<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Dear Holly,<br>
<br>
thanks for the explanation. I'll forward to EURALO.<br>
Kindest regards,<br>
<br>
Olivier<br>
<br>
<div class="moz-cite-prefix">On 20/01/2018 06:11, Holly Raiche
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7059C26B-EA42-4CCA-8781-27411AFBFED2@internode.on.net">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
Olivier
<div><br>
</div>
<div>My fault - it should be on whatever list is appropriate.
PLEASE share it with EURALO or whomever. The problem was lack
of time and I felt we had to do something - ‘feedback’ is due
29 Jan - and I wanted to start an open discussion . Aida,
Vanda, Carlton and Alan have already made comments by email - my
hope, by asking for a wiki - was to centralise the discussion.
And now that Jonathan has put his hand up, he can take it from
here.</div>
<div><br>
</div>
<div>I”ll put the stuff I said on the wiki, just to start the
discussion. And please scold me - my fault. But then please,
get EURALO to comment as well</div>
<div><br>
</div>
<div>Holly <br>
<div>
<div>On 20 Jan 2018, at 11:27 am, Olivier MJ Crépin-Leblond
<<a href="mailto:ocl@gih.com" moz-do-not-send="true">ocl@gih.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div text="#000000" bgcolor="#FFFFFF" style="font-family:
Verdana; font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;">Hello all,<br>
<br>
now I really do not know what to make of this. Once again
we have a substantial policy discussion on the ALAC
Internal List and now an announcement of a WIKI workspace
being created.<br>
As a result, I do not know if I can share this with my
EURALO constituents - and the debate is yet again within
the 15 member ALAC & whomever is on the ALAC Internal
List. Not very inclusive, is it? In the meantime, the open
At-Large mailing list is seldom used for any policy
discussion of value, even though whenever someone sends
such a discussion out, there is movement on the list.<br>
<br>
Meanwhile, announcements of RALO appointees, whether for
Onboarding or Leadership Training, are also made on the
ALAC Internal, so I receive emails from interested parties
and applicants asking me what is going on, up to several
days after a choice and an announcement are made.<br>
<br>
Why so much hiding?<br>
<br>
Olivier<br>
<br>
<br>
<div class="moz-cite-prefix">On 19/01/2018 15:15, Evin
Erdogdu wrote:<br>
</div>
<blockquote type="cite"
cite="mid:D1E6DEC0-5546-4316-BE3E-ADF9DD7F9C89@icann.org">
<div class="WordSection1" style="page: WordSection1;">
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;">Hello Holly and
All,<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;">Please see the
created wiki workspace for<span
class="Apple-converted-space"> </span><a
href="https://community.icann.org/display/alacpolicydev/At-Large+Workspace%3A+Data+Protection+and+Privacy+Update+-+Community+Feedback+on+Proposed+Compliance+Models"
moz-do-not-send="true" style="color: rgb(149, 79,
114); text-decoration: underline;">Data Protection
and Privacy Update - Community Feedback on
Proposed Compliance Models</a>.<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;">Feedback is
requested by<span class="Apple-converted-space"> </span><b>29
January 2018</b>.<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;">Kind Regards,<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;">Evin<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;"><o:p> </o:p></div>
<div style="border-style: solid none none;
border-top-color: rgb(181, 196, 223);
border-top-width: 1pt; padding: 3pt 0in 0in;">
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><b><span
style="font-size: 12pt;">From:<span
class="Apple-converted-space"> </span></span></b><span
style="font-size: 12pt;">Holly Raiche<span
class="Apple-converted-space"> </span><a
class="moz-txt-link-rfc2396E"
href="mailto:h.raiche@internode.on.net"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
moz-do-not-send="true"><h.raiche@internode.on.net></a><br>
<b>Date:<span class="Apple-converted-space"> </span></b>Thursday,
January 18, 2018 at 6:41 PM<br>
<b>To:<span class="Apple-converted-space"> </span></b>ALAC
Internal List<span class="Apple-converted-space"> </span><a
class="moz-txt-link-rfc2396E"
href="mailto:alac-internal@atlarge-lists.icann.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
moz-do-not-send="true"><alac-internal@atlarge-lists.icann.org></a><br>
<b>Cc:<span class="Apple-converted-space"> </span></b>ICANN
At-Large Staff<span
class="Apple-converted-space"> </span><a
class="moz-txt-link-rfc2396E"
href="mailto:staff@atlarge.icann.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
moz-do-not-send="true"><staff@atlarge.icann.org></a><br>
<b>Subject:<span class="Apple-converted-space"> </span></b>[Ext]
ALAC comments on ICANN models for GDPR<o:p></o:p></span></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;">Folks<o:p></o:p></div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;">First -
we really need a wiki space on our policy page so
that we can collect any comments on ICANN’s models
responding to the GDPR. At the moment, Alan,
Carlton, Vanda and Aida have all made comments -
but they are not in one place and should be.
“Feedback’ is due 29 January, so if ALAC is to
say something - we should all agree on what that
is - and it should all be in one place so everyone
can view all of the comments together.<o:p></o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;">Next,
I’ve finally had a good look at the document and
offer the following comments:<o:p></o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><i>General
comments</i>:<o:p></o:p></div>
</div>
<div>
<ul style="margin-bottom: 0in;" type="disc">
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;">Any model adopted should, as much
as possible, be close to a position that
everyone is comfortable with. The reality is
that actually changing the current RDS policy
(i.e., requirements in the RAA on the collection
and public access to registration data) will
take at least another couple of years (The
current RDS WG is only at the first stage of the
policy change needed - 18 months after it
started at least). So this ‘interim’ model will
be used for a significant amount of time before
it is replaced. Further, if we are calling on
registrars/registries to adopt a model now, it
should be as close as possible to the ultimate
solution so that registries/registrars don’t
have to change their systems yet again. ( I
recognise this is called an ‘interim’ solution:
the reality - it will be a long ‘interim’)<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;">A related point - any policy
adopted should be one that applies globally.
There should not be a policy that gives one
part of the globe a level of privacy protection
that does not apply elsewhere. And on a more
practical note, how does a registrar or registry
be sure of whether all of their customers live
in an area that attracts one level of privacy
protection or another.<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;">The basis of any model adopted
should be on privacy principles. Yes, the GDPR
is the most stringent, but we need to recognise
that data protection legislation has been
enacted globally, based on fundamental OECD
principles. Those principles include the
direction that data collectors must only collect
information - particularly personal information
- that is necessary for them to carry out their
function(s), that the data collector must - up
front - tell the data subject the purposes to
which the data will be put and the circumstances
in which defined others will access the data.<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;">The final document should use the
language of SSAC51 - for the data itself, the
service and the protocol. Using ‘Whois’ leads to
confusion as to what is being referred to<o:p></o:p></li>
</ul>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><i>Specific
comments</i>:<o:p></o:p></div>
</div>
<div>
<ul style="margin-bottom: 0in;" type="disc">
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;"><u>Approach</u>- Clause 6: Agree
with the statement that all of the compliance
models are based on tiered access - and agree
with tiered access<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;"><u>Commonalities</u><span
class="Apple-converted-space"> </span>- Clause
1: I am not sure we should agree with the
statement that registrars may collect (but not
necessarily publish) all of the personal data
elements currently in the Thick registration
data. This is an issue that the RDS WG is
working through - to determine what information
is actually necessary for the the
registrars/registries to carry out their
functions. However, I accept that this may be
too hard for anyone outside of the WG
discussions to come to final agreement upon<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;"><u>Purpose Description</u><span
class="Apple-converted-space"> </span>-
Purpose of Whois. This text confuses two things.
The purpose of ICANN is about coordination,
stability etc of the Internet’s unique
identifier system. But the purpose that is
critical here is the purpose<span
class="Apple-converted-space"> </span><u>of
the collecto</u>r - the registrar. So the
tests for whether the information should be
collected is whether the<span
class="Apple-converted-space"> </span><b>registrar</b><span
class="Apple-converted-space"> </span>needs
the information to carry out their functions<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;"><u>Models - General</u>.Only Models
2B and Model 3 apply globally. On that basis,
reject Models 1 and 2A<o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family: Calibri,
sans-serif;"><u>Model 2A vs Model 3</u>: <o:p></o:p></li>
</ul>
<ul style="margin-bottom: 0in;" type="disc">
<ul style="margin-bottom: 0in;" type="circle">
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif;">In Model 2A - the name
of the registrant is only displayed with the
consent of the registrant (whether a natural
person or company), access to non-public data
would be to a defined set of third party
requesters under a formal
accreditation/certification program (this
could include law enforcement agencies,
certified intellectual lawyers, etc based on
pre-defined criteria and as part of a formal
accreditation process. As an interim measure,
self certification could be used as part of
an interim mechanism <o:p></o:p></li>
<li class="MsoNormal" style="margin: 0in 0in
0.0001pt; font-size: 11pt; font-family:
Calibri, sans-serif;">In model 3, the
registrant’s name would be displayed (with or
without consent), and not publish personal
data. However, this would require assessment
on a field by field basis as to whether
personal data would be included. There would
be a stricter regime for access - only under
applicable law and subject to due process
requirements such as under subpoena or oner
judicial order.<o:p></o:p></li>
</ul>
</ul>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;">My
recommendation: Go with either Model 2B or 3.
Model 3 is the stricter, but appears to be a
bit complex in its assessment against each
field. Certainly there are very tight controls
on access to the data. Model 2A has the
possibility of more access - based on
pre-determined requirements/accreditation. The
timeframe for data retention under both is also
different (life of registration +1 year for 2A,
and +60 days) <o:p></o:p></div>
</div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;">My
personal choice - Model 2A - as long as there is a
tight accreditation process, and tightly defined
criteria for who (already accredited) gets access
to personal information in what circumstances. But
this is for ALAC members to decide.<o:p></o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;">Holly<o:p></o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;"><o:p> </o:p></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ALAC-Internal mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ALAC-Internal@atlarge-lists.icann.org" style="color: rgb(149, 79, 114); text-decoration: underline;" moz-do-not-send="true">ALAC-Internal@atlarge-lists.icann.org</a>
<a class="moz-txt-link-freetext" href="https://atlarge-lists.icann.org/mailman/listinfo/alac-internal" style="color: rgb(149, 79, 114); text-decoration: underline;" moz-do-not-send="true">https://atlarge-lists.icann.org/mailman/listinfo/alac-internal</a>
ALAC Wiki: <a class="moz-txt-link-freetext" href="https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+%28ALAC%29" style="color: rgb(149, 79, 114); text-decoration: underline;" moz-do-not-send="true">https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)</a>
At-Large Website: <a class="moz-txt-link-freetext" href="http://atlarge.icann.org/" style="color: rgb(149, 79, 114); text-decoration: underline;" moz-do-not-send="true">http://atlarge.icann.org</a>
</pre>
</blockquote>
<br>
</div>
<br class="Apple-interchange-newline">
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Olivier MJ Crépin-Leblond, PhD
<a class="moz-txt-link-freetext" href="http://www.gih.com/ocl.html">http://www.gih.com/ocl.html</a>
</pre>
</body>
</html>