FINAL VERSION SUBMITTED (IF RATIFIED)
The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote.
FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC
The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.
DRAFT SUBMITTED FOR DISCUSSION
The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).
v05:
Third draft of ALAC advice (13 April):
Second draft of ALAC advice (10 April):
First draft of ALAC advice:
9 Comments
Evin Erdogdu
Copy of mailing list thread
On Thu, 4 Apr 2019, 17:54 Carlton Samuels wrote:
Evin Erdogdu
Copy of mailing list thread
Seun Ojedeji's reply to Carlton:
Hello Carlton,
I hear you loud and clear, but if we are being realistic, I think the level of representation that exist within the ePDP may be a factor on how far one can push these things. I have heard a couple of times that the numbers don't matter but how loud we "constructively" scream, well within ICANN, that's probably nothing more than a good motivational speech.
Attempts has been made to get this through via the ePDP without luck and since ALAC practically has a milk teeth on ePDP, I don't think it will be out of order to utilize that which we've always been reminded of as being our role, which is to advice; hopefully there are still some permanent teeth left in there.
Regards
Evin Erdogdu
Copy of mailing list thread
On Thu, 4 Apr 2019, 09:06 Bastiaan Goslings wrote:
Evin Erdogdu
Copy of mailing list thread
Seun Ojedeji's reply to Bastiaan Goslings:
Dear Bastiaan, all
Thanks Alan (and Haidia?) for this draft,
On the geographic differentiation am more inclined towards maintaining our request for it to be discussed at phase2. During the early discussion of phase 1, a few members of the ePDP including (ALAC) made an attempt to push for a scenario where we use this opportunity to address (or provide a foundation for) a system that will not only address GDPR but also address other privacy related laws that may spring up from other parts of the world. There was a significant push back from the contracted side (including NCSG) strongly(and rightly so) insisting that this was an exercise solely meant for GDPR. I then wonder why the ePDP would want to apply the GDPR globally when it in "theory/practice" does not "protect/affect" the global users.
So I think and believe that we still need to make that distinction and differentiation. If that differentiation exist then it will be easier to evaluate the effect of GDPR with regards to data of users "protected" by it and those who are not and perhaps it will help appreciate the good/bad of the GDPR syndrome. An attempt to apply a regional policy to global users should not be supported by ALAC.
That said, I will suggest that the security point being enumerated under the geographic differentiation(from the moreover paragraph) should perhaps be assigned a sub heading as it's an important point that needs to be maintained even if we decide not to keep the geographic differentiation concern.
Regards
PS: Unless otherwise stated, my views here are always as an end user and not representative of the views of any other hats I may wear.
Evin Erdogdu
Copy of mailing list thread
On Thu, Apr 4, 2019 at 5:32 AM Marita Moll wrote:
Evin Erdogdu
Copy of mailing list thread
Maureen Hilyard's reply to Marita:
Thank you Marita for this concise and helpful summary of the current discussion. Like you I think that if we are to be making advice to the Board it should suggest an alternative approach to an issue of concern rather than disagreeing with what has already been decided or will be discussed in phase 2. Our advice needs to be innovative.
My 2c as I unfortunately haven't had enough time in the day to follow all the details.
Maureen
Evin Erdogdu
Copy of mailing list thread
Evan Leibovitch's reply to Seun Ojedeji:
On Thu, 4 Apr 2019 at 14:41, Seun Ojedeji wrote:
This is a truism for far more than this PDP. ;-)
I agree with and support Carlton's and Siva's PoV.
Seun, we KNOW from experience that our advice usually falls on deaf ears, especially when it runs afoul of industry entitlement. We are heeded when convenient and bypassed when not. As such, it is frustrating to me to encounter the all-too-frequent argument that we should tone down our views with the aim of being "realistic", that our opening position be one of compromise. Those wanting to act in the corporate interest rather than the public interest have historically lacked such a sense of chivalry. As a result this tactic is proven to fail, let's not keep repeating it.
If arguments strongly asserting (our collective view of) the public interest are "unrealistic", then that speaks more to ICANN's reality than our own.
--
Evan Leibovitch, Toronto Canada
Evin Erdogdu
Copy of mailing list thread
Bastiaan Gosling's reply to Alan Greenberg:
Hi Alan,
> On 5 Apr 2019, at 21:31, Alan Greenberg wrote:
>
> Bastiaan, let me understand. What we are asking
> for is an opportunity for the EPDP to have a
> discussion weighing the pros and cons - the
> balancing consideration called for under GDPR in
> deciding what data needs to be redacted.
The way I read the draft advise we are arguing for a lot more.
> So you are against the EPDP using the balance
> test prescribed by GDPR - something that was not done during Phase 1?
I’m not sure where you got that from, me supposedly being 'against the EPDP using the balance test prescribed by GDPR’. Let me reiterate myself:
https://mm.icann.org/pipermail/cpwg/2019-March/000986.html
I think I am pretty clear there: while I might disagree with you and others on the substance of the topic, if it was agreed up, based on 'the recollection of the ALAC and SSAC as well as the EPDP Chair’, that the (non-) necessity of geo distinction of registrants would be further discussed and decided on in phase 2, then I will most certainly support us reminding the board of that. But, again, that is not (only) what the draft advice is arguing for IMO.
thanks
Bastiaan
Alan Greenberg
Thanks to Evin for copying these message to the Wiki. My comments follow:
There is no question that more jurisdictions may protect their subjects' privacy, but it is far from universal and more important, we have a principal of not over-complying to such legislation. That is a major issue here. Moreover, it is crucial that we actually have the debate over the benefits of redacting vs not redacting. Even under GDPR privacy is not absolute and can be over-ridden with cause. Note that a number of European ccTLDs do NOT redact "personal" information.
Regarding the last points, the problem is that the WG has consciously decided not to consider certain issues. Making them "sharper" will not help, particularly if they are not on the agenda to discuss at all.
It is not redundant. We are asking that the Board explicitly support considering the pros vs cons. Phase 1 has clearly demonstrated that the SSAC, ALAC and others SAYING we should consider this has fallen on deaf ears and there has been no interest in doing so. Only privacy issues and costs or liabilities to contracted parties has been considered.
On 4, see my answer to Bastiaan. The group has shown no interest in having a full debate. There has been mention of a study (for Geographic differentiation as well) and I think it is a good idea to reiterate it here. The EPDP has seemingly decided that we will address access issues before returning to phase 1 items, so we will have time for such a study.
This is not the place to suggest an alternative approach to the substantive issue. The Board is not in a position to make decisions on these issues. It is up to the PDP to do that, as long as it is convened. All we can do is make it clear to the Board that the discussions may not happen if they do not take action.
The wording in the draft is "The ALAC advises the Board to request [require] that the issue of geographic differentiation be re-opened during the EPDP Phase 2 in light of the new legal opinion and the lack of considering the competing needs of privacy vs the benefits of non-redaction on cyber-security activities and that the ensuing discussion factor in the needs of those using the data for cyber-security and other legitimate purposes."
That is: Have the discussion and consider all issues including the ones that were ignored in Phase 1.
The revised version includes a 4th item of advice requesting that a study be done on how other entities have implemented legal/natural and geographic differentiation (in light of contracted parties saying both are too difficult and too risky) and a study on the impact of the Temprary Spec implementation on cyber-security efforts.