Re: [gnso-thickwhoispdp-wg] Feedback concerning legal review

[Don Blumenthal <dblumenthal@xxxxxxx>]

I see only one typo. Harrumph. I could have been clearer in the first paragraph 
though. Sometimes I get too cryptic in an effort to keep the verbiage down. I 
hope that this version is better:

"I'm concerned that the GC's office misunderstands what I think the WG is 
considering. What's needed is a systematic analysis of data protection legal 
regimes and how they might affect transition decisions, not detailed legal 
analyses of laws as they apply to individual parties.  For example, are there 
or aren't there enough potential DP roadblocks to transition to affect any 
final decisions on moving to Thick Whois? Will so many parties use the ICANN 
exemption procedures that transition becomes pointless (that assumes that the 
processes listed are relevant to our issues at all. I'm not sure that they are 
but need more time to ponder)."

Don

From: Michael O'Connor <mike@xxxxxxxxxx<mailto:mike@xxxxxxxxxx>>
Date: Thursday, October 10, 2013 8:43 AM
To: Don Blumenthal <dblumenthal@xxxxxxx<mailto:dblumenthal@xxxxxxx>>
Cc: Marika Konings <marika.konings@xxxxxxxxx<mailto:marika.konings@xxxxxxxxx>>, 
Thick Thin PDP 
<gnso-thickwhoispdp-wg@xxxxxxxxx<mailto:gnso-thickwhoispdp-wg@xxxxxxxxx>>
Subject: Re: [gnso-thickwhoispdp-wg] Feedback concerning legal review

hi all,

i'm with Don (although i'm connecting the dots on a few of his typos)  ;-)

i've attached the latest "state of the proposal" draft to this note.  i was 
kinda holding off until Marika had a chance to talk to Legal, but now seems 
like the time to push it along.

in this draft, we're asking that (what is probably a routine) legal review be 
conducted during the implementation project.  we're also specifying that the 
legal review include a focused look at issues that arise from the transition 
from thin to thick (implied meaning -- we couldn't find any, but we would like 
another set of eyes).  we're also specifying that they consult with heavy-duty 
experts, again to ensure that the review is rigorous.  finally, and this is the 
new bit, we are specifying that **IF** policy issues turn up, that staff hands 
them back to the GNSO (in the form of the Implementation Review Team) to be 
addressed, rather than trying to solve them on their own.

i think there will be a day when we won't have to be so specific about these 
things, or to Alan's point even have to mention them.  but given the recent 
issues in the new gTLD implementation -- some of which led to the Policy and 
Implementation PDP, i think it's prudent that we are very specific in our 
instructions in this case.  i agree with Don, we're not asking for individual 
advice -- we are asking for a certain level of rigor and followthrough on 
behalf of ICANN, not individuals.

i'm also a bit underwhelmed by the EWG language, but that's a topic for another 
setting.

thanks again Marika,

mikey




On Oct 9, 2013, at 5:50 PM, Don Blumenthal 
<dblumenthal@xxxxxxx<mailto:dblumenthal@xxxxxxx>> wrote:

Marika,

Thanks very much. I really appreciate your follow up.

I'm concerned that the GC's office misunderstands what the WG is considering, 
or at least what I think is on the table. What's needed is a systematic 
analysis of how data protection legal regimes might affect transition 
decisions, not detailed legal analyses of laws as they apply to individual 
parties.  For example, are there are aren't there enough potential roadblocks 
to transition to affect any decisions? Will so many parties use the ICANN 
procedures that transition becomes pointless (that assumes that the processes 
listed are relevant to our issues at all. I'm not sure that they are but need 
more time to ponder).

It has been clear that privacy has been a big part of the EWG's focus, and 
having the memo is very useful. It generally is the type of document that I see 
coming out of the legal review that we have discussed. I would focus the issues 
more on WG matters, obviously. More importantly in a way, I expect a product 
that takes advantage of data protection law expertise outside GC and that also 
does a much more thorough cataloguing of different national and international 
approaches. It does the usual pass through the US, EU, and Canada. How about 
APEC (Asia Pacific Economic Cooperation), Brazil, India, the Philippines, 
China, and many more DP regimes that I could mention? In fairness, the memo 
mentions "Asia" briefly but gives no details on the reference.

Don

From: Marika Konings <marika.konings@xxxxxxxxx<mailto:marika.konings@xxxxxxxxx>>
Date: Wednesday, October 9, 2013 4:38 PM
To: Thick Thin PDP 
<gnso-thickwhoispdp-wg@xxxxxxxxx<mailto:gnso-thickwhoispdp-wg@xxxxxxxxx>>
Subject: [gnso-thickwhoispdp-wg] Feedback concerning legal review

Dear All,

Following our meeting yesterday, I spoke to my colleagues in the legal team and 
wanted to clarify some things in relation to the possible 'legal review'. As 
I've mentioned before, they are kept in the loop throughout the working group 
discussions which already allows them to raise any potential red flags during 
that part of the process as well as during the implementation process. However, 
their main focus is on assuring that any policy recommendations do not conflict 
or contradict any existing ICANN policies or legal requirements applicable to 
ICANN. They are not in a position to provide advice to individual parties in 
different jurisdictions on whether or not the proposed policy recommendations 
are in potential violation of local laws. This is the responsibility of the 
party affected and as most of you know there are several mechanisms in place by 
which the affected party can work with ICANN to request an exemption (see for 
example 
http://www.icann.org/en/resources/registrars/whois-policies-provisions#2 and 
http://www.icann.org/en/resources/registrars/updates/retention/waiver-request-process).

Separately, I wanted to share with you the attached memo that has been prepared 
for the EWG concerning data protection considerations applicable for the 
collection of gTLD registration data in the Proposed Centralized and Federated 
Database Systems. Although this is not specific to our discussion on thick vs. 
thin, it does hopefully show that data protection and privacy considerations 
are seriously considered in other efforts that are dealing with Whois. Also, 
there is a specific section on restrictions on personal data transfer which may 
help inform the development of the implementation plan and any potential 
safeguards that may need to be considered.

Best regards,

Marika


PHONE: 651-647-6109, FAX: 866-280-2356, WEB: 
www.haven2.com<http://www.haven2.com>, HANDLE: OConnorStP (ID for Twitter, 
Facebook, LinkedIn, etc.)