

	Since we all think principles are a good idea, I have set down the
basics from the Temporary Spec - very simplistic, but it's a start. 
What we need now is discussion on the principles.

	 

	Evin - I'm not sure if you have a new wiki page for discussion on the
temporary spec, but if not, would you create on.

	 

	And Olivier - the Temporary Spec necessarily will deal with access -
at the least, guiding principles, so whoever is on the EPDP will have
some guidance on our red lines on access.

	 

	So please everyone - comments

	 

	Thanks

	 

	Holly

	 

	 TEMPORARY SPECIFICATION FOR GTLD REGISTRATION DATA 

	 

	 

	PRINCIPLES FOR REQUIREMENTS TO REPLACE THE RAA/REGISTRY REQUIREMENTS

	_(within the context of compliance with the GDPR)_

	_ _

	PURPOSE OF COLLECTION OF DATA

	 Quoting from the Temporary Spec – which is quoting from the ICANN
Bylaws:

	 _purpose is to coordinate the bottom-up, multistakeholder
development and implementation of policies “[f]or which uniform or
coordinated resolution is reasonably necessary to facilitate the
openness, interoperability, resilience, security and/or stability of
the DNS including, with respect to gTLD registrars and registries” _

	_Purpose includes_

	 ·       􏰂  resolution of disputes regarding the
registration of domain names (as opposed to the use of such domain
names, but including where such policies take into account use of the
domain names); 

	 ·       􏰂  maintenance of and access to accurate and
up-to-date information concerning registered names and name servers; 

	 ·       􏰂  procedures to avoid disruptions of domain name
registrations due to suspension or termination of operations by a
registry operator or a registrar (e.g., escrow); and 

	 ·       􏰂  the transfer of registration data upon a
change in registrar sponsoring one or more registered names. 

	  

	 the Bylaws specifically obligate ICANN, in carrying out its mandate,
to “adequately address issues of competition, consumer protection,
security, stability and resiliency, malicious abuse issues,
sovereignty concerns, and rights protection” 

	_ _

	GEOGRAPHIC COVERAGE OF EPDP OUTCOME:

	·      Apply globally OR

	·      Apply only to European Economic Area (the coverage of
the GD
 R) and otherwise lesser requirements (existing RAA requirements?)

	 

	DATA COLLECTED

	·      ‘Thick Whois” – based on the differing uses of the
data is listed in the purpose above – OR

	·      Some lesser amount of information

	 

	CONSENT

	·      Registrants must be told, at the time of collection,
what personal information is collected, why the collection is 
necessary to achieve the purposes, who will have access and in what
circumstances  access will be given to what information, and all
circumstances in which the data will be transferred (to Registry,
Escrow) and where heldThey must also be told their consent can be
withdrawn at any time (and consequences of withdrawal) and how to
withdraw consent

	 

	ACCESS TO DATA – TIERED ACCESS (LARGELY WHAT IS IN THE TECHNICAL
SPECIFICATION)

	·      Applies to all Registrants – natural or corporate
persons

	·      Information generally publicly available

	o   Registrant name

	o   Anonymised email or other anonymous contact means

	·      Access to other personal information – 

	o   Only to accredited entities (not individuals)– 

	o   Only in specific circumstances that warrant access

	
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180711/64bc8fa4/attachment.html>

More information about the ALAC mailing list