Page History
...
Tip | ||
---|---|---|
| ||
Apologies: Raoul Plommer (NCSG), Crystal Ondo (RrSG), Catherine Merdinger (RrSG), Jim Galvin (RySG) Alternates: Juan Manuel Rojas (NCSG), Jothan Frakes (RrSG), Essie Musailov (RrSG), Carolyn Mitchell (RySG) |
Info | ||
---|---|---|
| ||
GNSO transcripts are located on the GNSO Calendar |
Note |
---|
Notes/ Action Items
ACTION ITEMS/HOMEWORK:
Notes: Transfer Policy Review - Meeting #88 Proposed Agenda 25 April 2023
3. Recommendation 27, Wave 1 Items Related to TEAC and TDRP (Transfer Policy Item 4 and TDRP Items 1-5, see pages 53, 55, and 56 of the Final Issue Report [gnso.icann.org]) and the Working Document at: https://docs.google.com/document/d/1GTtkEPJvYNMW27UaJZAGQlSb1BOYRhO7rSbFyb_9dhs/edit?usp=sharing [docs.google.com] Overview:
From the document: 3.11 Transfer Policy 4. Transfer Policy section I.A.4.6.5 provides that both registrars will retain correspondence in written or electronic form of any Transfer Emergency Action Contact (TEAC) communication and responses, and share copies of this documentation with ICANN and the registry operator upon request. This requirement does not appear to be affected by the new Registration Data Policy, which provides for retention of data elements for a period of 18 months following the life of the registration.
NOTE: If the TEAC comms are switched to be via nSP… then 3.11 might need revisiting. 2. TDRP sections 3.1.2(ii), 3.2.1, and 3.5.2 specify complainant contact information to be included in the complaint, which may include personal data. Processing of personal data that is not registration data is expected to be covered in the data processing terms in EPDP recommendations 22 and 26. Question: What DPA would be entered into and how would that affect current negotiations? Are we setting ourselves up for failure if we can’t get a DPA? Answer: Staff isn’t privy to the negotiations on that DPA, but the DPA relating to Rec 22 is in process and it would need to be in place – don’t see any reason why that wouldn’t go through. NOTE: Concern about the need for a DPA and the impact on current negotiations. The Transfer Policy Review PDP WG understands that the personal data processing is expected to be covered by the DPA for EPDP Recommendations 22 and 26. 3. TDRP section 3.1.4 (i)(b) references a "copy of Whois output." The context for this provision is a listing of documentary evidence to be annexed to a complaint by the gaining registrar. This requirement may need to be further defined for clarity on what data the registrar must copy and include. Applying the definition of “Whois data” to have the same meaning as “Registration Data” as provided in EPDP recommendation 24, this would include all data elements that were collected by the registrar. 4. TDRP section 3.1.4(ii)(c) enumerates the materials to be annexed to a complaint by the losing registrar. This provision specifies that the losing registrar is expected to provide a history of any Whois registration data changes made to the applicable registration. This requirement may need to be further defined as to what constitutes Whois modifications i.e., changes to public and/or non-public data elements. This provision may also need to be revised to clarify the scope of history available to the registrar, as it can only go as far back as data is retained. If the relevant data retention policy and uses of registration data including TDRP were disclosed to the data subject at the time of registration, this should cover such disclosure within the applicable period. NOTES: Public versus non-public data elements – privacy/proxy customer data may also come into play. Another question: Does this relate only to contact objects/data, or also host name server services? Name servers could be applicable to a TDRP. 5. TDRP section 3.2.4 provides that a panel appointed by a TDRP provider will “review all applicable documentation and compare registrant/contact data with that contained within the authoritative Whois database and reach a conclusion not later than thirty (30) days after receipt of Response.” This provision relies on comparison with the "authoritative Whois database," which does not have a clear analogue in the new Registration Data Policy. […see the Working Document] Discussion:
ACTION ITEM: In the Recommendation 27, Wave 1 Working Document: Staff to revise the text based on the feedback from the WG members during the meeting on 25 April. See:https://docs.google.com/document/d/1GTtkEPJvYNMW27UaJZAGQlSb1BOYRhO7rSbFyb_9dhs/edit?usp=sharing [docs.google.com]. 4. AOB |