There will be a GNSO Next-Gen RDS PDP Working Group teleconference on Tuesday, 30 January 2018 at 17:00 UTC for 90 minutes.
09:00 PST, 12:00 EST, 17:00 London GMT, 18:00 Paris CET
For other times: https://tinyurl.com/y8fvz6ru
PROPOSED AGENDA
1. Roll Call/SOI Updates
2. Discuss list of criteria that make purposes legitimate for processing
a. See GDPR definition of processing and Q2 poll results
b. Determine next steps to reach agreement on criteria
3. Discuss list of purposes to determine which are legitimate for processing based on criteria
a. See list of DT-defined possible purposes and Q3 poll results
b. Determine next steps to reach agreement on purposes
4. Confirm agreements for polling & next steps
5. Confirm next meeting: Tuesday 6 February at 17:00 UTC
BACKGROUND DOCUMENTS
Call Handouts:
- Handout-30January-RDSWGCall.pdf and PPT (to be posted)
- Summary of Comments from 24 January Poll
24 January Call poll (closed COB Saturday 27 January)
- Link to participate: https://www.surveymonkey.com/r/LQC2YJH
- PDF of Poll Questions: Poll-from-24January-Call.pdf
- SurveyMonkey Summary Poll Results: SummaryResults-Poll-from-24JanuaryCall.pdf
- SurveyMonkey Raw Data Poll Results: RawDataResults-Poll-from-24JanuaryCall.zip and XLS
- Annotated Poll Results: AnnotatedResults-Poll-from-24January.pdf
RECORDINGS
PARTICIPATION
Apologies: Bastiaan Goslings, Michele Neylon, Tim O'Brien, Stephanie Perrin, Marika Konings (staff)
Notes/ Action Items
1. Roll Call/SOI Updates
- Please mute when not speaking and give your name when speaking for the transcript
- SOI Updates:
- Andrew Sullivan will be a member of the IETF Administrative Oversight Committee starting at the IETF meeting in March
- Chuck Gomes updated his SoI to reflect his support from Verisign although he is no longer representing Verisign's interests or the RySG
- Mason Cole has left Donuts and joined Perkins Coie
- Confirm Alex Deacon as a member of the WG Leadership Team to replace Susan.
Action: Chair to confirm change of VC on mailing list.
2. Discuss list of criteria that make purposes legitimate for processing
a. See GDPR definition of processing and Q2 poll results
- Handout: https://community.icann.org/download/attachments/79431666/Handout-30January-RDSWGCall.pdf
- Question 2 from last week's poll:
Do you support the proposed WG Agreement from last week: Criteria to be used to determine whether any proposed purpose is legitimate for processing registration data are: a) In support of ICANN's mission; b) A legitimate interest pursued by the data controller; c) Necessary for the fulfillment of a contract; d) Inherent to functionality of the DNS; e) In the public interest; or f) Necessary for compliance with a legal obligation. - See GDPR definition on handout slide 3
- Comment Summary: https://community.icann.org/download/attachments/79431666/CommentSummary-24JanuaryPoll-v3.pdf
- Overall, 54% supported ALL listed criteria
- Comment Summary shows level of support for each listed criteria, ranging from 74 - 57%
- Summary also shows level of explicit opposition to each listed criteria
- General Comments Discussion:
- All are encouraged to review the AC recording or transcript of the previous call to catch up before participating poll whenever possible - this will improve efficiency of discussions
- Does anyone disagree with the statement that this list of criteria must be non-exhaustive?
- Comments: Criteria should be fixed because ICANN's mission is fixed, GDPR should apply to personal data collected in applicable jurisdictions, as Internet evolves we may find that other data is needed so cannot be static, "Valuable and useful to law enforcement" is not enough to mandate collection - or another view: it is if that information is deemed important for protecting the DNS. and confidence in it
Option a) In support of ICANN's mission
- 74% support, 1 person explicitly opposed this criteria
- Comments about Option a:
- Are a) AND d) the only valid criteria? No, they are required but other reasons are valid as well
- Do we need to examine all of the criteria before polling (as we did on the last call)?
- Show of hands show more disagreement than agreement at this stage of discussion
- Proposal: (a) would better be phrased as "not inconsistent with ICANN's mission"
- Conclusion: Reasonably strong support for a) as one criteria for determining whether a purpose is legimate for processing registration data in some way.
Option b) A legitimate interest pursued by data controller(s)
- 60% supported, 7 comments explicitly opposed this
- Comments about Option b:
- Not clear at this point precisely who the data controllers ARE
- This shouldn't exclude legitimate interests of third parties or data processors as enumerated by GDPR
- This is a legal basis for processing not a criteria or a purpose
- Why do we have criteria other than a) and d) or e)?
- Are "third parties" = "operators on the Internet not involved in the registration of the domain name"
- Is this a proxy discussion for how WG members view availability of registration data?
- Conclusion: Possible approach to simplify list without enumerating all of the legal bases from GDPR:
- The list of criteria could be [ a) plus d) ] plus a new criteria that the purpose must satisfy at least one legal basis for processing as defined by GDPR and other data protection laws (where a/d may be reworded)
- Is a) a superset of d) - if so are both needed? They are not exclusive.
- What is the implication of AND or OR in the proposed WG agreement? Would a purpose have to satisfy all 3 (AND) or just one (OR)?
b. Determine next steps to reach agreement on criteria
Proposed WG agreement (subject to revision and confirmation via poll): The WG will use the following non-exhaustive list of criterion to determine if any proposed purpose for processing registration data may be legitimate: (a) The purpose must not be inconsistent with ICANN's mission, (d) The purpose must be inherent to the functionality of the DNS, AND (x) The purpose must satisfy at least one legal basis for processing as defined by data protection laws.
Action: Leadership team to refine above proposed agreement to develop poll about this point, along with repeat of Q3 from last week's poll, with additional granularity, based on agreed criteria. WG members encouraged to participate in poll no later than Saturday COB.
3. Discuss list of purposes to determine which are legitimate for processing based on criteria - DEFERRED TO NEXT WEEK
4. Confirm agreements for polling & next steps
Action: Chair to confirm change of VC on mailing list.
Proposed WG agreement (subject to revision and confirmation via poll): The WG will use the following non-exhaustive list of criterion to determine if any proposed purpose for processing registration data may be legitimate: (a) The purpose must not be inconsistent with ICANN's mission, (d) The purpose must be inherent to the functionality of the DNS, AND (x) The purpose must satisfy at least one legal basis for processing as defined by data protection laws.
Action: Leadership team to refine above proposed agreement to develop poll about this point, along with repeat of Q3 from last week's poll, with additional granularity, based on agreed criteria. WG members encouraged to participate in poll no later than Saturday COB.
5. Confirm next meeting: Tuesday 6 February at 17:00 UTC
- February call schedule Tuesdays @ 17:00 except for Wednesday Feb 21 @ 06.00
