[ALAC] Draft Principles for GDPR

Alan Greenberg alan.greenberg at mcgill.ca
Wed Jul 11 15:27:06 UTC 2018


Carlton, I think that this is THE answer to the 
question of why At-Large needs to participate in 
this process. There are likely to be few GNSO 
participants that look at it from this perspective.

See my comment at https://community.icann.org/x/_YlHBQ.

Alan

At 11/07/2018 11:10 AM, Carlton Samuels wrote:
>A good piece to introduce here. So we not mis 
>read this  let me state how the end user 
>interest is inextricably conjoined with "third parties".
>
>The first is the protection of end users from 
>predators and predatory practices enabled by the 
>DNS. The vast majority of end users would not 
>know a WHOIS record even it jumped up and bit 
>them in the butt. We depend on others to help 
>us, to be on the line for our collective sake.
>
>These surrogates, if you will, include the 
>reputation companies, the antivirus folks, the 
>researchers and a whole amalgam of third party interests.
>
>When the end user gets a green tick that says 
>this is a safe website, it protects the end 
>user. That springs from the work of reputation 
>companies. Accesd to WHOIS data is vested in 
>their formulaic  response that keeps me from 
>wandering, mouth-breathing, into dangerous territory.
>
>ICANN and the entire chain of connections in the 
>DNS infrastructure has a role, each from a 
>slightly different perspective. But reputation 
>is not a sole interest as it is for these guys. 
>And the end user is a beneficiary of this 
>interest, which kicks in long way before the mainline DNS actors.
>
>This is just one example. But let us be clear. 
>That end user interests are defended by 
>surrogates and so-called third parties is not an 
>outlier. I would argue it is the central case.
>
>The ALAC may not argue for end user interests 
>absent an appreciation of the role in defending 
>those interests by third parties. That would be 
>a failure to recognize the facts as they 
>are...and an egregious abdication of responsibilities.
>
>-Carlton
>
>On Wed, 11 Jul 2018, 7:51 am Bastiaan Goslings, 
><<mailto:bastiaan.goslings at ams-ix.net>bastiaan.goslings at ams-ix.net> wrote:
>I think I can agree with both Jonathan/Alan and 
>Tijani on this. And as a matter of principle 
>I’d therefore suggest to follow what the EDPB 
>says on page 2 
><https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-05jul18-en.pdf>https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-05jul18-en.pdf
>
>’The EDPB considers it essential that a clear 
>distinction be maintained between the different 
>processing activities that take place in the 
>context of WHOIS and the respective purposes 
>pursued by the various stakeholders involved. 
>(
) The EDPB therefore reiterates that ICANN 
>should taake care not to conflate its own 
>purposes with the interests of third parties, 
>nor with the lawful grounds of processing which 
>may be applicable in a particular case’
>
>
>
> > On 11 Jul 2018, at 12:17, 
> <mailto:h.raiche at internode.on.net>h.raiche at internode.on.net wrote:
> >
> > Hi Tijani
> >
> > I think we can both agree that it is about 
> the public interest.  And while privacy is a 
> big part of that, so are other issues - a safe, stable DNS etc.
> >
> > I have asked that this discussion is on the 
> wiki so that there is a place for everyone to 
> contribute - and I hope you will participate as well.
> >
> > We need agreed principles for the people who 
> will sit on the EpDP - which means we need to hear from everyone - you included
> >
> > Holly
> >
> >
> > ----- Original Message -----
> > From:
> > "Tijani BEN JEMAA" 
> <<mailto:tijani.benjemaa at benjemaa.com>tijani.benjemaa at benjemaa.com>
> >
> > To:
> > "Jonathan Zuck" 
> <<mailto:JZuck at innovatorsnetwork.org>JZuck at innovatorsnetwork.org>
> > Cc:
> > 
> "<mailto:h.raiche at internodeon.net>h.raiche at internodeon.net" 
> <<mailto:h.raiche at internode.on.net>h.raiche at internode.on.net>, 
> "ALAC List" 
> <<mailto:alac at atlarge-lists.icann.org>alac at atlarge-lists.icann.org>, 
> "A t" <<mailto:staff at atlarge.icann.org>staff at atlarge.icann.org>
> > Sent:
> > Wed, 11 Jul 2018 09:33:16 +0100
> > Subject:
> > Re: [ALAC] Draft Principles for GDPR
> >
> >
> > Good morning everyone,
> >
> > I disagree with this statement Jonathan.
> > The registrants represent the active part of 
> the end-users. we are responsible to defend their interest.
> > I have heard such reflection, and it always 
> lead to be more aligned with the commercial 
> interests. We need to be careful and be always 
> for the public interest, not for the political or commercial interests.
> >
> > 
> -----------------------------------------------------------------------------
> > Tijani BEN JEMAA
> > Executive Director
> > Mediterranean Federation of Internet Associations (FMAI)
> > Phone: +216 98 330 114
> >           +216 52 385 114
> > 
> -----------------------------------------------------------------------------
> >
> >
> > Le 10 juil. 2018 Ã  22:27, Jonathan Zuck 
> <<mailto:JZuck at innovatorsnetwork.org>JZuck at innovatorsnetwork.org> a écrit :
> >
> > Thanks Holly for getting this started.  I 
> guess what we’re after are some basic 
> principles on our perspective on the GDPR. The 
> temp spec is the temp spec so some of this will 
> apply for sure, if we reach some consensus on 
> these but there are areas that are simply part 
> of the law over which we don’t have 
> influence. A principle might be something like
> >
> >
> >      • The ALAC feels responsible to 
> reprresent the interests of non-registrants 
> more so than registrants as they represent the majority of users.
> >
> > I’m not saying we’ve agreed to that but 
> that’s the kind of filter we could send our reps in with?
> >
> > Jonathan
> >
> >
> >
> > From: ALAC 
> <<mailto:alac-bounces at atlarge-lists.icann.org>alac-bounces at atlarge-lists.icann.org> 
> on behalf of 
> "<mailto:h.raiche at internode.on.net>h.raiche at internode.on.net" 
> <h.raiche at internode.onnet>
> > Reply-To: 
> "<mailto:h.raiche at internode.on.net>h.raiche at internode.on.net" 
> <<mailto:h.raiche at internode.on.net>h.raiche at internode.on.net>
> > Date: Tuesday, July 10, 2018 at 5:22 PM
> > To: ALAC List 
> <<mailto:alac at atlarge-lists.icann.org>alac at atlarge-lists.icann.org>, 
> A t <<mailto:staff at atlarge.icann.org>staff at atlarge.icann.org>
> > Subject: [ALAC] Draft Principles for GDPR
> >
> >
> > Folks
> >
> >
> > Since we all think principles are a good 
> idea, I have set down the basics from the 
> Temporary Spec - very simplistic, but it's a 
> start.  What we need now is discussion on the principles.
> >
> >
> > Evin - I'm not sure if you have a new wiki 
> page for discussion on the temporary spec, but if not, would you create on.
> >
> >
> > And Olivier - the Temporary Spec necessarily 
> will deal with access - at the least, guiding 
> principles, so whoever is on the EPDP will have 
> some guidance on our red lines on access.
> >
> >
> > So please everyone - comments
> >
> >
> > Thanks
> >
> >
> > Holly
> >
> >
> > Temporary Specification for gTLD Registration Data
> >
> >
> >
> >
> > Principles for requirements to replace the RAA/Registry Requirements
> >
> > (within the context of compliance with the GDPR)
> >
> >
> >
> > Purpose of Collection of Data
> >
> > Quoting from the Temporary Spec – which is quoting from the ICCANN Bylaws:
> >
> >
> > purpose is to coordinate the bottom-up, 
> multistakeholder development and implementation 
> of policies “[f]or which uniform or 
> coordinated resolution is reasonably necessary 
> to facilitate the openness, interoperability, 
> resilience, security and/or stability of the 
> DNS including, with respect to gTLD registrars and registries”
> >
> >
> > Purpose includes
> >
> > ·      􏰂  resolution of disputes 
> regarding the registration of domain names (as 
> opposed to the use of such domain names, but 
> including where such policies take into account use of the domain names);
> >
> >
> > ·      􏰂  maintenance of and access to 
> accurate and up-to-date information concerning 
> registered names and name servers;
> >
> >
> > ·      􏰂  procedures to avoid disruptions 
> of domain name registrations due to suspension 
> or termination of operations by a registry 
> operator or a registrar (e.g., escrow); and
> >
> >
> > ·      􏰂  the transfer of registration 
> data upon a change in registrar sponsoring one or more registered names.
> >
> >
> >
> >
> >
> > the Bylaws specifically obligate ICANN, in 
> carrying out its mandate, to “adequately 
> address issues of competition, consumer 
> protection, security, stability and resiliency, 
> malicious abuse issues, sovereignty concerns, and rights protection”
> >
> >
> >
> >
> > Geographic Coverage of EPDP Outcome:
> >
> > ·    Apply globally or
> >
> >
> >
> > ·    Apply only to European Economic Area (the coverage of the GD
> > R) and otherwise lesser requirements (existing RAA requirements?)
> >
> >
> >
> >
> > Data Collected
> >
> > ·    ‘Thick Whois” – bassed on the 
> differing uses of the data is listed in the purpose above – OR
> >
> >
> >
> > ·    Some lesser amount of information
> >
> >
> >
> >
> > Consent
> >
> > ·    Registrants must be told, at the time 
> of collection, what personal information is 
> collected, why the collection is  necessary to 
> achieve the purposes, who will have access and 
> in what circumstances  access will be given to 
> what information, and all circumstances in 
> which the data will be transferred (to 
> Registry, Escrow) and where heldThey must also 
> be told their consent can be withdrawn at any 
> time (and consequences of withdrawal) and how to withdraw consent
> >
> >
> >
> >
> > Access to Data – Tiered access (largely what 
> is in the Techniccal Specification)
> >
> > ·    Applies to all Registrants – naturaal or corporate persons
> >
> >
> >
> > ·    Information generally publicly available
> >
> >
> >
> > o   Registrant name
> >
> >
> >
> > o   Anonymised email or other anonymous contact means
> >
> >
> >
> > ·    Access to other personal information –
> >
> >
> >
> > o   Only to accredited entities (not individuals)– >
> >
> >
> > o   Only in specific circumstances that warrant access
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > ALAC mailing list
> > <mailto:ALAC at atlarge-lists.icann.org>ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: <http://www.atlarge.icann.org>http://www.atlarge.icann.org
> > ALAC Working Wiki: 
> <https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
> >
> > _______________________________________________
> > ALAC mailing list
> > <mailto:ALAC at atlarge-lists.icann.org>ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: <http://www.atlarge.icann.org>http://www.atlarge.icann.org
> > ALAC Working Wiki: 
> <https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
>_______________________________________________
>ALAC mailing list
><mailto:ALAC at atlarge-lists.icann.org>ALAC at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/alac
>
>At-Large Online: <http://www.atlarge.icann.org>http://www.atlarge.icann.org
>ALAC Working Wiki: 
><https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
>_______________________________________________
>ALAC mailing list
>ALAC at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/alac
>
>At-Large Online: http://www.atlarge.icann.org
>ALAC Working Wiki: 
>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180711/32d85678/attachment.html>


More information about the ALAC mailing list