You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Public Comment CloseStatement
Name 

Status

Assignee(s)

Call for
Comments Open
Call for
Comments
Close 
Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

05 May 2020

COMMENT

Drafting team member(s):

Hadia Elminiawi

Alan Greenberg

22 April 2020

Caitlin Tubergen
policy-staff@icann.org

Hide the information below, please click here 

FINAL VERSION SUBMITTED (IF RATIFIED)

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 



FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.

The ALAC thanks ICANN for putting forward the EPDP phase two addendum to the initial report of the gTLD registration data for public comment and takes this opportunity to provide its comments herein

Preliminary recommendation #20 Display of Information of affiliated vs. accredited privacy/proxy providers.

Since all domains registered via accredited privacy/proxy services providers will be labeled as such in the domain registration data, the ALAC fully supports the recommendation. Should the domain registration be done via accredited privacy-proxy provider the data must not be redacted.

The ALAC notes that in the recommendation and the text, there are multiple references to “data associated with a natural person”. In fact a privacy/proxy registration may mask the data of ANY registrant, whether natural or legal person. As the recommendation stands, it might be construed that masking of the p/p service RDDS data would be allowed if the underlying registrant is a legal person, and that was not what was intended.

The ALAC also notes that Privacy & Proxy Services Accreditation Issue (PPSAI) PDP implementation has been halted pending the EPDP outcomes. The EPDP has determined that there is no need for the PPSAI implementation to be halted. The PPSAI PDP starting in 2013 and the recommendations were approved by the Board in 2016. The implementation MUST be completed with haste and the EPDP must make a clear recommendation to that effect.

Preliminary Conclusion – Legal vs. Natural Persons

On April 9th, the EPDP team received legal advice from Bird & Bird that includes information relevant to some concerns related to the differentiation between legal and natural persons’ registration data. In response to the concern that registrants might wrongfully self identify themselves the legal advice says independent verification measures that would identify miss-labelled registrants would be considered a reasonable accuracy measure. In addition, Bird & Bird had previously provided other measures that could be taken to address this issue. Previous memos have addressed concerns related to the data of the legal persons including personal information of natural persons. In addition, concerns related to the practicality and costs associated with the differentiation are currently being addressed through a survey conducted by ICANN org. The survey addresses the feasibility and costs, examples of industries that have successfully implemented the differentiation between legal and natural persons’ registration data and the various risks associated with the differentiation, the result of the survey should be available in May. Taking into account

  • The interest of the Internet end-users and their right to be able to confirm the legitimacy of websites registered by legal persons.
  • Burdening the system with unnecessary requests and thus leading to an inefficient system for access/disclosure of none publicly available registration data.
  • Wasting the information that we currently have and the other that would be available through the survey by not acting upon it.

The ALAC believes potential next steps are feasible at the current stage if the will exists.

For avoidance of doubt, the ALAC does not agree to return the issue to the GNSO for possible action (or inaction) at some unknown future date.

The ALAC understands that differentiation may be difficult for existing registrations and that some time may be needed to fully implement differentiation, but that is not a reason to not immediately do so for new registrations and to begin the process of adjusting existing registrations.

Preliminary Conclusion – City Field Redaction and Preliminary Recommendation #21. Data Retention

The ALAC supports the recommendations.

Preliminary Conclusion – OCTO Purpose

In light of preliminary recommendation number 22, purpose two, the ALAC supports not adding a purpose in relation to ICANN’s Office of the Chief Technology Officer. We believe that ICANN purpose number two would cover such a purpose for OCTO when required.

Preliminary Conclusion - Feasibility of unique contacts to have a uniform anonymized email address

The ALAC cannot support the rejection of anonymized email addresses. The Bird & Bird memo clearly equates “masking” of email addresses with “the data controller hands over part of this dataset”. The form of anonymization that the EPDP has considered does not include providing ANY PART of the original address and thus the term “masking” is entirely inappropriate.

The ALAC can see no way in which a party other that the Registrar who created the anonymization could associate the new address with the registrant. Moreover, saying that the anonymized address allows contact and is thus personal information implies the same thing for a Web Link which also allows contact.

The ALAC particularly notes that Item 9 of the Bird & Bird memo gives significant benefits to using an anonymized address.

Lastly, if the EPDP were to not allow anonymized email addresses to be published, then the ALAC believes that the EPDP has an obligation to recommend options for what IS legitimately allowed to ensure registrant contactability.

Preliminary Conclusion – Accuracy and Whois Accuracy Reporting System

In light of the current information, provided by Bird & Bird in relation to the accuracy of the registration data, the ALAC is of the view that a recommendation with regard to accuracy is possible at this stage and that such a recommendation would either definitively address the issue or, at worst, would help and inform the GNSO scoping team. To that end, the ALAC does not support the recommendation. The EPDP Phase 1 Report committed that this issue would be covered, and that commitment was an essential component of the ALAC supporting that report.

The ALAC notes that the RDS-WHOIS2 Specific Review made a strong recommendation that resumed operation of the Accuracy Reporting System or something comparable is essential given the high rate of inaccuracy observed on pre-GDPR WHOIS data and the fact that the EPDP Phase 1 recommendation significantly reduced the number of possible contact points, increasing the potential for uncontactability. The SSR2 Specific Review makes a comparable recommendation in its draft report.

Preliminary Recommendation #22. Purpose 2

In light of the EDPB letter and ICANN board recommendation in relation to this ICANN purpose, the ALAC fully supports adding the stated purpose to the ICANN purposes for processing gTLD registration data mentioned in recommendation one of the EPDP phase one final report.  



DRAFT SUBMITTED FOR DISCUSSION

The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).

Posted by Alan Greenberg & Hadia Elminiawi 30 April 2020

Color Key: Original Text, Added/Changed 27 April, Added/Changed 30 April. All discussed during CPWG call on 29 April 2020

The ALAC thanks ICANN for putting forward the EPDP phase two addendum to the initial report of the gTLD registration data for public comment and takes this opportunity to provide its comments herein

Preliminary recommendation #20 Display of Information of affiliated vs. accredited privacy/proxy providers.

Since all domains registered via accredited privacy/proxy services providers will be labeled as such in the domain registration data, the ALAC fully supports the recommendation. Should the domain registration be done via accredited privacy-proxy provider the data must not be redacted.

The ALAC notes that in the recommendation and the text, there are multiple references to “data associated with a natural person”. In fact a privacy/proxy registration may mask the data of ANY registrant, whether natural or legal person. As the recommendation stands, it might be construed that masking of the p/p service RDDS data would be allowed if the underlying registrant is a legal person, and that was not what was intended.

The ALAC also notes that Privacy & Proxy Services Accreditation Issue (PPSAI) PDP implementation has been halted pending the EPDP outcomes. The EPDP has determined that there is no need for the PPSAI implementation to be halted. The PPSAI PDP starting in 2013 and the recommendations were approved by the Board in 2016. The implementation MUST be completed with haste and the EPDP must make a clear recommendation to that effect.

Preliminary Conclusion – Legal vs. Natural Persons

On April 9th, the EPDP team received legal advice from Bird & Bird that includes information relevant to some concerns related to the differentiation between legal and natural persons’ registration data. In response to the concern that registrants might wrongfully self identify themselves the legal advice says independent verification measures that would identify miss-labelled registrants would be considered a reasonable accuracy measure. In addition, Bird & Bird had previously provided other measures that could be taken to address this issue. Previous memos have addressed concerns related to the data of the legal persons including personal information of natural persons. In addition, concerns related to the practicality and costs associated with the differentiation are currently being addressed through a survey conducted by ICANN org. The survey addresses the feasibility and costs, examples of industries that have successfully implemented the differentiation between legal and natural persons’ registration data and the various risks associated with the differentiation, the result of the survey should be available in May. Taking into account

  • The interest of the Internet end-users and their right to be able to confirm the legitimacy of websites registered by legal persons.
  • Burdening the system with unnecessary requests and thus leading to an inefficient system for access/disclosure of none publicly available registration data.
  • Wasting the information that we currently have and the other that would be available through the survey by not acting upon it.

The ALAC believes potential next steps are feasible at the current stage if the will exists.

For avoidance of doubt, the ALAC does not agree to return the issue to the GNSO for possible action (or inaction) at some unknown future date.

The ALAC understands that differentiation may be difficult for existing registrations and that some time may be needed to fully implement differentiation, but that is not a reason to not immediately do so for new registrations and to begin the process of adjusting existing registrations.

Preliminary Conclusion – City Field Redaction and Preliminary Recommendation #21. Data Retention

The ALAC supports the recommendations.

Preliminary Conclusion – OCTO Purpose

In light of preliminary recommendation number 22, purpose two, the ALAC supports not adding a purpose in relation to ICANN’s Office of the Chief Technology Officer. We believe that ICANN purpose number two would cover such a purpose for OCTO when required.

Preliminary Conclusion - Feasibility of unique contacts to have a uniform anonymized email address

The ALAC cannot support the rejection of anonymized email addresses. The Bird & Bird memo clearly equates “masking” of email addresses with “the data controller hands over part of this dataset”. The form of anonymization that the EPDP has considered does not include providing ANY PART of the original address and thus the term “masking” is entirely inappropriate.

The ALAC can see no way in which a party other that the Registrar who created the anonymization could associate the new address with the registrant. Moreover, saying that the anonymized address allows contact and is thus personal information implies the same thing for a Web Link which also allows contact.

The ALAC particularly notes that Item 9 of the Bird & Bird memo gives significant benefits to using an anonymized address.

Lastly, if the EPDP were to not allow anonymized email addresses to be published, then the ALAC believes that the EPDP has an obligation to recommend options for what IS legitimately allowed to ensure registrant contactability.

Preliminary Conclusion – Accuracy and Whois Accuracy Reporting System

In light of the current information, provided by Bird & Bird in relation to the accuracy of the registration data, the ALAC is of the view that a recommendation with regard to accuracy is possible at this stage and that such a recommendation would either definitively address the issue or, at worst, would help and inform the GNSO scoping team. To that end, the ALAC does not support the recommendation. The EPDP Phase 1 Report committed that this issue would be covered, and that commitment was an essential component of the ALAC supporting that report.

The ALAC notes that the RDS-WHOIS2 Specific Review made a strong recommendation that resumed operation of the Accuracy Reporting System or something comparable is essential given the high rate of inaccuracy observed on pre-GDPR WHOIS data and the fact that the EPDP Phase 1 recommendation significantly reduced the number of possible contact points, increasing the potential for uncontactability. The SSR2 Specific Review makes a comparable recommendation in its draft report.

Preliminary Recommendation #22. Purpose 2

In light of the EDPB letter and ICANN board recommendation in relation to this ICANN purpose, the ALAC fully supports adding the stated purpose to the ICANN purposes for processing gTLD registration data mentioned in recommendation one of the EPDP phase one final report.  


Original version posted by Hadia Elminiawi 22 April 2020

The ALAC thanks ICANN for putting forward the EPDP phase two addendum to the initial report of the gTLD registration data for public comment and takes this opportunity to provide its comments herein

Preliminary recommendation #20 Display of Information of affiliated vs. accredited privacy/proxy providers.

Since all domains registered via accredited privacy/proxy services providers will be labeled as such in the domain registration data, the ALAC fully supports the recommendation. Should the domain registration be done via accredited privacy-proxy provider the data must not be redacted.

Preliminary Conclusion – Legal vs. Natural Persons

On April 9, the EPDP team received Bird & Bird response to the legal committee in relation to two questions regarding the accuracy of the registration data and the differentiation between natural and legal persons’ personal information. In addition, the ICANN org survey in relation to the feasibility and costs, examples of industries that have successfully implemented the differentiation and the various risks associated is to be delivered in May. To that end, although the EPDP team has agreed that the topic of legal vs natural is not on the critical path for the delivery of the final report on a system for access/disclosure of nonpublic registration data, the ALAC is of the view that a recommendation in relation to legal vs natural is possible at this stage. The ALAC would not like to waste the opportunity to have a more efficient system nor would we like to waste all the hard work and discussions that have occurred in this regard. For that, the ALAC does not agree to the preliminary conclusion on Legal vs Natural Persons. We believe that the EPDP team has not made use of the information available in this regard and that potential next steps are feasible at the current stage if the will exists.

Preliminary Conclusion – City Field Redaction and Preliminary Recommendation #21. Data Retention

The ALAC supports the recommendations.

Preliminary Conclusion – OCTO Purpose

In light of preliminary recommendation number 22, purpose two, the ALAC supports not adding a purpose in relation to ICANN’s Office of the Chief Technology Officer. We believe that ICANN purpose number two would cover such a purpose for OCTO when required.

Preliminary Conclusion - Feasibility of unique contacts to have a uniform anonymized email address

In light of the legal recommendation received the ALAC supports the recommendation.

Preliminary Conclusion – Accuracy and Whois Accuracy Reporting System

In light of the current information, provided by Bird & Bird in relation to the accuracy of the registration data, the ALAC is of the view that a recommendation with regard to accuracy is possible at this stage and that such a recommendation would help and inform the GNSO scoping team. To that end, the ALAC does not support the recommendation.

Preliminary Recommendation #22. Purpose 2

In light of the EDPB letter and ICANN board recommendation in relation to this ICANN purpose, the ALAC fully supports adding the stated purpose to the ICANN purposes for processing gTLD registration data mentioned in recommendation one of the EPDP phase one final report.  

  • No labels