AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

Public Comment CloseStatement
Name 

Status

Assignee(s)

Call for
Comments Open		Call for
Comments
Close 		Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

21 June 2019

ALAC Feedback on EPDP Phase II

Note: Not a formal ICANN public comment.

SUBMITTED

Alan Greenberg

Hadia Elminiawi

21 June 2019

EPDP Staff

Hide the information below, please click here 

EPDP Phase II

Reference:   "Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data – Phase 2 Input Template, 30 May 2019":

CPWG presentation:
 

Reference: 9 June email from EPDP II Chair Janis Karklins with "EPDP Team input in response to GNSO Council's request":

EPDP Input - 

Email message - 

Dear Keith,

Following the request of the GNSO Council for the EPDP Team to identify any questions, comments or concerns to be shared with the ICANN Board in relation to their action on the EPDP Phase 1 Recommendations, 3 groups provided their feedback (see Annex A) which the EPDP Team discussed during its meeting on 6 June 2019. Although there was not sufficient time to formalize and agree on an EPDP Team response, the team felt it important to share the different perspectives with you to help inform the Council’s preparation for the consultation process with the ICANN Board. My take-away from the discussion was that:

  • In relation to purpose 2, there is general understanding for why the Board decided to not adopt this purpose and the EPDP Team confirms that it considers it firmly within its scope for phase 2 to further review this purpose in the context of the System for Standardized Access / Disclosure (SSAD);
  • For recommendation #12, some additional context has been provided that may help explain the thinking behind the EPDP Team’s original recommendation. However, there is no agreement at this stage on whether or not the Board’s non-adoption should be supported.

The EPDP Team understands that following the GNSO Council’s consultation with the ICANN Board you will follow up with us to provide an update on dialogue with ICANN Board and request further input on the possible next steps for GNSO Council. The EPDP Team stands ready to assist as needed.

Best regards,

Janis Karklins 

Reference: AIs from 22 May CPWG call

FINAL VERSION SUBMITTED (IF RATIFIED)

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 

The ALAC is not in a position to provide detailed guidance on the 
specific issues to be addressed during phase 2 in response to this 
consultation.  Our previous applicable statements still stand and the 
ALAC and its representatives on the EPDP of course reserve the right 
to provide input and comment as the work progresses.

There are two areas where the ALAC has specific comments:

1. Redacted Data elements: To keep the work of the EPDP at a 
reasonable level, the ALAC suggests that, where applicable, instead 
of dealing with redacted data on an element-by-element basis for each 
class of request any category of requester, that the data elements be 
grouped together based on similar characteristics and impact. 
Specifically, the ALAC suggests that the EPDP group fields together 
in 4 categories:

a) Registrant Name and Organization (if redacted)
b) Registrant contact fields
c) Tech name and contact fields
d) Other redacted fields (Registry Domain ID, Registry Registrant ID

2. For OCTO (Office of the Chief Technology Officer), subject to 
requirements to keep data confidential, OCTO should have access to 
any data it requests for research and threat analysis. If ICANN were 
a typical data controller, it would automatically have such data 
without any further consideration.


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.

Vote N/A


The ALAC is not in a position to provide detailed guidance on the 
specific issues to be addressed during phase 2 in response to this 
consultation.  Our previous applicable statements still stand and the 
ALAC and its representatives on the EPDP of course reserve the right 
to provide input and comment as the work progresses.

There are two areas where the ALAC has specific comments:

1. Redacted Data elements: To keep the work of the EPDP at a 
reasonable level, the ALAC suggests that, where applicable, instead 
of dealing with redacted data on an element-by-element basis for each 
class of request any category of requester, that the data elements be 
grouped together based on similar characteristics and impact. 
Specifically, the ALAC suggests that the EPDP group fields together 
in 4 categories:

a) Registrant Name and Organization (if redacted)
b) Registrant contact fields
c) Tech name and contact fields
d) Other redacted fields (Registry Domain ID, Registry Registrant ID

2. For OCTO (Office of the Chief Technology Officer), subject to 
requirements to keep data confidential, OCTO should have access to 
any data it requests for research and threat analysis. If ICANN were 
a typical data controller, it would automatically have such data 
without any further consideration.


DRAFT SUBMITTED FOR DISCUSSION

The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).

19 June Alan Greenberg feedback / response to Hadia -

Hadia El Miniawi

June 12, 2019 at 1:08

With regard to recommendation #1 purpose 2, which the board did not adopt and as this purpose was initially a place holder for further review in phase 2. The ALAC would like to make a proposal in relation to the purpose, taking into consideration the board's rational for not adopting it,  the European Council (EC) comments on the team's final report and the previously provided guidance by the European Data Protection Board (EDPB). We suggest replacing purpose two of recommendation one  by " Serving the public interest by maintaining the security, stability and resiliency of the DNS in accordance to ICANN's mission and bylaws".

The rationale behind our proposal is that all purposes should strictly be ICANN purposes, moreover "enabling responses to lawful data disclosure requests" is not a purpose but rather a processing activity.

The aforementioned purpose will need to be analyzed just as we did with all the other purposes in order to determine the processing activities associated with it. The lawful disclosure to relevant third parties as well as to ICANN if requird would result as a processing activity required to satisfy the purpose.  

1 Comment

  1. Alan Greenberg

    Although I agree with Hadia's general proposal, there was significant disagreement when it was discussed among the EPDP Members and Alternates and on the CPWG call, so I do not feel comfortable introducing it at this point, particularly since it was not a specific request in the call for community input.

    The proposal made to the Members and Alternates that was strongly supported was the following:

    The ALAC is not in a position to provide detailed guidance on the specific issues to be addressed during phase 2.  The ALAC and its representatives on the EPDP of course reserve the right to comment as the work progresses.

    There are two areas where the ALAC has specific comments:

    1. Redacted Data elements: To keep the work of the EPDP at a reasonable level, the ALAC suggests that instead of dealing with redacted data on an element-by-element basis for each class of request any category of requester, that the data elements be grouped together based on similar characteristics and impact. Specifically, the ALAC suggests that the EPDP group fields together in 4 categories:

    a) Registrant Name and Organization (if redacted)
    b) Registrant contact fields
    c) Tech name and contact fields
    d) Other redacted fields (Registry Domain ID, Registry Registrant ID

    2. For OCTO (Office of the Chief Technology Officer), subject to requirement to keep data confidential, OCTO should have access to any data it requests for research of threat analysis. If ICANN were a typical data controller, it would automatically have such data without any further consideration.