Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For other times: https://tinyurl.com/y7vr37ww

Info

PROPOSED AGENDA


1) Roll Call & SOI Updates (5 minutes)

2) Welcome and Updates from EPDP Team Chair (5 minutes)

    1. Recap EPDP Team F2F meeting
    2. Meeting schedule going forward
    3. Review of outstanding action items
    4. Other updates, if applicable


3) Legal basis for purposes and related processing activities


Objective of discussion:

(1) Agree on legal basis for different purposes and related processing activities


    1. Review legal basis memo outlining how to differentiate between Art 6.1(b) and Art 6.1(f) and discuss how this can be applied to purposes identified and related processing activities
    2. Agree on legal basis for purposes and related processing activities

 4) Review data elements workbook for purpose C - Enable communication or notification to the Registered Name Holder and/or their delegated parties of technical and/or administrative issues with a Registered Name (see https://community.icann.org/x/5AC8BQ)


Objective of discussion:

(1) Review data elements workbook for purpose C as completed by small team during LA F2F meeting

(2) Agree on data elements needed for this purpose as well as responses to different questions in data elements workbook


    1. Review data elements workbook for purpose C
    2. Discuss any outstanding items / questions
    3. Finalize data elements workbook for purpose C


5) Share list of outstanding issues and plan for addressing these


6) Wrap and confirm next meeting to be scheduled for Thursday 4 October at 13.00 UTC.

a)      Confirm action items

b)     Confirm questions for ICANN Org, if any


BACKGROUND DOCUMENTS


Lawful Basis for Processing Testv3(k)(ct).pdf

EPDP Planning - updated 1 October 2018.pdf

ICANN Purpose C - Enable communication or notification to the Registered Name Holder and/or their delegated parties of technical and/or administrative issues with a Registered Name

AUDIO CAST INFORMATION AND VIEW ONLY ADOBE CONNECT FOR ALTERNATES AND OBSERVERS


To join the event, click on the link: 

Listen in browser: http://stream.icann.org:8000/stream01

Listen in application such as iTunes: http://stream.icann.org:8000/stream01.m3u

View-Only Adobe Connect room for alternates and observers: https://participate.icann.org/gnso-epdp-observers



Info
titleRECORDINGS

Mp3

Adobe Connect Recording

GNSO transcripts are located on the GNSO Calendar

Tip
titlePARTICIPATION

Attendance & AC Chat    Chat     

Dial Out Participants: Kurt Pritz, Kavouss Arasteh, Ayden Férdeline, Marika Konings,

Apologies:

Alternates: Apologies: Milton Mueller (NCSG), Matt Serlin (RrSG), Leon Sanchez (ICANN Board), Chris Disspain (ICANN Board)

Alternates: Collin Kurre (NCSG), Lindsay Hamilton-Reid (RrSG)

 

Note

Notes/ Action Items


Please find below the notes and action items from today’s meeting. In order to facilitate the signing up for the small teams, please use the following link https://docs.google.com/document/d/1ChEYy-cZmT3qTD62-HsoVmddD96m6cbkSOv5dmAjmpY/edit?usp=sharing [docs.google.com]. As a reminder, please self-organize and assign max. 1 member from each group per small team. Call details will be sent to all, but only designated members are expected to attend (view only AC will be available for others interested to follow the deliberations).

 =============

 

EPDP Team Meeting #16

Tuesday, 2 October 2018

Notes and Action Items

 

High-level Notes/Actions:

 

Action item #1: add to Purpose C a second processing activity that is focused on disclosure of technical contacts to third parties t to communicate or notify RNH of technical and/or administrative issues (third parties 6.1(f)).

 

Action item #2: Regarding the Legal Basis document, RySG to provide additional data processing steps by Wednesday 3 October COB.

 

Action item #3: EPDP Team to review lawful basis memo and proposed designations for each purpose and processing activity and communicate by Wednesday COB any objections to the proposed designations

 

Action item #4: Leadership to develop methodology to be developed to further consider idea of ICANN having direct contract with registrants.

 

Action item #5: Alan Greenberg to write statement why optional provision of admin/tech contact is important.

 

Action item #6: EPDP Team to review planning and schedule and share any feedback on the list.

 

Questions for ICANN Org from the EPDP Team:

None

 

Notes & Action items

 

These high-level notes are designed to help the EPDP Team navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki at: https://community.icann.org/x/2IpHBQ.

 

1. Roll Call & SOI Updates (5 minutes)

 

  • Attendance will be taken from Adobe Connect
  • Please remember to mute your microphones when not speaking, and state your name before speaking for transcription purposes.
  • Please remember to review your SOIs on a regular basis and update as needed. Updates are required to be shared with the EPDP Team.

 

2. Welcome and Updates from EPDP Team Chair (5 minutes)

 

3. Legal basis for purposes and related processing activities

Objective of discussion:

(1) Agree on legal basis for different purposes and related processing activities

a) Review legal basis memo outlining how to differentiate between Art 6.1(b) and Art 6.1(f) and discuss how this can be applied to purposes identified and related processing activities

b) Agree on legal basis for purposes and related processing activities

  • See memo that was circulated prior to this meeting
  • Lawful test designed by Thomas facilitated the discussions but there was still confusion around what it means "necessary for performance of a contract"
  • Example found from the UK Information Commissioner's Office - processing must be necessary for the delivery of your part of the contract. If the processing is only necessary to maintain your business model more generally, this lawful basis will not apply.
  • Lawful test in combination with example applies to the EPDP Team purposes. Highlighted in blue is where small team came to agreement on lawful basis, those in orange, based on leadership team assessment.
  • For purpose A, does this just concern data for WHOIS or is it broader than that - this is focused on the data that is collected by the registrar, regardless of where it is.
  • Purpose C - focused on registrar communication, but this is mainly for other parties, why is that not included? If it is for other parties, the lawful basis would be 6.1(f). Add second processing activity focused on third parties (6.1(f)). May also be captured under purpose B?
  • May need to distinguish between what is collected and what goes into an RDDS? For example, in relation to Purpose N. Purpose N not limited to Spec 13, would also include Spec 12 gTLDs. Policy recommendations to cover the circumstances and purposes through which additional data elements are collected, even if those are not published or disclosed through RDDS.
  • In Purpose A, is a processing activity missing? Responding to requests from Registered Name Holder for purpose A. Should RNH be mentioned as a separate party? RNH is the data subject.
  • For Purpose A, transmission of registration data - why is this both 6.1(b) and 6.1(f) - isn't protecting against abuse a necessary part of the contract?
  • For Purpose E, isn't this also 6.1(b) as it is part of the broader requirements? Small team discussed what would present best case for success presenting this to DPAs and agreed on 6.1(f).
  • BC would support ICANN Org having a direct relationship with registrant to allow for 6.1(b) if this is currently prevented because ICANN does not have a direct contractual relationship with registrants.
  • For purpose F, why not 6.1(b)? In theory you could abolish contractual compliance and domain name registration would still work, hence 6.1(f) argument.
  • Need additional processing activity in M for party that files complaint and needs access to information. Needs to be further considered.
  • Helpful way to lay this out visually, makes it easier to understand. Groups need a bit more time to review and comment.
  • EPDP Team to review memo and especially link to CIO web-site.
  • Also note that there where disagreement may persist, this could be called out in the Initial Report as a question for which specific input is requested especially from DPAs.

 

Action item #1: add to Purpose C a second processing activity that is focused on disclosure of technical contacts to third parties access to this information to communicate or notify RNH of technical and/or administrative issues (third parties 6.1(f)).

 

Action item #2: Regarding the Lawful Basis document, RySG to provide additional data processing steps EPDP Team to review this document and come back with feedback by Wednesday 3 October COB.

 

Action item #3: EPDP Team to review Lawful Basis memo and proposed designations for each purpose and processing activity and communicate by Wednesday COB any objections to the proposed designations

 

Action item #4: Leadership to develop methodology to be developed Small team to further consider idea of ICANN having direct contract with registrants.  

 

4. Review data elements workbook for purpose C - Enable communication or notification to the Registered Name Holder and/or their delegated parties of technical and/or administrative issues with a Registered Name (see https://community.icann.org/x/5AC8BQ)

Objective of discussion:

(1) Review data elements workbook for purpose C as completed by small team during LA F2F meeting

(2) Agree on data elements needed for this purpose as well as responses to different questions in data elements workbook

a) Review data elements workbook for purpose C

b) Discuss any outstanding items / questions

c) Finalize data elements workbook for purpose C

  • See data elements workbook for purpose C (see https://community.icann.org/x/5AC8BQ)
  • Mandatory fields to be collected under 6.1b, optional fields to be collected under 6.1(a) - consent.
  • What does optional mean? If no admin/tech contact info is provided, does it then default back to the registrant information?
  • If admin/tech contact info is provided, consent will need to be provided by the admin/tech contact.
  • If there is no reason to collect the data, would it go against the principle of data minimisation? Is option that is provided to RNH, only those that want to make use of this would opt for it, not a requirement.
  • In practice it is often a duplicate and no unique information is provided.  
  • You could define two different products: 1 where the registrant acts for all contacts 2 where he / she wishes to designate additional contacts. In such case, both could be 6 I b and collection of third party that would occur based on Art. 14.
  • Why is making it an optional field problematic? As no one is required to do anything? Under GDPR you will still need to explain why data is collected.

 

Action item #5: Alan Greenberg to write statement why optional provision of admin/tech contact is important.

 

5. Share list of outstanding issues and plan for addressing these

  • See planning document circulated prior to the meeting
  • How to sign up for small groups? Groups expected to self-organize - ideally max. 1 rep per group. Could use google doc to have an idea of attendance.

 

Action item #6: EPDP Team to review planning and schedule and share any feedback on the list.

6. Wrap and confirm next meeting to be scheduled for Thursday 4 October at 13.00 UTC.

a) Confirm action items

b) Confirm questions for ICANN Org, if any