Re: [gnso-thickwhoispdp-wg] 24 September call
Um, here's a good analysis - albeit from a European perspective - that might be useful in current discussions. I found this a useful gauge for calibrating a position in earlier work. BTW, it isn't like these issues are not well aired with even a few responses about. The Safe Harbor protocols, for example, is one vehicle that was intended to mitigate the privacy issues surrounding personal data transfer between European jurisdictions and U.S. companies on U.S soil. Trouble is it does not cover 'not-for-profits' as ICANN would see itself; registries and registrars are covered. I can also tell you that the privacy vis-a-vis registration data is getting a thorough work over in the EWG discussions. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Tue, Sep 24, 2013 at 4:52 PM, Tim Ruiz <tim@xxxxxxxxxxx> wrote: > > Individual registrants themselves initiating a process (a registration, a > transfer, etc.) is very different from what we are ultimately recommending > here, IMHO. > > At any rate, not being an expert, just as no one else is in this group, I > would still personally prefer at least a legal review and support the > wording we ended up with at the end of today's call. > > Tim > > > > On Sep 24, 2013, at 4:35 PM, "Alan Greenberg" <alan.greenberg@xxxxxxxxx> > wrote: > > > > > > I have listened to the recording of today's call, a very painful process > given that I could not see the ever-changing document that everyone was > talking about, and that I could not raise my hand to put my own thoughts > into the conversation. > > > > A few thoughts came out of this which I present in no particular order. > > > > - ICANN is regularly criticized for being a risk-adverse organiazation. > Do we really think that it would institute a change like this without > assessing risk (and a risk to individual privacy WOULD translate into a > risk for ICANN)? > > > > - There were again comments about the movement of private data across > jurisdictions (for instance when one transitions from a privacy service in > one jurisdiction to one in another). That is not what we are talking about > here. It is ONLY the movement of public data. > > > > - Although we are talking about moving the data of many registrants en > masse, the actual transition is EXACTLY what happens MANY times per day. On > every new registration for all TLDs except those we are talking about, if > you register a name with a registrar in a jurisdiction different from that > of the registry, your data takes a trip across national boundaries. > According to monthly reports, .org aloe sees about 200,000 net adds per > month, or about 6,000 per day. I don't know what percentage of those > originate outside of the US, but it cannot be trivial. Each of those have > publuc data moving across the same jurisdictional boundaries that we are > discussing. > > > > - The wording about the legal review is too prescriptive. At best, it > should suggest that national and international policy experts and > regulators be consulted "as applicable" or "as necessary". Without any > limitation, the results will always be subject to criticism that they did > not consult the "right" experts or did not consult a specific one, voiding > the results. > > > > - I still have difficulty understanding just want the new PDP will do. > the PD of PDP means "Policy Development". What policy are we considering. > At best this sounds like a "White Paper" investigating the issues > surrounding privacy and registration data. > > > > - The current last paragraph does not read well and is confusing: "We > recommend that the ICANN Board request that the GNSO charter an issues > report to cover the issue of Privacy as related to WHOIS if it concludes > that this issue is not adequately addressed within the scope of the > Board-initiated PDP on gTLD registration data services, or otherwise." > Perhaps "We recommend that if the Board concludes that privacy issues will > not be adequately addressed within the scope of the Board-initiated PDP on > gTLD registration data services, or otherwise be addressed, that the Board > initiate such action as to ensure that privacy issues are fully and > adequately addressed." > > > > Alan > > > > Attachment:
Legal Issues Surrounding WHOIS_final_230409.docx
|