[ALAC] Draft Principles for GDPR

Maureen Hilyard maureen.hilyard at gmail.com
Thu Jul 12 18:14:08 UTC 2018 

Hi Tijani

Although I can appreciate that we shouldn't miss out any end-users, I don't
think that registrants are our focus. They will already be advocated for by
sections of the GNSO.

I have to agree with what has already been said that our focus should be on
ordinary end-users who are domain users (many unaware that they are domain
users) and from what I understand, for the purposes of the EPDP, those who
are not yet domain owners as well as those who are.

I would really appreciate it if everyone's discussion above was on the
workspace
<https://community.icann.org/pages/viewpage.action?pageId=88574457> so that
I am not having to look all over the place to see where we are up to.

*Perhaps staff could move these conversations over *so that more people can
be seen to be involved in the workspace discussion
<https://community.icann.org/pages/viewpage.action?pageId=88574457>.


On Thu, Jul 12, 2018 at 7:34 AM, Tijani BEN JEMAA <tijani.benjemaa at topnet.tn
> wrote:

> Alan,
>
> I see that you exclude the registrants from the Users: Quit interesting….
> Registrants are users and our duty is to defend the interest of both
> registrant and not registrant users.
> For more clarity, I wouldn’t accept that criminals use domain names to
> harm users. This doesn’t mean that I accept to use the registrant data for
> other purpose than the one they were collected for.
>
> In my opinion, if we are to fix principles to our representatives in the
> EPDP, it should be through a large consultation among the whole at-large
> community, means the ALSes, individual members, RALOs and ALAC, not only
> the 15 members of ALAC and the few people around them. An official call for
> comment in a well communicated wiki page should be sent to all the RALO
> lists and the ALAC one
>
> ------------------------------------------------------------
> -----------------
> *Tijani BEN JEMAA*
> Executive Director
> Mediterranean Federation of Internet Associations (*FMAI*)
> Phone: +216 98 330 114
>             +216 52 385 114
> ------------------------------------------------------------
> -----------------
>
> Le 11 juil. 2018 à 22:16, Bastiaan Goslings <bastiaan.goslings at ams-ix.net>
> a écrit :
>
> Thank you, Hadia - you exactly prove my point
>
> Bastiaan
>
> --
> Envoyé de mon iPhone
>
> On 11 Jul 2018, at 18:32, Hadia Abdelsalam Mokhtar EL miniawi <
> Hadia at tra.gov.eg> wrote:
>
> I certainly agree with Jonathan that the principles that we need to set
> should determine  ALAC perspective on whois compliance with the GDPR,
> Bastian what the EDPB says on page two is not a principle that we need to
> state or say because it is a requirement by the EDPB whether we like it or
> not and whether we mention it or not.
>
> Best
> Hadia
>
> -----Original Message-----
> From: ALAC [mailto:alac-bounces at atlarge-lists.icann.org
> <alac-bounces at atlarge-lists.icann.org>] On Behalf Of Jonathan Zuck
> Sent: Wednesday, July 11, 2018 3:00 PM
> To: Bastiaan Goslings; Holly Raiche
> Cc: ALAC List
> Subject: Re: [ALAC] Draft Principles for GDPR
>
> I'll work with Evin to get this discussion up and running on a wiki as
> Holly has suggested so there's an archive and people can more easily go
> back and track the discussion. Some of this will come down to the
> definition of security and stability.
>
> On 7/11/18, 8:51 AM, "Bastiaan Goslings" <bastiaan.goslings at ams-ix.net>
> wrote:
>
>   I think I can agree with both Jonathan/Alan and Tijani on this. And as a
> matter of principle I’d therefore suggest to follow what the EDPB says on
> page 2 https://www.icann.org/en/system/files/correspondence/
> jelinek-to-marby-05jul18-en.pdf
>
>   ’The EDPB considers it essential that a clear distinction be maintained
> between the different processing activities that take place in the context
> of WHOIS and the respective purposes pursued by the various stakeholders
> involved. (…) The EDPB therefore reiterates that ICANN should take care not
> to conflate its own purposes with the interests of third parties, nor with
> the lawful grounds of processing which may be applicable in a particular
> case’
>
>
>
> On 11 Jul 2018, at 12:17, h.raiche at internode.on.net wrote:
>
> Hi Tijani
>
> I think we can both agree that it is about the public interest.  And while
> privacy is a big part of that, so are other issues - a safe, stable DNS etc.
>
> I have asked that this discussion is on the wiki so that there is a place
> for everyone to contribute - and I hope you will participate as well.
>
> We need agreed principles for the people who will sit on the EpDP - which
> means we need to hear from everyone - you included
>
> Holly
>
>
> ----- Original Message -----
> From:
> "Tijani BEN JEMAA" <tijani.benjemaa at benjemaa.com>
>
> To:
> "Jonathan Zuck" <JZuck at innovatorsnetwork.org>
> Cc:
> "h.raiche at internodeon.net" <h.raiche at internode.on.net>, "ALAC List" <
> alac at atlarge-lists.icann.org>, "A t" <staff at atlarge.icann.org>
> Sent:
> Wed, 11 Jul 2018 09:33:16 +0100
> Subject:
> Re: [ALAC] Draft Principles for GDPR
>
>
> Good morning everyone,
>
> I disagree with this statement Jonathan.
> The registrants represent the active part of the end-users. we are
> responsible to defend their interest.
> I have heard such reflection, and it always lead to be more aligned with
> the commercial interests. We need to be careful and be always for the
> public interest, not for the political or commercial interests.
>
> ------------------------------------------------------------
> -----------------
> Tijani BEN JEMAA
> Executive Director
> Mediterranean Federation of Internet Associations (FMAI)
> Phone: +216 98 330 114
>            +216 52 385 114
> ------------------------------------------------------------
> -----------------
>
>
> Le 10 juil. 2018 à 22:27, Jonathan Zuck <JZuck at innovatorsnetwork.org> a
> écrit :
>
> Thanks Holly for getting this started.  I guess what we’re after are some
> basic principles on our perspective on the GDPR. The temp spec is the temp
> spec so some of this will apply for sure, if we reach some consensus on
> these but there are areas that are simply part of the law over which we
> don’t have influence. A principle might be something like
>
>
>   • The ALAC feels responsible to represent the interests of
> non-registrants more so than registrants as they represent the majority of
> users.
>
> I’m not saying we’ve agreed to that but that’s the kind of filter we could
> send our reps in with?
>
> Jonathan
>
>
>
> From: ALAC <alac-bounces at atlarge-lists.icann.org> on behalf of "
> h.raiche at internode.on.net" <h.raiche at internode.onnet>
> Reply-To: "h.raiche at internode.on.net" <h.raiche at internode.on.net>
> Date: Tuesday, July 10, 2018 at 5:22 PM
> To: ALAC List <alac at atlarge-lists.icann.org>, A t <staff at atlarge.icann.org
> >
> Subject: [ALAC] Draft Principles for GDPR
>
>
> Folks
>
>
> Since we all think principles are a good idea, I have set down the basics
> from the Temporary Spec - very simplistic, but it's a start.  What we need
> now is discussion on the principles.
>
>
> Evin - I'm not sure if you have a new wiki page for discussion on the
> temporary spec, but if not, would you create on.
>
>
> And Olivier - the Temporary Spec necessarily will deal with access - at
> the least, guiding principles, so whoever is on the EPDP will have some
> guidance on our red lines on access.
>
>
> So please everyone - comments
>
>
> Thanks
>
>
> Holly
>
>
> Temporary Specification for gTLD Registration Data
>
>
>
>
> Principles for requirements to replace the RAA/Registry Requirements
>
> (within the context of compliance with the GDPR)
>
>
>
> Purpose of Collection of Data
>
> Quoting from the Temporary Spec – which is quoting from the ICANN Bylaws:
>
>
> purpose is to coordinate the bottom-up, multistakeholder development and
> implementation of policies “[f]or which uniform or coordinated resolution
> is reasonably necessary to facilitate the openness, interoperability,
> resilience, security and/or stability of the DNS including, with respect to
> gTLD registrars and registries”
>
>
> Purpose includes
>
> ·       􏰂  resolution of disputes regarding the registration of domain
> names (as opposed to the use of such domain names, but including where such
> policies take into account use of the domain names);
>
>
> ·       􏰂  maintenance of and access to accurate and up-to-date
> information concerning registered names and name servers;
>
>
> ·       􏰂  procedures to avoid disruptions of domain name registrations
> due to suspension or termination of operations by a registry operator or a
> registrar (e.g., escrow); and
>
>
> ·       􏰂  the transfer of registration data upon a change in registrar
> sponsoring one or more registered names.
>
>
>
>
>
> the Bylaws specifically obligate ICANN, in carrying out its mandate, to
> “adequately address issues of competition, consumer protection, security,
> stability and resiliency, malicious abuse issues, sovereignty concerns, and
> rights protection”
>
>
>
>
> Geographic Coverage of EPDP Outcome:
>
> ·      Apply globally or
>
>
>
> ·      Apply only to European Economic Area (the coverage of the GD
> R) and otherwise lesser requirements (existing RAA requirements?)
>
>
>
>
> Data Collected
>
> ·      ‘Thick Whois” – based on the differing uses of the data is listed
> in the purpose above – OR
>
>
>
> ·      Some lesser amount of information
>
>
>
>
> Consent
>
> ·      Registrants must be told, at the time of collection, what personal
> information is collected, why the collection is  necessary to achieve the
> purposes, who will have access and in what circumstances  access will be
> given to what information, and all circumstances in which the data will be
> transferred (to Registry, Escrow) and where heldThey must also be told
> their consent can be withdrawn at any time (and consequences of withdrawal)
> and how to withdraw consent
>
>
>
>
> Access to Data – Tiered access (largely what is in the Technical
> Specification)
>
> ·      Applies to all Registrants – natural or corporate persons
>
>
>
> ·      Information generally publicly available
>
>
>
> o   Registrant name
>
>
>
> o   Anonymised email or other anonymous contact means
>
>
>
> ·      Access to other personal information –
>
>
>
> o   Only to accredited entities (not individuals)–
>
>
>
> o   Only in specific circumstances that warrant access
>
>
>
>
>
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
>
>
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
>
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+
> Advisory+Committee+(ALAC)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180712/7fcb0afd/attachment.html>

More information about the ALAC mailing list