Versions Compared

Old Version 13

changes.mady.by.user Lisa Phifer

Saved on

compared with

New Version Current

changes.mady.by.user Terri Agnew

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

7. Confirm next steps & next meeting


Mp3

Transcript

AC Chat

Attendance

Joining late: 

Apologies: Ayden Férdeline, Stefania Milan, Susan Prosser, Andrew Sullivan, Greg Shaton, Amr Elsadr, Richard Leaning, Peter Kimpian, Olevie Kouami

On audio only: 

Reference Documents

RDSPurpose-InputsSummaries-1May.pdf

RDSData-InputsSummaries-1May.pdf

RDSPrivacy-InputsSummaries-1May.pdf

RDS-PDP-Phase1-FundamentalQs-SubQs-MindMap-2May 2016.pdf 

 None

 


Notes and Action ItemsRDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf  

1.   Roll Call / SOI

2.   Update from sub-teams - overview of final template (sub-team leads) 

  • Thanks to all sub-teams for their work in pulling together inputs and summarizing them
  • We are now regrouping as a full WG and will start with an update from each team leader on the sub-team outputs
  • Data Sub-Team Readout:   RDSPurpose-InputsSummaries-1May.pdf

 - A couple of summaries still pending but will be added in the next couple of days
 - Quite a lot of information there to help bring WG members up to speed on inputs relevant to RDS requirements related to data elements

 - Excellent support from sub-team members and staff
 - For those who haven't participated in the discussion of purporse of registration data, the sub-team's output includes summaries of 30-40 documents relevant to the question of purpose
 - They include A29, 2009 European charter on fundamental data rights, the WHOIS RT 2012 was cited a lot in our work, the EWG recommendations was probably the most controversial, and the SAC055 report was also helpful. If I was new to this, I would review those first but others summarized by the purpose team are also helpful for this question
- Additional comments from purpose sub-team members:
- Purpose is a term of art/legal term in the EU under the EU Data Protection Directive and others, it has been interpretted carefully by the A29 WP in a lengthy opinion. Doc is included in the list and was summarized by Stephanie
- Another member got the impression from the documents reviewed that the purpose definition was quite broad. We should all look at the text before we make judgments about how narrow/specific something is  

- Privacy team identified and summarized many documents - a good bit of overlap with the Purpose list but often summarized by different people from different perspectives, so useful to read all summaries of same input
- Among the inputs identified as most relevant by the sub-team are: SAC054, EWG recommendations, EU Data Protection Directive, Council of Europe's Treaty 108, Professor's Greenleaf's articles on trends and laws, A29 Opinion 2/2003 on the application of data protection principles to WHOIS directories, the Thick WHOIS PDP report and legal review provided to the implementation review team, other A29 correspondence with ICANN. Two additional inputs were flagged as highly relevant by some but not all agreed: Schrems v. Data Protection Commissioner (2015) and McIntyre v. Ohio Elections Commission.
- Additional comments from purpose sub-team members:
- Stephanie is still working on summary of A29 Opinion 6/2004 on the legitimate interests of data controllers w/r/t any impact that new EU data protection regulations may have on this opinion
- As additional documents become relevant to our work, they will need to be taken into account
- See Professor Greenleaf's article and summary for information on emerging trends as well as comprehensive list of data protection laws
- Purpose and Privacy overlap - can be helpful to look at purpose through the prism of DP laws
- Chat comments on this topic from other WG members:
- Data protection regulation will supplant the framework directive, not coexist with it.  (Once the regulation comes into force in 2018)
- Article 29 WP 76 Opinion 2/2003  is in the summaries and does say "registration of domain names by individuals raises different legal considerations than that of companies or other legal persons registering domain names" ... "the publication of certain information about the company or organisation (such as their identification and their physical address) is often a requirement by law in the framework of the commercial or professional activities they perform
- Should the privacy team should include more documents about limitations of privacy rights?  Article 29 WG in 2006 stated that companies do not necessarily have a right to privacy and that imposes an obligation on us to explore that limitation and others"
- Should the privacy team add some of the legal analysis that was presented to the PPSAI group

...

?
- There are really two issues in the quesion: what data is needed (purpose of collecion will focus on why the information is collected) and then what of that information should be available - and to whom
- Does any data currently collected and disclosed via Whois meet the EU definition of "senstitive data"?
- It's not just the privacy of individuals that is protected under data protection laws, but of course, that of human rights groups, minority political groups, minority ethnic and sexual groups. This is covered in the privacy sub-team's summaries, which sub-team members may highlight after the call. 
- Should we make a distinction between personal data of individuals and data from a company or commercial enterprise?
- Re: privacy, UN’s website on Right to Privacy in the Digital Age states that the “right to privacy under international human rights law is not absolute” and one can interfere with the right to privacy where it’s necessary, legitimate, and proportional." and all I've read in A29 seems to support this
- Article 19 - Freedom of Expression extends to organizations as well as individuals (and many organizations are organized as "companies" for tax purposes).
- How does Freedom of Expression relate to registration data?
- Noted that protection of human rights is not included in the privacy group's summaries.
- Human rights protections must be considered, but constitutional proections vary from place to place and aren't universally adopted. 
- Are we conflating two principles? Question as to whether chat accurately reflects A29 Opinion. All WG members should review A29 opinions and all sub-team summaries of them.
- We may need to introduce some nuance into how we talk about individuals vs companies' right to privacy. 
- "Sensitive speech:" also has privacy protections, especially when the organizations are engaged in categories of expression protected under law.
- National law provides more rights to employees in some jurisdictions than in others....but that does not invalidate the principle that we must consider the implications of protection, use and disclosure on groups and individuals.

  • All of these sub-team outputs were created to inform the full WG as it continues its phase 1 work.
  • Thank you to the sub-teams. While more summaries can always be added as further key inputs are identified, this initial sub-team assignment has now been completed.
     
  • Question: New RAA includes additional requirements w/r/t data collection, how will this PDP WG's recommendations impact those requirements?
    Answer: Registries and registrars have an obligation to follow consensus policies and commit to following them even before we know what they'll be. 
    In this PDP WG"s phase 1 work, the WG will make a recommendation about whether a new RDS is needed or WHOIS can be modified to meet requirements, as well as whether to continue to phases 2-3 to make policy recommendations. 
    Phase 2 will draft new consensus policies, phase 3 implementation guidance. 
    This PDP WG will make recommendations for consensus policies, give those to the GNSO council. 
    The GNSO council will decide whether to recommend adoption to the board.
    Only when the board approves the recommended consensus policies do they then get implemented into the registry and registrar agreements. 
    This long process can change future contractual requirements - new consensus policies would be incorporated into agreements with registries and registrars. 
    Part of the board's motion to adopt new consensus policies typically tasks staff with making adjustments to contracts and forming an implementation review team to implement the new policies in as efficient and timely manner as possible. 
    No need for renegotiation of agreements.
    From Chat: For example, see Section 2.2 of Registry Agreement: Compliance with Consensus Policies and Temporary Policies.  Registry Operator shall comply with and implement all Consensus Policies and Temporary Policies found at <http://www.icann.org/general/consensus-policies.htm>, as of the Effective Date and as may in the future be developed and adopted in accordance with the ICANN Bylaws, provided such future Consensus Polices and Temporary Policies are adopted in accordance with the procedure and relate to those topics and subject to those limitations set forth in Specification 1 attached hereto (“Specification 1”).  

3.   Review updated mind map (revised)

...

5   Outreach to SO/ACs/SG/C to request early input (revised)

  • See RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf 
  • We are at a point now where we an do early outreach to SOs, ACs, GNSO SGs/Cs, and perhaps broader community to gather input to inform the WG.
  • Draft prepared by leadership group for WG review and comment.
  • Highlights of request for input:
    • Template (format used for other PDPs) to fill out to respond to specific questions.
    • Provides WG progress to date and asks for input on completeness of key inputs identified to date. Are there any docs that are missing or that haven't been identified as relevant but should be and why.
    • The issue report, comments on issue report, and other past inputs - are those inputs still relevant or does any input need to be updated to reflect that group's input to the WG.
    • Are there any charter questions that are missing and should be taken into account by the WG?
    • Any other input not noted above.
    • PDP process requires min 35 days, WG can extend if more time needed but idea is to have input ASAP.
  • Critical that each WG member reach out to their own group and serve as facilitator to solicit early inputs.

  • WG members should feel free to suggest edits to make sure this is an effective outreach to solicity early input.

  • Questions: Response time (35 days min but some groups may require longer), who to include in broader community (eg DPAs?)

...

Action item: Staff to schedule early leadership team meeting (possibly Wednesday of this week) to finalize draft work plan for distribution to full WG


Reference Documents

RDSPurpose-InputsSummaries-1May.pdf

RDSData-InputsSummaries-1May.pdf

RDSPrivacy-InputsSummaries-1May.pdf

RDS-PDP-Phase1-FundamentalQs-SubQs-MindMap-2May 2016.pdf 

RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf  

Latest versions of all sub-team outputs: https://community.icann.org/x/p4xlAw.

Membership of the sub-teams: https://community.icann.org/x/DDCAAw