The next GNSO Next-Gen RDS PDP Working Group teleconference will take place on Wednesday, 22 February at 06:00 UTC for 90 minutes

22:00 PST (Tuesday), 01:00 EST, 06:00 London, 07:00 CET 

For other times: http://tinyurl.com/h8xa8rh

PROPOSED AGENDA: 

1. Roll call / SOI

2. Finalize small group to develop questions to discuss with Data Commissioners in Copenhagen

3. Continue deliberation on the Privacy charter question:

Question 4.1 (revised): For thin data only -- Do existing gTLD registration directory services policies sufficiently address compliance with applicable data protection, privacy, and free speech laws about purpose? If not, what requirements might those laws place on RDS policies regarding purposes associated with thin data?

a. Review & discuss 14 February poll results about this question

b. Capture confirmed agreements in Section 4.1.2 of working draft:

https://community.icann.org/download/attachments/64064540/KeyConceptsDeliberation-WorkingDraft-24January2017.pdf

c. Continue by discussing requirements laws might place on RDS policies regarding purposes associated with thin data

d. Test any possible agreements on this in a poll

4. Apply potential agreements by returning to deliberation on the Purpose charter question:

Question 2.3: What should the over-arching purpose be of collecting, maintaining, and providing access to gTLD registration (thin) data?

a. Refer to Section 2.3.2 of working draft

b. Resume deliberation on this WG's draft statement of purpose

c. Refer to 22FebMeeting-Handout.pdf for supporting materials

5. Confirm action items and proposed decision points

6. Confirm next meeting date: Tuesday 28 February 2017 at 17.00 UTC

Attendance

Apologies: Scott Hollenbeck, Andrew Sullivan (tentative), Steve Metalitz, Farell Folly, Maryan Rizinski 

Dial outs:  Lawrence Owalale Roberts, Daniel Nanghaka, Holly Raiche

Mp3

AC Chat

Transcript

Notes:

These high-level notes are designed to help PDP WG members navigate through the content of the call and are not meant as a substitute for the transcript and/or recording. The MP3, transcript, and chat are provided separately and are posted on the wiki below.

1. Roll call / SOI

  • Roll call will be taken from Adobe Connect
  • Please remind to update your SOIs as needed
  • Please remember to state your name before speaking as well as muting your microphone when not speaking

 

2. Finalize small group to develop questions to discuss with Data Commissioners in Copenhagen

  • Volunteers: Tjabbe Bos, Victoria Sheckler, Brian Scarpelli, Nathalie Coupet, Stephanie Perrin, Stefania Milan, Theo Geurts, Susan Kawaguchi
  • 10-15 questions for Cross-Community Panel, to clarify data protection laws as they related to our WG's work
  • To provide draft list of questions for WG review during next week's WG call (draft due Sunday, to be shared with the WG Monday)
  • Questions to be given to Data Commissioners on the panel and moderator of Cross-Community session (Becky Burr) in advance of that session; may also be addressed during Wednesday RDS PDP WG F2F session by any DC(s) able to attend and guest from Interpol
  • Any other WG member may suggest questions by sending them through their SG reps or to Susan directly

 

Action item #1: small group to work on draft questions for data protection commissions. Everyone to submit ideas / suggestions that may help inform the work of the small group.

 

3. Continue deliberation on the Privacy charter question:

Question 4.1 (revised): For thin data only -- Do existing gTLD registration directory services policies sufficiently address compliance with applicable data protection, privacy, and free speech laws about purpose? If not, what requirements might those laws place on RDS policies regarding purposes associated with thin data?

 

a. Review & discuss 14 February poll results about this question

  • Examined first part of Question 4.1 above
  • Light turnout - 13 participants, plus strong sampling during last week's WG call as well
  • Q2) Agreement: As a WG, we need to agree upon a purpose statement for the RDS - 12:1 in support
  • Q3) Agreement: Existing gTLD RDS policies do NOT sufficiently address compliance with applicable data protection, privacy, and free speech laws about purpose - 11:2 in support
  • Comments -
    (1) Currently have a contract with requirements that are in conflict with some national laws, so don't think ICANN can take a hands-off approach. Recommendations of this WG may result in changes to that contract.
    (2) Existing hands-off approach is not working; must face responsibilities.
    (3) Note recent GNSO council decision on WHOIS conflicts with local law: https://gnso.icann.org/en/council/resolutions#201702
    (4) Is there confusion between collection and access in this general agreement?

 

b. Action item #2: Staff to capture confirmed agreements in Section 4.1.2 of working draft: https://community.icann.org/download/attachments/64064540/KeyConceptsDeliberation-WorkingDraft-24January2017.pdf

 

c. Continue by discussing requirements laws might place on RDS policies regarding purposes associated with thin data

  • See slides presented during meeting
  • Key concepts to be considered when drafting a purpose specification:
  • Data processing must be proportionate in relation to the legitimate purpose pursued
  • Data processing must strike a fair balance between all interests concerned (public or private) and the data subject's rights and freedoms at stake
  • Each party shall provide that data processing can be carried out on the basis of free, specific, informed and unambigous consent or some other legitimate basis laid down by law
  • Personal data undergoing processing shall be processed lawfully, fairly, and in a transparent manner
  • Personal data undergoing processing:

o    shall be collected for explicit, specified and in a legimate purposes.

o    shall not be processed in a way incompatible with those processes.

o    may be further processed if there is a legitimate aim for further processing and all legal requirements for further processing are met.

o    Shall be adequate, relevant, and not excessive iin relation to the purposes for whcihthat personal data are processed.

  • Data privacy has been focus of recent meetings to fully understand data privacy issues so that those can be addressed as part of the requirements, noting that there is room for exceptions such as rights (see also #2 of key concepts).
  • Until there is a defined purpose, it will be difficult to respond to question 4.1 and even the key concepts. Likely to continue to be an iterative process also as other questions are addressed such as data elements.
  • These key concepts should be understood and taken into account when you define the purpose statement to see if it meets these tests (is it proportionate, does it strike a fair balance, etc.).
  • Consider adding storage to items of consideration (access and collection) as that may also be subject to data protection & privacy legislation. Important to take note of it, even if it is not for discussion at this stage.

 

d. Test any possible agreements on this in a poll

  •  Poll may not be needed to confirm these key concepts. More specific questions may be formulated later on that are suitable for a poll.

 

4. Apply potential agreements by returning to deliberation on the Purpose charter question:

Question 2.3: What should the over-arching purpose be of collecting, maintaining, and providing access to gTLD registration (thin) data?

 

a. Refer to Section 2.3.2 of working draft

b. Resume deliberation on this WG's draft statement of purpose

  • See draft developed by WG a while back which consists of goals for each RDS Purpose and specific purposes for RDS
  • This purpose statement was not finalised, although a lot of discussion did go into it.
  • What requirements might laws place on RDS policies regarding purposes associated with "thin data"? Are these requirements, or are there other requirements?
  • RAA provides purposes for registrars as they collect this information, but that does not equate to a purpose for RDS. This is based on how WHOIS is currently set up / done. Important not to "pollute" current discussion with concepts that may be linked to current state.
  • Note yellow highlights in handout - draft statement of purpose notes importance of ensuring it is consistent with ICANN's mission. If/when policies are approved that would conflict with ICANN's mission, it is possible for that to be flagged and result in changes to the ICANN Bylaws (see for example the work related to the transition). Not necessarily the case here, but important to note.
  • See also example of a ccTLD registry policy statement related to the purpose of WHOIS. Second paragraph less of a purpose but more a consequence. First paragraph is the purpose statement. Might be helpful to look at some examples of ccTLDs in Europe to see how others have dealt with the question of defining purpose.
  • Are there any of the goals in the draft statement that are questioned being valid goals?
  • Under item ii. note that consensus policies refers to "Consensus Policies" as defined in the agreements that ICANN has with registries and registrars. Update draft agreement accordingly to make clear that it refers to "Consensus Policies" as defined in the different agreements.
  • Consistency with Consensus Policies does not mean that those policies cannot change.

 

Action item #3: Staff to send out poll to confirm support (or lack thereof) for first three goals as currently defined in the draft purpose statement.

 

c. Refer to 22FebMeeting-Handout.pdf for supporting materials

 

5. Confirm action items and proposed decision points

 

  • Agreement: As a WG, we need to agree upon a purpose statement for the RDS
  • Agreement: Existing gTLD RDS policies do NOT sufficiently address compliance with applicable data protection, privacy, and free speech laws about purpose

 

6. Confirm next meeting date: Tuesday 28 February 2017 at 17.00 UTC

 

Materials


  • No labels