[ALAC] Draft Principles for GDPR
Carlton Samuels
carlton.samuels at gmail.com
Wed Jul 11 15:10:07 UTC 2018
A good piece to introduce here. So we not mis read this let me state how
the end user interest is inextricably conjoined with "third parties".
The first is the protection of end users from predators and predatory
practices enabled by the DNS. The vast majority of end users would not know
a WHOIS record even it jumped up and bit them in the butt. We depend on
others to help us, to be on the line for our collective sake.
These surrogates, if you will, include the reputation companies, the
antivirus folks, the researchers and a whole amalgam of third party
interests.
When the end user gets a green tick that says this is a safe website, it
protects the end user. That springs from the work of reputation companies.
Accesd to WHOIS data is vested in their formulaic response that keeps me
from wandering, mouth-breathing, into dangerous territory.
ICANN and the entire chain of connections in the DNS infrastructure has a
role, each from a slightly different perspective. But reputation is not a
sole interest as it is for these guys. And the end user is a beneficiary of
this interest, which kicks in long way before the mainline DNS actors.
This is just one example. But let us be clear. That end user interests are
defended by surrogates and so-called third parties is not an outlier. I
would argue it is the central case.
The ALAC may not argue for end user interests absent an appreciation of the
role in defending those interests by third parties. That would be a failure
to recognize the facts as they are...and an egregious abdication of
responsibilities.
-Carlton
On Wed, 11 Jul 2018, 7:51 am Bastiaan Goslings, <
bastiaan.goslings at ams-ix.net> wrote:
> I think I can agree with both Jonathan/Alan and Tijani on this. And as a
> matter of principle I’d therefore suggest to follow what the EDPB says on
> page 2
> https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-05jul18-en.pdf
>
> ’The EDPB considers it essential that a clear distinction be maintained
> between the different processing activities that take place in the context
> of WHOIS and the respective purposes pursued by the various stakeholders
> involved. (…) The EDPB therefore reiterates that ICANN should take care not
> to conflate its own purposes with the interests of third parties, nor with
> the lawful grounds of processing which may be applicable in a particular
> case’
>
>
>
> > On 11 Jul 2018, at 12:17, h.raiche at internode.on.net wrote:
> >
> > Hi Tijani
> >
> > I think we can both agree that it is about the public interest. And
> while privacy is a big part of that, so are other issues - a safe, stable
> DNS etc.
> >
> > I have asked that this discussion is on the wiki so that there is a
> place for everyone to contribute - and I hope you will participate as well.
> >
> > We need agreed principles for the people who will sit on the EpDP -
> which means we need to hear from everyone - you included
> >
> > Holly
> >
> >
> > ----- Original Message -----
> > From:
> > "Tijani BEN JEMAA" <tijani.benjemaa at benjemaa.com>
> >
> > To:
> > "Jonathan Zuck" <JZuck at innovatorsnetwork.org>
> > Cc:
> > "h.raiche at internodeon.net" <h.raiche at internode.on.net>, "ALAC List" <
> alac at atlarge-lists.icann.org>, "A t" <staff at atlarge.icann.org>
> > Sent:
> > Wed, 11 Jul 2018 09:33:16 +0100
> > Subject:
> > Re: [ALAC] Draft Principles for GDPR
> >
> >
> > Good morning everyone,
> >
> > I disagree with this statement Jonathan.
> > The registrants represent the active part of the end-users. we are
> responsible to defend their interest.
> > I have heard such reflection, and it always lead to be more aligned with
> the commercial interests. We need to be careful and be always for the
> public interest, not for the political or commercial interests.
> >
> >
> -----------------------------------------------------------------------------
> > Tijani BEN JEMAA
> > Executive Director
> > Mediterranean Federation of Internet Associations (FMAI)
> > Phone: +216 98 330 114
> > +216 52 385 114
> >
> -----------------------------------------------------------------------------
> >
> >
> > Le 10 juil. 2018 à 22:27, Jonathan Zuck <JZuck at innovatorsnetwork.org> a
> écrit :
> >
> > Thanks Holly for getting this started. I guess what we’re after are
> some basic principles on our perspective on the GDPR. The temp spec is the
> temp spec so some of this will apply for sure, if we reach some consensus
> on these but there are areas that are simply part of the law over which we
> don’t have influence. A principle might be something like
> >
> >
> > • The ALAC feels responsible to represent the interests of
> non-registrants more so than registrants as they represent the majority of
> users.
> >
> > I’m not saying we’ve agreed to that but that’s the kind of filter we
> could send our reps in with?
> >
> > Jonathan
> >
> >
> >
> > From: ALAC <alac-bounces at atlarge-lists.icann.org> on behalf of "
> h.raiche at internode.on.net" <h.raiche at internode.onnet>
> > Reply-To: "h.raiche at internode.on.net" <h.raiche at internode.on.net>
> > Date: Tuesday, July 10, 2018 at 5:22 PM
> > To: ALAC List <alac at atlarge-lists.icann.org>, A t <
> staff at atlarge.icann.org>
> > Subject: [ALAC] Draft Principles for GDPR
> >
> >
> > Folks
> >
> >
> > Since we all think principles are a good idea, I have set down the
> basics from the Temporary Spec - very simplistic, but it's a start. What
> we need now is discussion on the principles.
> >
> >
> > Evin - I'm not sure if you have a new wiki page for discussion on the
> temporary spec, but if not, would you create on.
> >
> >
> > And Olivier - the Temporary Spec necessarily will deal with access - at
> the least, guiding principles, so whoever is on the EPDP will have some
> guidance on our red lines on access.
> >
> >
> > So please everyone - comments
> >
> >
> > Thanks
> >
> >
> > Holly
> >
> >
> > Temporary Specification for gTLD Registration Data
> >
> >
> >
> >
> > Principles for requirements to replace the RAA/Registry Requirements
> >
> > (within the context of compliance with the GDPR)
> >
> >
> >
> > Purpose of Collection of Data
> >
> > Quoting from the Temporary Spec – which is quoting from the ICANN Bylaws:
> >
> >
> > purpose is to coordinate the bottom-up, multistakeholder development and
> implementation of policies “[f]or which uniform or coordinated resolution
> is reasonably necessary to facilitate the openness, interoperability,
> resilience, security and/or stability of the DNS including, with respect to
> gTLD registrars and registries”
> >
> >
> > Purpose includes
> >
> > · resolution of disputes regarding the registration of domain
> names (as opposed to the use of such domain names, but including where such
> policies take into account use of the domain names);
> >
> >
> > · maintenance of and access to accurate and up-to-date
> information concerning registered names and name servers;
> >
> >
> > · procedures to avoid disruptions of domain name registrations
> due to suspension or termination of operations by a registry operator or a
> registrar (e.g., escrow); and
> >
> >
> > · the transfer of registration data upon a change in registrar
> sponsoring one or more registered names.
> >
> >
> >
> >
> >
> > the Bylaws specifically obligate ICANN, in carrying out its mandate, to
> “adequately address issues of competition, consumer protection, security,
> stability and resiliency, malicious abuse issues, sovereignty concerns, and
> rights protection”
> >
> >
> >
> >
> > Geographic Coverage of EPDP Outcome:
> >
> > · Apply globally or
> >
> >
> >
> > · Apply only to European Economic Area (the coverage of the GD
> > R) and otherwise lesser requirements (existing RAA requirements?)
> >
> >
> >
> >
> > Data Collected
> >
> > · ‘Thick Whois” – based on the differing uses of the data is listed
> in the purpose above – OR
> >
> >
> >
> > · Some lesser amount of information
> >
> >
> >
> >
> > Consent
> >
> > · Registrants must be told, at the time of collection, what
> personal information is collected, why the collection is necessary to
> achieve the purposes, who will have access and in what circumstances
> access will be given to what information, and all circumstances in which
> the data will be transferred (to Registry, Escrow) and where heldThey must
> also be told their consent can be withdrawn at any time (and consequences
> of withdrawal) and how to withdraw consent
> >
> >
> >
> >
> > Access to Data – Tiered access (largely what is in the Technical
> Specification)
> >
> > · Applies to all Registrants – natural or corporate persons
> >
> >
> >
> > · Information generally publicly available
> >
> >
> >
> > o Registrant name
> >
> >
> >
> > o Anonymised email or other anonymous contact means
> >
> >
> >
> > · Access to other personal information –
> >
> >
> >
> > o Only to accredited entities (not individuals)–
> >
> >
> >
> > o Only in specific circumstances that warrant access
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > ALAC mailing list
> > ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: http://www.atlarge.icann.org
> > ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
> >
> > _______________________________________________
> > ALAC mailing list
> > ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: http://www.atlarge.icann.org
> > ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
>
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20180711/6b20c764/attachment.html>
More information about the ALAC
mailing list