<div dir="ltr">Hi Stephanie,<div><br></div><div>I think due to limited time for panellists and to make an impact, it would be better to focus on accreditation model and what should cover from DP stance not just the focus on purpose or users.with that you can set the records right on the matter and can debunk the claims possibly made by other speakers. I cannot speak about standards part but I assume that will happen later and you mentioned that is long-term project?</div><div><br></div>Best,<div><br></div><div>Rafik</div><div><br><div class="gmail_quote"><div dir="ltr">Le dim. 24 juin 2018 à 01:30, Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca">stephanie.perrin@mail.utoronto.ca</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">as usual, not a moment
too soon. Thoughts and suggestions would be most welcome. I
thought I would point to the IG blog Farzi just did, and point
out the different jobs that standards would do. I think we
need to dissect, for clairty, what we mean by accreditation,
what we mean by standards, and what aspects of data protection
law are factilitated by a standards based approach. As
Farzi's blog points out (although not in the DP or standards
perspective) the rush to come up with a system and procedure
that perpetuates the status quo is not helpful in discerning
or illuminating what is necessary for a data
controller/processor to give a third party access.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">I will see if I can
hook up with Palage in the meantime. <br>
</font></font></p>
<p><font size="+1"><font face="Lucida Grande">cheers Steph</font></font><br>
</p>
<div class="m_-383972186962987128moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="m_-383972186962987128moz-email-headers-table" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Subject:
</th>
<td>Panama high-interest session on Accred & Access to
non-public Whois data (Tuesday June 26, 2018; 17:00 –
18:30 local time)</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Date: </th>
<td>Sat, 23 Jun 2018 16:02:41 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">From: </th>
<td>Steve DelBianco <a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:sdelbianco@netchoice.org" target="_blank"><sdelbianco@netchoice.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">To: </th>
<td>Goran Marby <a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:goran.marby@icann.org" target="_blank"><goran.marby@icann.org></a>, John Jeffrey
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:john.jeffrey@icann.org" target="_blank"><john.jeffrey@icann.org></a>, Alex Deacon
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:alex@colevalleyconsulting.com" target="_blank"><alex@colevalleyconsulting.com></a>,
<a class="m_-383972186962987128moz-txt-link-abbreviated" href="mailto:kdrazek@verisign.com" target="_blank">kdrazek@verisign.com</a> <a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:kdrazek@verisign.com" target="_blank"><kdrazek@verisign.com></a>,
Stephanie Perrin
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank"><stephanie.perrin@mail.utoronto.ca></a>, Rod Rasmussen
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:rod@rodrasmussen.com" target="_blank"><rod@rodrasmussen.com></a>,
<a class="m_-383972186962987128moz-txt-link-abbreviated" href="mailto:Cathrin.BAUER-BULST@ec.europa.eu" target="_blank">Cathrin.BAUER-BULST@ec.europa.eu</a>
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:Cathrin.BAUER-BULST@ec.europa.eu" target="_blank"><Cathrin.BAUER-BULST@ec.europa.eu></a>, Fabricio Vayra
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:FVayra@perkinscoie.com" target="_blank"><FVayra@perkinscoie.com></a>, Michael Palage
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:Michael@palage.com" target="_blank"><Michael@palage.com></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">CC: </th>
<td>Cyrus Namazi <a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:cyrus.namazi@icann.org" target="_blank"><cyrus.namazi@icann.org></a>, Brian
Winterfeldt <a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:brian@winterfeldt.law" target="_blank"><brian@winterfeldt.law></a>, Selli, Claudia
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:cs574w@intl.att.com" target="_blank"><cs574w@intl.att.com></a>, Manal Ismail
<a class="m_-383972186962987128moz-txt-link-rfc2396E" href="mailto:manal@tra.gov.eg" target="_blank"><manal@tra.gov.eg></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<div class="m_-383972186962987128WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt">Just a note
to confirm you as panelists for Tuesday’s session in Panama,
regarding accreditation and access to non-Public Whois
data. The panel is described below, and here is the panel
lineup:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Goran Marby and/or John
Jeffrey, ICANN. See ICANN Org’s proposed
<a href="https://www.icann.org/en/system/files/files/framework-elements-unified-access-model-for-discussion-18jun18-en.pdf" target="_blank">
Unified Access Model</a> , and <a href="https://www.icann.org/en/system/files/files/draft-unified-access-model-summary-elements-18jun18-en.pdf" target="_blank">
chart</a> comparing with IPC/BC and Palage models.</span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Alex Deacon, BC </span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Keith Drazek, RySG </span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Stephanie Perrin, NCSG
</span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Rod Rasmussen, SSAC.
See SSAC Advisory
</span><span style="font-size:12.0pt"><a href="https://www.icann.org/en/system/files/files/sac-101-en.pdf" target="_blank">here</a><span style="color:black">.
</span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Cathrin Bauer-Bulst,
European Commission
</span><span style="font-size:12.0pt">& GAC PSWG<span style="color:black"> </span><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">Fabricio Vayra, IPC.
See
<a href="https://www.icann.org/en/system/files/files/draft-whois-accreditation-access-model-v1.6-18jun18-en.pdf" target="_blank">
IPC/BC model for Accredited Access (v1.6)</a></span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt">Michael Palage, author of
<a href="https://www.icann.org/en/system/files/files/palage-differentiated-registrant-data-access-model-philly-special-v2.0-18jun18-en.pdf" target="_blank">
“Philly Special” model for Differentiated Registrant Data
Access</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">It’s a large
panel, but we need these representative views to advance a
unified model for accreditation & access. We will not
do opening statements by each panelist, but will instead
give you ample time to answer structured questions about
designing and implementing a unified model.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">As your
moderator, I’d like to propose the following questions and
timing, and I welcome your thoughts on this:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Introduction
of Panelists – Brief overview of topics – <i>Steve DelBianco</i> </span><span style="font-size:12.0pt;color:red">(figure 10 minutes, since
we rarely begin on-time)</span><span style="font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">1.
What are the most important characteristics we need in an
Accredited Access model?
</span><span style="font-size:12.0pt;color:red">(16 minutes,
allowing 2 minutes per panelist)</span><span style="font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">2.
What is your assessment of
</span><span style="font-size:12.0pt;color:black">ICANN Org’s
proposed <a href="https://www.icann.org/en/system/files/files/framework-elements-unified-access-model-for-discussion-18jun18-en.pdf" target="_blank">
Unified Access Model</a></span><span style="font-size:12.0pt;color:black">, and how could that
model be improved? </span><span style="font-size:12.0pt;color:red">(16 minutes, allowing 2
minutes per panelist)</span><span style="font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">3.
Talk about your preferred way to implement this model.
Should ICANN Org do another Temp Spec, or let GNSO Council
develop one via an expedited PDP, or find a way for Org and
GNSO to work together? </span><span style="font-size:12.0pt;color:red">(16 minutes, allowing 2
minutes per panelist)</span><span style="font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">4.
Brief conclusory remarks from each panelist, on key concerns
or considerations in implementing an Accredited Access
model. </span><span style="font-size:12.0pt;color:red">(10
minutes – allowing 1 minutes per panelist)</span><span style="font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Audience
questions and answer </span><span style="font-size:12.0pt;color:red">(20 minutes) </span><span style="font-size:12.0pt;color:black"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.75in"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><u><span style="font-size:12.0pt;color:black">Session 2:
Accreditation and Access to Non-Public WHOIS Data
Post-GDPR (Tuesday June 26, 2018; 17:00 – 18:30 local
time)</span></u></b><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black"> </span></b><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">Description</span></b><span style="font-size:12.0pt;color:black">: Under the Temporary
Specification passed by the ICANN Board implementing the
interim GDPR compliance model, there is a placeholder for an
accreditation system to </span><span style="font-size:12.0pt">allow<span style="color:black">
uniform access to non-public WHOIS data by appropriate
users for legitimate purposes. Under the Temp</span> Spec<span style="color:black">, contracted parties must provide
non-public registration data for legitimate purposes
specified in Section 4 of the Temp</span>
<span style="color:black">Spec, unless the request for
access is outweighed by the domain name registrant’s
fundamental right to privacy.
</span>The</span><span style="font-size:12.0pt"> </span><span style="font-size:12.0pt;color:black">Article 29 Working
Party
</span><span style="font-size:12.0pt"><a href="https://www.icann.org/en/system/files/files/statement-edpb-whois-27may18-en.pdf" target="_blank">issued a statement</a><span style="color:black">
</span>-- endorsed by the <span style="color:black">European
Data Protection Board (EDPB) -- encouraging ICANN to
develop an access model.
</span><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt">T<span style="color:black">here is
</span>now <span style="color:black">no uniform system for
approving legitimate users
</span>for<span style="color:black"> access to non-public
registration data </span>
for<span style="color:black"> legitimate purposes, </span>so
<span style="color:black">
contracted parties </span>must<span style="color:black">
perform ad</span>-<span style="color:black">hoc individual
review of each request for data.
</span></span><span style="font-size:12.0pt">Three models
have been proposed thus far:
<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">The
<a href="https://www.icann.org/en/system/files/files/draft-whois-accreditation-access-model-v1.6-18jun18-en.pdf" target="_blank">
IPC/BC model for Accredited Access (v1.6)</a></span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt">The
<a href="https://www.icann.org/en/system/files/files/palage-differentiated-registrant-data-access-model-philly-special-v2.0-18jun18-en.pdf" target="_blank">
“Philly Special” model for Differentiated Registrant Data
Access</a><u></u><u></u></span></p>
<p class="MsoNormal" style="margin-left:.25in"><span style="font-size:12.0pt;color:black">ICANN Org’s proposed
<a href="https://www.icann.org/en/system/files/files/framework-elements-unified-access-model-for-discussion-18jun18-en.pdf" target="_blank">
Unified Access Model</a></span><span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">It
is urgent that ICANN
</span><span style="font-size:12.0pt">Org, European
regulators, <span style="color:black">
and the community come together </span>on<span style="color:black"> </span>a <span style="color:black">
workable credentialed access system for non-public WHOIS
data for legitimate purposes. In this cross-community
session, panelists will engage with the community to
discuss developing a credentialed access system and next
steps for
</span>implement <span style="color:black">via </span>a <span style="color:black">
Temporary Specification or as part of the expedited policy
development process </span>
conducted by the GNSO<span style="color:black">.</span><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<p class="MsoNormal">Steve DelBianco<u></u><u></u></p>
<p class="MsoNormal">President<u></u><u></u></p>
<p class="MsoNormal">NetChoice<u></u><u></u></p>
</div>
<p class="MsoNormal">+1.703.615.6206<span style="font-size:12.0pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt"><u></u> <u></u></span></p>
</div>
</div>
</div>
_______________________________________________<br>
NCSG-PC mailing list<br>
<a href="mailto:NCSG-PC@lists.ncsg.is" target="_blank">NCSG-PC@lists.ncsg.is</a><br>
<a href="https://lists.ncsg.is/mailman/listinfo/ncsg-pc" rel="noreferrer" target="_blank">https://lists.ncsg.is/mailman/listinfo/ncsg-pc</a><br>
</blockquote></div></div></div>