The call for the Transfer Policy Review PDP Working Group will take place on Tuesday, 25 April 2023 at 16:00 UTC for 90 minutes.

For other places see: https://tinyurl.com/jekr9bk5

PROPOSED AGENDA

  1. Roll Call & SOI updates
  2. Welcome and Chair Updates
  3. Review of any new Fast Undo Proposals, if applicable (see section I.C. of the working document [docs.google.com])
  4. Time permitting – Recommendation 27, Wave 1 Items Related to TEAC and TDRP (Transfer Policy Item 4 and TDRP Items 1-5, see pages 53, 55, and 56 of the Final Issue Report [gnso.icann.org])
  5. AOB

BACKGROUND DOCUMENTS


PARTICIPATION

Apologies: Raoul Plommer (NCSG), Crystal Ondo (RrSG), Catherine Merdinger (RrSG), Jim Galvin (RySG)

Alternates: Juan Manuel Rojas (NCSG), Jothan Frakes (RrSG), Essie Musailov (RrSG), Carolyn Mitchell (RySG)

Attendance

RECORDINGS

Audio Recording

Zoom Recording

GNSO transcripts are located on the GNSO Calendar

Notes/ Action Items

 

ACTION ITEMS/HOMEWORK:   

  1. In the Recommendation 27, Wave 1 Working Document: Staff to revise the text based on the feedback from the WG members during the meeting on 25 April.  See: https://docs.google.com/document/d/1GTtkEPJvYNMW27UaJZAGQlSb1BOYRhO7rSbFyb_9dhs/edit?usp=sharing [docs.google.com].
  2. Ongoing -- Small Team to develop a proposal/language to codify the informal transfer resolution process is continuing its work.  Volunteers: Jody Kolker, Rich Brown, Owen Smigelski Juan Manuel Rojas, Zak Muscovitch and Jothan Frakes.

 

Notes:

Transfer Policy Review - Meeting #88

Proposed Agenda

25 April 2023

 

  1. Roll Call & SOI updates
  2. Welcome and Chair Updates
  • Small Team to develop a proposal/language to codify the informal transfer resolution process is continuing its work.   Will bring their proposal back to the group.  Meeting again later today. 

      3. Recommendation 27, Wave 1 Items Related to TEAC and TDRP (Transfer Policy Item 4 and TDRP Items 1-5, see pages 53, 55, and 56 of the Final Issue Report [gnso.icann.org]) and the Working Document at: https://docs.google.com/document/d/1GTtkEPJvYNMW27UaJZAGQlSb1BOYRhO7rSbFyb_9dhs/edit?usp=sharing [docs.google.com]

Overview:

  • Looking at how Rec 27 impacts the Transfer Policy – specifically today looking at the TDRP and TEAC.


From the document:

3.11 Transfer Policy

4. Transfer Policy section I.A.4.6.5 provides that both registrars will retain correspondence in written or electronic form of any Transfer Emergency Action Contact (TEAC) communication and responses, and share copies of this documentation with ICANN and the registry operator upon request. This requirement does not appear to be affected by the new Registration Data Policy, which provides for retention of data elements for a period of 18 months following the life of the registration.

  1. TDRP section 2.2, Statute of Limitations, provides that a dispute must be filed within 12 months of the alleged violation. This is the stated basis for the EPDP Team’s Phase 1 recommendation 15 requiring registrars to retain only those data elements deemed necessary for the purposes of the TDRP, for a period of fifteen months following the life of the registration plus three months to implement the decision, as the TDRP has “the longest justified retention period of one year.” Accordingly, this provision can be maintained under the Registration Data Policy.


NOTE: If the TEAC comms are switched to be via nSP… then 3.11 might need revisiting.


2. TDRP sections 3.1.2(ii), 3.2.1, and 3.5.2 specify complainant contact information to be included in the complaint, which may include personal data. Processing of personal data that is not registration data is expected to be covered in the data processing terms in EPDP recommendations 22 and 26.


Question: What DPA would be entered into and how would that affect current negotiations?  Are we setting ourselves up for failure if we can’t get a DPA? Answer: Staff isn’t privy to the negotiations on that DPA, but the DPA relating to Rec 22 is in process and it would need to be in place – don’t see any reason why that wouldn’t go through.


NOTE: Concern about the need for a DPA and the impact on current negotiations.  The Transfer Policy Review PDP WG understands that the personal data processing is expected to be covered by the DPA for EPDP Recommendations 22 and 26.


3. TDRP section 3.1.4 (i)(b) references a "copy of Whois output." The context for this provision is a listing of documentary evidence to be annexed to a complaint by the

gaining registrar. This requirement may need to be further defined for clarity on what data the registrar must copy and include. Applying the definition of “Whois data” to

have the same meaning as “Registration Data” as provided in EPDP recommendation 24, this would include all data elements that were collected by the registrar.


4. TDRP section 3.1.4(ii)(c) enumerates the materials to be annexed to a complaint by the losing registrar. This provision specifies that the losing registrar is expected to

provide a history of any Whois registration data changes made to the applicable registration. This requirement may need to be further defined as to what constitutes Whois modifications i.e., changes to public and/or non-public data elements. This provision may also need to be revised to clarify the scope of history available to the registrar, as it can only go as far back as data is retained. If the relevant data retention policy and uses of registration data including TDRP were disclosed to the data subject at the time of registration, this should cover such disclosure within the applicable period.


NOTES: Public versus non-public data elements – privacy/proxy customer data may also come into play.  Another question: Does this relate only to contact objects/data, or also host name server services?  Name servers could be applicable to a TDRP.


5. TDRP section 3.2.4 provides that a panel appointed by a TDRP provider will “review all applicable documentation and compare registrant/contact data with that contained within the authoritative Whois database and reach a conclusion not later than thirty (30) days after receipt of Response.” This provision relies on comparison with the "authoritative Whois database," which does not have a clear analogue in the new Registration Data Policy. […see the Working Document]


Discussion:

  • We might need to define better than “broadly relevant”.
  • Process is similar to TDRP.
  • Think there are two ideas in the Working Document: 1) TDRPs could be similar to a UDRP – as of now there isn’t a similar process to verify the current RNH; could be the same process for verification as UDRP; or 2) looking at evidence from both parties and panel makes its decision based on the information submitted.
  • Problem in a TDRP if a party doesn’t provide any information (option 2).
  • The way the FOA works is different now – might be worth thinking about changes to the Transfer Process being proposed – how are those impacted? 
  • This will be incomplete until the final draft recommendations for the Transfer Policy.
  • We are reminding you that these are still here and need to be considered.
  • RySG provided input on this too.
  • We need to think about how each step in the process could be documented with evidence. We're already thinking about that re TEAC - how to prove a phone call happened, etc.
  • Concerns about how verification statements are handled in the UDRP.
  • I think the Rr has to provide the registration data to the UDRP panel when they are notified that the UDRP is started?


ACTION ITEM: In the Recommendation 27, Wave 1 Working Document: Staff to revise the text based on the feedback from the WG members during the meeting on 25 April.  See:https://docs.google.com/document/d/1GTtkEPJvYNMW27UaJZAGQlSb1BOYRhO7rSbFyb_9dhs/edit?usp=sharing [docs.google.com].


4. AOB


  • No labels