[ALAC] Draft Principles for GDPR

Carlton Samuels carlton.samuels at gmail.com
Wed Jul 11 18:37:22 UTC 2018 

Alan,
Having seen your wiki submission, mark me down as a supporter in the same
column. I have argued in the CCT RT in support of the positions advanced by
folks who normally caucus with the IP and reputation interests because of
similar reasoning.

I remain persuaded to the view that certain surrogates give more value to
the end user interest that any single end user WHOIS lookup capability
could deliver.  It is a simple idea to go for the mass benefit every time;
maximize outcomes where they provide a benefit to the greater mass of end
users,not just the sentient ones.

-Carlton



==============================
*Carlton A Samuels*

*Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround*
=============================


On Wed, Jul 11, 2018 at 10:27 AM Alan Greenberg <alan.greenberg at mcgill.ca>
wrote:

> Carlton, I think that this is THE answer to the question of why At-Large
> needs to participate in this process. There are likely to be few GNSO
> participants that look at it from this perspective.
>
> See my comment at https://community.icann.org/x/_YlHBQ.
>
> Alan
>
> At 11/07/2018 11:10 AM, Carlton Samuels wrote:
>
> A good piece to introduce here. So we not mis read this  let me state how
> the end user interest is inextricably conjoined with "third parties".
>
> The first is the protection of end users from predators and predatory
> practices enabled by the DNS. The vast majority of end users would not know
> a WHOIS record even it jumped up and bit them in the butt. We depend on
> others to help us, to be on the line for our collective sake.
>
> These surrogates, if you will, include the reputation companies, the
> antivirus folks, the researchers and a whole amalgam of third party
> interests.
>
> When the end user gets a green tick that says this is a safe website, it
> protects the end user. That springs from the work of reputation companies.
> Accesd to WHOIS data is vested in their formulaic  response that keeps me
> from wandering, mouth-breathing, into dangerous territory.
>
> ICANN and the entire chain of connections in the DNS infrastructure has a
> role, each from a slightly different perspective. But reputation is not a
> sole interest as it is for these guys. And the end user is a beneficiary of
> this interest, which kicks in long way before the mainline DNS actors.
>
> This is just one example. But let us be clear. That end user interests are
> defended by surrogates and so-called third parties is not an outlier. I
> would argue it is the central case.
>
> The ALAC may not argue for end user interests absent an appreciation of
> the role in defending those interests by third parties. That would be a
> failure to recognize the facts as they are...and an egregious abdication of
> responsibilities.
>
> -Carlton
>
> On Wed, 11 Jul 2018, 7:51 am Bastiaan Goslings, <
> bastiaan.goslings at ams-ix.net> wrote:
> I think I can agree with both Jonathan/Alan and Tijani on this. And as a
> matter of principle I’d therefore suggest to follow what the EDPB says on
> page 2
> https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-05jul18-en.pdf
>
> ’The EDPB considers it essential that a clear distinction be maintained
> between the different processing activities that take place in the context
> of WHOIS and the respective purposes pursued by the various stakeholders
> involved. (…) The EDPB therefore reiterates that ICANN should taake care
> not to conflate its own purposes with the interests of third parties, nor
> with the lawful grounds of processing which may be applicable in a
> particular case’
>
>
>
> > On 11 Jul 2018, at 12:17, h.raiche at internode.on.net wrote:
> >
> > Hi Tijani
> >
> > I think we can both agree that it is about the public interest.  And
> while privacy is a big part of that, so are other issues - a safe, stable
> DNS etc.
> >
> > I have asked that this discussion is on the wiki so that there is a
> place for everyone to contribute - and I hope you will participate as well.
> >
> > We need agreed principles for the people who will sit on the EpDP -
> which means we need to hear from everyone - you included
> >
> > Holly
> >
> >
> > ----- Original Message -----
> > From:
> > "Tijani BEN JEMAA" < tijani.benjemaa at benjemaa.com>
> >
> > To:
> > "Jonathan Zuck" < JZuck at innovatorsnetwork.org>
> > Cc:
> > " h.raiche at internodeon.net" < h.raiche at internode.on.net>, "ALAC List" <
> alac at atlarge-lists.icann.org>, "A t" <staff at atlarge.icann.org >
> > Sent:
> > Wed, 11 Jul 2018 09:33:16 +0100
> > Subject:
> > Re: [ALAC] Draft Principles for GDPR
> >
> >
> > Good morning everyone,
> >
> > I disagree with this statement Jonathan.
> > The registrants represent the active part of the end-users. we are
> responsible to defend their interest.
> > I have heard such reflection, and it always lead to be more aligned with
> the commercial interests. We need to be careful and be always for the
> public interest, not for the political or commercial interests.
> >
> >
> -----------------------------------------------------------------------------
> > Tijani BEN JEMAA
> > Executive Director
> > Mediterranean Federation of Internet Associations (FMAI)
> > Phone: +216 98 330 114
> >           +216 52 385 114
> >
> -----------------------------------------------------------------------------
> >
> >
> > Le 10 juil. 2018 Ã  22:27, Jonathan Zuck < JZuck at innovatorsnetwork.org>
> a écrit :
> >
> > Thanks Holly for getting this started.  I guess what we’re after are
> some basic principles on our perspective on the GDPR. The temp spec is the
> temp spec so some of this will apply for sure, if we reach some consensus
> on these but there are areas that are simply part of the law over which we
> don’t have influence. A principle might be something like
> >
> >
> >      • The ALAC feels responsible to reprresent the interests of
> non-registrants more so than registrants as they represent the majority of
> users.
> >
> > I’m not saying we’ve agreed to that but that’s the kind of filter
> we could send our reps in with?
> >
> > Jonathan
> >
> >
> >
> > From: ALAC < alac-bounces at atlarge-lists.icann.org> on behalf of "
> h.raiche at internode.on.net" <h.raiche at internode.onnet>
> > Reply-To: " h.raiche at internode.on.net" < h.raiche at internode.on.net>
> > Date: Tuesday, July 10, 2018 at 5:22 PM
> > To: ALAC List < alac at atlarge-lists.icann.org>, A t <
> staff at atlarge.icann.org >
> > Subject: [ALAC] Draft Principles for GDPR
> >
> >
> > Folks
> >
> >
> > Since we all think principles are a good idea, I have set down the
> basics from the Temporary Spec - very simplistic, but it's a start.  What
> we need now is discussion on the principles.
> >
> >
> > Evin - I'm not sure if you have a new wiki page for discussion on the
> temporary spec, but if not, would you create on.
> >
> >
> > And Olivier - the Temporary Spec necessarily will deal with access - at
> the least, guiding principles, so whoever is on the EPDP will have some
> guidance on our red lines on access.
> >
> >
> > So please everyone - comments
> >
> >
> > Thanks
> >
> >
> > Holly
> >
> >
> > Temporary Specification for gTLD Registration Data
> >
> >
> >
> >
> > Principles for requirements to replace the RAA/Registry Requirements
> >
> > (within the context of compliance with the GDPR)
> >
> >
> >
> > Purpose of Collection of Data
> >
> > Quoting from the Temporary Spec – which is quoting from the ICCANN
> Bylaws:
> >
> >
> > purpose is to coordinate the bottom-up, multistakeholder development and
> implementation of policies “[f]or which uniform or coordinated resolution
> is reasonably necessary to facilitate the openness, interoperability,
> resilience, security and/or stability of the DNS including, with respect to
> gTLD registrars and registriesâ€
> >
> >
> > Purpose includes
> >
> > ·      ô °‚  resolution of disputes regarding the registration of
> domain names (as opposed to the use of such domain names, but including
> where such policies take into account use of the domain names);
> >
> >
> > ·      ô °‚  maintenance of and access to accurate and up-to-date
> information concerning registered names and name servers;
> >
> >
> > ·      ô °‚  procedures to avoid disruptions of domain name
> registrations due to suspension or termination of operations by a registry
> operator or a registrar (e.g., escrow); and
> >
> >
> > ·      ô °‚  the transfer of registration data upon a change in
> registrar sponsoring one or more registered names.
> >
> >
> >
> >
> >
> > the Bylaws specifically obligate ICANN, in carrying out its mandate, to
> “adequately address issues of competition, consumer protection, security,
> stability and resiliency, malicious abuse issues, sovereignty concerns, and
> rights protectionâ€
> >
> >
> >
> >
> > Geographic Coverage of EPDP Outcome:
> >
> > ·    Apply globally or
> >
> >
> >
> > ·    Apply only to European Economic Area (the coverage of the GD
> > R) and otherwise lesser requirements (existing RAA requirements?)
> >
> >
> >
> >
> > Data Collected
> >
> > ·    ‘Thick Whois†– bassed on the differing uses of the data is
> listed in the purpose above – OR
> >
> >
> >
> > ·    Some lesser amount of information
> >
> >
> >
> >
> > Consent
> >
> > ·    Registrants must be told, at the time of collection, what personal
> information is collected, why the collection is  necessary to achieve the
> purposes, who will have access and in what circumstances  access will be
> given to what information, and all circumstances in which the data will be
> transferred (to Registry, Escrow) and where heldThey must also be told
> their consent can be withdrawn at any time (and consequences of withdrawal)
> and how to withdraw consent
> >
> >
> >
> >
> > Access to Data – Tiered access (largely what is in the Techniccal
> Specification)
> >
> > ·    Applies to all Registrants – naturaal or corporate persons
> >
> >
> >
> > ·    Information generally publicly available
> >
> >
> >
> > o   Registrant name
> >
> >
> >
> > o   Anonymised email or other anonymous contact means
> >
> >
> >
> > ·    Access to other personal information –
> >
> >
> >
> > o   Only to accredited entities (not individuals)– >
> >
> >
> > o   Only in specific circumstances that warrant access
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > ALAC mailing list
> > ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: http://www.atlarge.icann.org
> > ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
> >
> > _______________________________________________
> > ALAC mailing list
> > ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: http://www.atlarge.icann.org
> > ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC
> )
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180711/3044d91f/attachment.html>

More information about the ALAC mailing list