Re: [gnso-thickwhoispdp-wg] Feedback concerning legal review

[Alan Greenberg <alan.greenberg@xxxxxxxxx>]

For the record, Policy and Implementation is ***NOT*** a PDP.

Alan

At 10/10/2013 08:43 AM, Mike O'Connor wrote:
> hi all,
>
> i'm with Don (although i'm connecting the dots on a few of his typos)  ;-)
>
> i've attached the latest "state of the proposal" draft to this 
> note.  i was kinda holding off until Marika had a chance to talk to 
> Legal, but now seems like the time to push it along.
> in this draft, we're asking that (what is probably a routine) legal 
> review be conducted during the implementation project.  we're also 
> specifying that the legal review include a focused look at issues 
> that arise from the transition from thin to thick (implied meaning 
> -- we couldn't find any, but we would like another set of 
> eyes).  we're also specifying that they consult with heavy-duty 
> experts, again to ensure that the review is rigorous.  finally, and 
> this is the new bit, we are specifying that **IF** policy issues 
> turn up, that staff hands them back to the GNSO (in the form of the 
> Implementation Review Team) to be addressed, rather than trying to 
> solve them on their own.
> i think there will be a day when we won't have to be so specific 
> about these things, or to Alan's point even have to mention 
> them.  but given the recent issues in the new gTLD implementation -- 
> some of which led to the Policy and Implementation PDP, i think it's 
> prudent that we are very specific in our instructions in this 
> case.  i agree with Don, we're not asking for individual advice -- 
> we are asking for a certain level of rigor and followthrough on 
> behalf of ICANN, not individuals.
> i'm also a bit underwhelmed by the EWG language, but that's a topic 
> for another setting.
> thanks again Marika,
>
> mikey
>
>
>
>
>
> On Oct 9, 2013, at 5:50 PM, Don Blumenthal <dblumenthal@xxxxxxx> wrote:
>
> > Marika,
> >
> > Thanks very much. I really appreciate your follow up.
> >
> > I'm concerned that the GC's office misunderstands what the WG is 
> considering, or at least what I think is on the table. What's 
> needed is a systematic analysis of how data protection legal 
> regimes might affect transition decisions, not detailed legal 
> analyses of laws as they apply to individual parties.  For example, 
> are there are aren't there enough potential roadblocks to 
> transition to affect any decisions? Will so many parties use the 
> ICANN procedures that transition becomes pointless (that assumes 
> that the processes listed are relevant to our issues at all. I'm 
> not sure that they are but need more time to ponder).
> >
> > It has been clear that privacy has been a big part of the EWG's 
> focus, and having the memo is very useful. It generally is the type 
> of document that I see coming out of the legal review that we have 
> discussed. I would focus the issues more on WG matters, obviously. 
> More importantly in a way, I expect a product that takes advantage 
> of data protection law expertise outside GC and that also does a 
> much more thorough cataloguing of different national and 
> international approaches. It does the usual pass through the US, 
> EU, and Canada. How about APEC (Asia Pacific Economic Cooperation), 
> Brazil, India, the Philippines, China, and many more DP regimes 
> that I could mention? In fairness, the memo mentions "Asia" briefly 
> but gives no details on the reference.
> >
> > Don
> >
> > From: Marika Konings <marika.konings@xxxxxxxxx>
> > Date: Wednesday, October 9, 2013 4:38 PM
> > To: Thick Thin PDP <gnso-thickwhoispdp-wg@xxxxxxxxx>
> > Subject: [gnso-thickwhoispdp-wg] Feedback concerning legal review
> >
> > Dear All,
> >
> > Following our meeting yesterday, I spoke to my colleagues in the 
> legal team and wanted to clarify some things in relation to the 
> possible 'legal review'. As I've mentioned before, they are kept in 
> the loop throughout the working group discussions which already 
> allows them to raise any potential red flags during that part of 
> the process as well as during the implementation process. However, 
> their main focus is on assuring that any policy recommendations do 
> not conflict or contradict any existing ICANN policies or legal 
> requirements applicable to ICANN. They are not in a position to 
> provide advice to individual parties in different jurisdictions on 
> whether or not the proposed policy recommendations are in potential 
> violation of local laws. This is the responsibility of the party 
> affected and as most of you know there are several mechanisms in 
> place by which the affected party can work with ICANN to request an 
> exemption (see for example 
> http://www.icann.org/en/resources/registrars/whois-policies-provisions#2 
> and 
> http://www.icann.org/en/resources/registrars/updates/retention/waiver-request-process).
> >
> > Separately, I wanted to share with you the attached memo that has 
> been prepared for the EWG concerning data protection considerations 
> applicable for the collection of gTLD registration data in the 
> Proposed Centralized and Federated Database Systems. Although this 
> is not specific to our discussion on thick vs. thin, it does 
> hopefully show that data protection and privacy considerations are 
> seriously considered in other efforts that are dealing with Whois. 
> Also, there is a specific section on restrictions on personal data 
> transfer which may help inform the development of the 
> implementation plan and any potential safeguards that may need to 
> be considered.
> >
> > Best regards,
> >
> > Marika
>
>
> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE: 
> OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>
> hi all,
>
> i'm with Don (although i'm connecting the dots on a few of his typos)  ;-)
>
> i've attached the latest "state of the proposal" draft to this 
> note.  i was kinda holding off until Marika had a chance to talk to 
> Legal, but now seems like the time to push it along.
> in this draft, we're asking that (what is probably a routine) legal 
> review be conducted during the implementation project.  we're also 
> specifying that the legal review include a focused look at issues 
> that arise from the transition from thin to thick (implied meaning 
> -- we couldn't find any, but we would like another set of 
> eyes).  we're also specifying that they consult with heavy-duty 
> experts, again to ensure that the review is rigorous.  finally, and 
> this is the new bit, we are specifying that **IF** policy issues 
> turn up, that staff hands them back to the GNSO (in the form of the 
> Implementation Review Team) to be addressed, rather than trying to 
> solve them on their own.
> i think there will be a day when we won't have to be so specific 
> about these things, or to Alan's point even have to mention 
> them.  but given the recent issues in the new gTLD implementation -- 
> some of which led to the Policy and Implementation PDP, i think it's 
> prudent that we are very specific in our instructions in this 
> case.  i agree with Don, we're not asking for individual advice -- 
> we are asking for a certain level of rigor and followthrough on 
> behalf of ICANN, not individuals.
> i'm also a bit underwhelmed by the EWG language, but that's a topic 
> for another setting.
> thanks again Marika,
>
> mikey
>
>
>
>
>
> On Oct 9, 2013, at 5:50 PM, Don Blumenthal 
> <<mailto:dblumenthal@xxxxxxx>dblumenthal@xxxxxxx> wrote:
> > Marika,
> >
> > Thanks very much. I really appreciate your follow up.
> >
> > I'm concerned that the GC's office misunderstands what the WG is 
> > considering, or at least what I think is on the table. What's 
> > needed is a systematic analysis of how data protection legal 
> > regimes might affect transition decisions, not detailed legal 
> > analyses of laws as they apply to individual parties.  For example, 
> > are there are aren't there enough potential roadblocks to 
> > transition to affect any decisions? Will so many parties use the 
> > ICANN procedures that transition becomes pointless (that assumes 
> > that the processes listed are relevant to our issues at all. I'm 
> > not sure that they are but need more time to ponder).
> > It has been clear that privacy has been a big part of the EWG's 
> > focus, and having the memo is very useful. It generally is the type 
> > of document that I see coming out of the legal review that we have 
> > discussed. I would focus the issues more on WG matters, obviously. 
> > More importantly in a way, I expect a product that takes advantage 
> > of data protection law expertise outside GC and that also does a 
> > much more thorough cataloguing of different national and 
> > international approaches. It does the usual pass through the US, 
> > EU, and Canada. How about APEC (Asia Pacific Economic Cooperation), 
> > Brazil, India, the Philippines, China, and many more DP regimes 
> > that I could mention? In fairness, the memo mentions "Asia" briefly 
> > but gives no details on the reference.
> > Don
> >
> > From: Marika Konings 
> > <<mailto:marika.konings@xxxxxxxxx>marika.konings@xxxxxxxxx>
> > Date: Wednesday, October 9, 2013 4:38 PM
> > To: Thick Thin PDP 
> > <<mailto:gnso-thickwhoispdp-wg@xxxxxxxxx>gnso-thickwhoispdp-wg@xxxxxxxxx>
> > Subject: [gnso-thickwhoispdp-wg] Feedback concerning legal review
> >
> > Dear All,
> >
> > Following our meeting yesterday, I spoke to my colleagues in the 
> > legal team and wanted to clarify some things in relation to the 
> > possible 'legal review'. As I've mentioned before, they are kept in 
> > the loop throughout the working group discussions which already 
> > allows them to raise any potential red flags during that part of 
> > the process as well as during the implementation process. However, 
> > their main focus is on assuring that any policy recommendations do 
> > not conflict or contradict any existing ICANN policies or legal 
> > requirements applicable to ICANN. They are not in a position to 
> > provide advice to individual parties in different jurisdictions on 
> > whether or not the proposed policy recommendations are in potential 
> > violation of local laws. This is the responsibility of the party 
> > affected and as most of you know there are several mechanisms in 
> > place by which the affected party can work with ICANN to request an 
> > exemption (see for example 
> > <http://www.icann.org/en/resources/registrars/whois-policies-provisions#2>http://www.icann.org/en/resources/registrars/whois-policies-provisions#2 
> > and 
> > <http://www.icann.org/en/resources/registrars/updates/retention/waiver-request-process>http://www.icann.org/en/resources/registrars/updates/retention/waiver-request-process).
> > Separately, I wanted to share with you the attached memo that has 
> > been prepared for the EWG concerning data protection considerations 
> > applicable for the collection of gTLD registration data in the 
> > Proposed Centralized and Federated Database Systems. Although this 
> > is not specific to our discussion on thick vs. thin, it does 
> > hopefully show that data protection and privacy considerations are 
> > seriously considered in other efforts that are dealing with Whois. 
> > Also, there is a specific section on restrictions on personal data 
> > transfer which may help inform the development of the 
> > implementation plan and any potential safeguards that may need to 
> > be considered.
> > Best regards,
> >
> > Marika
>
> PHONE: 651-647-6109, FAX: 866-280-2356, WEB: 
> <http://www.haven2.com>www.haven2.com, HANDLE: OConnorStP (ID for 
> Twitter, Facebook, LinkedIn, etc.)