[PC-NCSG] [NCSG-Discuss] [urgent] Draft Comments for Whois Proceeding

Stephanie Perrin stephanie.perrin
Thu Jul 31 21:37:17 EEST 2014


I could not find Joy's comments in the text either....the draft I just 
circulated has Avri's concerns noted ( I think I missed the shocked bit, 
we are supposed to be busy drafting something else here in meissen right 
now :-))
If somebody forwards joy's text I would be grateful, having a difficult 
time getting attachments, it appears to be hit or miss...
cheers steph
On 2014-07-31, 13:11, Amr Elsadr wrote:
> Hi,
>
> Is this the latest draft? I don?t see Joy?s input regarding the UN?s 
> High Commissioner on Human Rights in here. I also have a problem with 
> this part is ?Response 1.3?:
>
> /?We respectfully submit that the obligation of Registries and 
> Registrars to comply with their national laws is not a matter of 
> multistakeholder decision making, but a matter of law and compliance. 
> In this case, we wholeheartedly embrace the concept of building a 
> process together that will allow exceptions for data protection and 
> privacy laws to be adopted quickly and easily.?/
>
> Although I do feel that contracted parties need to comply with local 
> laws (or else they can?t operate), I do not agree on giving a message 
> that the NCSG believes that this is not a matter of multistakeholder 
> decision-making. We?ve asked the MSM within the GNSO to address issues 
> of compliance with data protection and privacy laws in the past (like 
> in the ?thick? WHOIS PDP), and we should encourage ICANN to continue 
> to do this. I suggest we drop this paragraph.
>
> Thanks.
>
> Amr
>
> On Jul 31, 2014, at 6:00 PM, Rafik Dammak <rafik.dammak at gmail.com 
> <mailto:rafik.dammak at gmail.com>> wrote:
>
>> thanks Stephanie, I am attaching the latest version
>>
>> Rafik
>>
>>
>>
>> 2014-08-01 0:56 GMT+09:00 Stephanie Perrin 
>> <stephanie.perrin at mail.utoronto.ca 
>> <mailto:stephanie.perrin at mail.utoronto.ca>>:
>>
>>     So I vote yes, and am reviewing the last text Kathy sent right now...
>>     SP
>>
>>     On 2014-07-31, 11:53, Rafik Dammak wrote:
>>>     Hi Kathy,
>>>
>>>     thank you for the changes, we should hear from other member of
>>>     PC, Maria can make the last call and declare consensus.
>>>     the deadline for sending the comment is 1 Aug 2014 23:59 UTC, so
>>>     we need to get endorsement before that.
>>>
>>>     Best,
>>>     Rafik
>>>
>>>
>>>     2014-08-01 0:09 GMT+09:00 Kathy Kleiman <kathy at kathykleiman.com
>>>     <mailto:kathy at kathykleiman.com>>:
>>>
>>>         Hi Stephanie,
>>>         Tx for adding Avri's comments. I've reviewed all of the
>>>         changes, and also added one more to this most recent
>>>         version. _Newest version (NCSGEdits3) attached. _
>>>         **Due tomorrow**
>>>         Best,
>>>         Kathy
>>>         :
>>>>         I also agreed with Avri and inserted a few of her changes,
>>>>         Kathy did not get those edits....we need to make sure we
>>>>         have a final copy that Rafik can sign, which reflects all
>>>>         the agreed changes.  Do you want me to have another edit
>>>>         one last time, to make sure that Joy's comments (which were
>>>>         on an earlier draft) and Avri's are all in there?
>>>>         cheers stephanie
>>>>         On 2014-07-31, 9:22, Amr Elsadr wrote:
>>>>>         Hi all,
>>>>>
>>>>>         On Jul 30, 2014, at 2:57 PM, Avri Doria <avri at ACM.ORG>
>>>>>         <mailto:avri at ACM.ORG> wrote:
>>>>>
>>>>>>         hi,
>>>>>>
>>>>>>         Reviewed the document.
>>>>>>
>>>>>>         Made a change so it could be a NCSG document.
>>>>>         Thanks.
>>>>>
>>>>>>         There are parts I am uncomfortable with, some of which I
>>>>>>         deleted and
>>>>>>         some of which I left and still am uncomfortable with.
>>>>>>
>>>>>>         I do not think we should ever dismiss the
>>>>>>         Multistakeholder model.  I do
>>>>>>         not wish to find ourselves in the situation of being
>>>>>>         quoted for having
>>>>>>         suggested that there are times when the model should be
>>>>>>         superseded. That
>>>>>>         would be a gold mine for some.  I deleted those references.
>>>>>         Fully agree. Although I don?t feel that was the intent, it
>>>>>         could certainly be perceived that way. No need to bring it
>>>>>         up.
>>>>>
>>>>>>         I am also uncomfortable with saying there are things that
>>>>>>         don't need
>>>>>>         public comment on.  To just have to take the legal staff
>>>>>>         view on things
>>>>>>         is dangerous.  What if they say the law does not require
>>>>>>         something when
>>>>>>         someone knows better. Better to have a null review.  I
>>>>>>         have not,
>>>>>>         however, removed these as they were an entire section.   
>>>>>>         I would like
>>>>>>         to see that section reworded or removed before approving
>>>>>>         the documents.
>>>>>         IMHO, I don?t see the need for a public comment period on
>>>>>         every time this policy might be used. If a new set of
>>>>>         policies and processes are adopted for handling WHOIS
>>>>>         conflicts with privacy laws, then they should be clear
>>>>>         enough during implementation to not require public
>>>>>         comment, right? Isn?t this the case with all policies? For
>>>>>         instance, is there a public comment period every time a
>>>>>         new registrar signs a contract with ICANN? Or will there
>>>>>         be a public comment period when implementation of the
>>>>>         ?thick? WHOIS policy kicks in?
>>>>>
>>>>>         Another thought is that a public comment period will also
>>>>>         lengthen the period during which a registrar will
>>>>>         potentially be at risk for non-compliance with local laws.
>>>>>         Unless there is an important reason why there should be a
>>>>>         public comment for each of the resolution scenarios, then
>>>>>         I suggest we support Kathy?s recommendation to not have any.
>>>>>
>>>>>         Thanks.
>>>>>
>>>>>         Amr
>>>>>
>>>>>>         I also removed a bunch of weasel words like 'respectfully'
>>>>>>
>>>>>>         avri
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>         On 30-Jul-14 14:28, Avri Doria wrote:
>>>>>>>         Hi,
>>>>>>>
>>>>>>>         Started reviewing them, actually Stephanie's comments. 
>>>>>>>         They are written
>>>>>>>         from an NCUC perspective and need to be approved by
>>>>>>>         them, not us.
>>>>>>>
>>>>>>>         avri
>>>>>>>
>>>>>>>
>>>>>>>         On 30-Jul-14 11:36, Rafik Dammak wrote:
>>>>>>>>         Hi everyone,
>>>>>>>>
>>>>>>>>         Kathy sent a draft comment to the whois conflict with
>>>>>>>>         local laws. we
>>>>>>>>         have a tight schedule and we should act quickly.
>>>>>>>>         we are responding during the reply period which means
>>>>>>>>         the last chance
>>>>>>>>         for us to do so.
>>>>>>>>         @Maria can you please follow-up with this request?
>>>>>>>>
>>>>>>>>         Best,
>>>>>>>>
>>>>>>>>         Rafik
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         ---------- Forwarded message ----------
>>>>>>>>         From: *Kathy Kleiman* <kathy at kathykleiman.com
>>>>>>>>         <mailto:kathy at kathykleiman.com>
>>>>>>>>         <mailto:kathy at kathykleiman.com>
>>>>>>>>         <mailto:kathy at kathykleiman.com>>
>>>>>>>>         Date: 2014-07-30 2:44 GMT+09:00
>>>>>>>>         Subject: Draft Comments for Whois Proceeding
>>>>>>>>         To: Rafik Dammak <rafik.dammak at gmail.com
>>>>>>>>         <mailto:rafik.dammak at gmail.com>
>>>>>>>>         <mailto:rafik.dammak at gmail.com>
>>>>>>>>         <mailto:rafik.dammak at gmail.com>>,
>>>>>>>>         NCSG-DISCUSS at listserv.syr.edu
>>>>>>>>         <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>>         <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>>         <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>>
>>>>>>>>
>>>>>>>>         To Rafik, NCSG Executive Committee and NCSG Membership,
>>>>>>>>
>>>>>>>>         There is an important, but very quiet comment
>>>>>>>>         proceeding that has been
>>>>>>>>         taking place this summer. It is the /Review of the
>>>>>>>>         ICANN Procedure for
>>>>>>>>         Handling WHOIS Conflicts with Privacy Law///at
>>>>>>>>         /https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         Stephanie put out a call for comments, and not seeing
>>>>>>>>         any, I drafted
>>>>>>>>         these.  It has been dismayeding ever since ICANN
>>>>>>>>         adopted its Consensus
>>>>>>>>         Procedure for Handling WHOIS Conflicts with Privacy law
>>>>>>>>         -- because it
>>>>>>>>         basically requires that Registrars and Registries have
>>>>>>>>         to be sued or
>>>>>>>>         receive an official notice of violation before they can
>>>>>>>>         ask ICANN for a
>>>>>>>>         waiver of the Whois requirements. That always seemed
>>>>>>>>         very unfair- that
>>>>>>>>         you have to be exposed to allegation of illegal
>>>>>>>>         activity in order to
>>>>>>>>         protect yourself or your Registrants under your
>>>>>>>>         national data protection
>>>>>>>>         and privacy laws.
>>>>>>>>
>>>>>>>>         In the more recent Data Retention Specification, of the
>>>>>>>>         2013 RAA, ICANN
>>>>>>>>         Staff and Lawyers saw this problem and corrected it --
>>>>>>>>         now Registrars
>>>>>>>>         can be much more pro-active in showing ICANN that a
>>>>>>>>         certain clause in
>>>>>>>>         their contract (e.g., extended data retention) is a
>>>>>>>>         clear violation of
>>>>>>>>         their national law (e.g., more limited data retention).
>>>>>>>>
>>>>>>>>         So to this important comment proceeding, I drafted
>>>>>>>>         these comments for us
>>>>>>>>         to submit. As Reply Comments (during the Reply Period),
>>>>>>>>         we are asked to
>>>>>>>>         respond to other commenters. That's easy as the
>>>>>>>>         European Commission and
>>>>>>>>         Registrar Blacknight submitted useful comments.
>>>>>>>>
>>>>>>>>         Rafik, can we edit, finalize and submit by the deadline
>>>>>>>>         on Friday?
>>>>>>>>         Comments below and attached. If you have edits, in the
>>>>>>>>         interest of time,
>>>>>>>>         kindly suggest alternate language. Tx!!
>>>>>>>>
>>>>>>>>         Best,
>>>>>>>>         Kathy
>>>>>>>>         --------------------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>>
>>>>>>>>         DRAFT NCSG Response to the Questions of the
>>>>>>>>
>>>>>>>>         /Review of the ICANN Procedure for Handling WHOIS
>>>>>>>>         Conflicts with Privacy
>>>>>>>>         Law//
>>>>>>>>         https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         *Introduction*
>>>>>>>>
>>>>>>>>         The Noncommercial Stakeholders Group represents
>>>>>>>>         noncommercial
>>>>>>>>         organizations in their work in the policy and
>>>>>>>>         proceedings of ICANN and
>>>>>>>>         the GNSO. We respectfully submit as an opening premise
>>>>>>>>         that every legal
>>>>>>>>         business has the right and obligation to operate within
>>>>>>>>         the bounds and
>>>>>>>>         limits of its national laws and regulations. No legal
>>>>>>>>         business
>>>>>>>>         establishes itself to violate the law; and to do so is
>>>>>>>>         an invitation to
>>>>>>>>         civil and criminal penalties. ICANN Registries and
>>>>>>>>         Registrars are no
>>>>>>>>         different ? they want and need to abide by their laws.
>>>>>>>>
>>>>>>>>         Thus, it is timely for ICANN to raise the questions of
>>>>>>>>         this proceeding,
>>>>>>>>         /Review of the ICANN Procedure for Handling WHOIS
>>>>>>>>         Conflicts with Privacy
>>>>>>>>         Law/(albeit at a busy time for the Community and at the
>>>>>>>>         height of
>>>>>>>>         summer; we expect to see more interest in this time
>>>>>>>>         towards the Fall).
>>>>>>>>         We submit these comments in response to the issues
>>>>>>>>         raises and the
>>>>>>>>         questions asked.
>>>>>>>>
>>>>>>>>         *Background*
>>>>>>>>
>>>>>>>>         The /ICANN Procedure for Handling Whois Conflicts with
>>>>>>>>         Privacy Law /was
>>>>>>>>         adopted in 2006 after years of debate on Whois issues.
>>>>>>>>         This Consensus
>>>>>>>>         Procedure was the first step of recognition that data
>>>>>>>>         protection laws
>>>>>>>>         and privacy law DO apply to the personal and sensitive
>>>>>>>>         data being
>>>>>>>>         collected by Registries and Registrars for the Whois
>>>>>>>>         database.
>>>>>>>>
>>>>>>>>         But for those of us in the Noncommercial Users
>>>>>>>>         Constituency (now part of
>>>>>>>>         the Noncommercial Stakeholders Group/NCSG) who helped
>>>>>>>>         debate, draft and
>>>>>>>>         adopt this Consensus Procedure in the mid-2000s, we
>>>>>>>>         were always shocked
>>>>>>>>         that the ICANN Community did not do more. At the time,
>>>>>>>>         multiple Whois
>>>>>>>>         Task Forces were at work with multiple proposals which
>>>>>>>>         include important
>>>>>>>>         and pro-active suggestions to allow Registrars and
>>>>>>>>         Registries to come
>>>>>>>>         into compliance with their national data protection and
>>>>>>>>         privacy laws.
>>>>>>>>
>>>>>>>>         At the time, we never expected this Consensus Procedure
>>>>>>>>         to be an end
>>>>>>>>         itself ? but the first step of many steps. It was an
>>>>>>>>         ?end? for too long,
>>>>>>>>         so we are glad the discussion is reopened and once
>>>>>>>>         again we seek to
>>>>>>>>         allow Registrars and Registries to be in full
>>>>>>>>         compliance with their
>>>>>>>>         national data protection and privacy laws ? from the
>>>>>>>>         moment they enter
>>>>>>>>         into their contracts with ICANN.
>>>>>>>>
>>>>>>>>         *II. Data Protection and Privacy Laws ? A Quick
>>>>>>>>         Overview of the
>>>>>>>>         Principles that Protect the Personal and Sensitive Data
>>>>>>>>         of Individuals
>>>>>>>>         and Organizations/Small Businesses *
>>>>>>>>
>>>>>>>>         **
>>>>>>>>
>>>>>>>>         /*[Stephanie, Tamir or Others with Expertise in
>>>>>>>>         Canadian and European
>>>>>>>>         Data Protection Laws may choose to add something here]. */
>>>>>>>>
>>>>>>>>         III/*. */Questions asked of the Community in this
>>>>>>>>         Proceeding
>>>>>>>>
>>>>>>>>         The ICANN Review Paper raised a number of excellent
>>>>>>>>         questions. In
>>>>>>>>         keeping with the requirements of a Reply Period, these
>>>>>>>>         NCSG comments
>>>>>>>>         will address both our comments and those comments we
>>>>>>>>         particularly
>>>>>>>>         support in this proceeding.
>>>>>>>>
>>>>>>>>             1.
>>>>>>>>
>>>>>>>>                Is it impractical for ICANN to require that a
>>>>>>>>         contracted party
>>>>>>>>                already has litigation or a government
>>>>>>>>         proceeding initiated
>>>>>>>>                against it prior to being able to invoke the
>>>>>>>>         Whois Procedure?
>>>>>>>>
>>>>>>>>         1.1 Response: Yes, it is completely impractical (and
>>>>>>>>         ill-advised) to
>>>>>>>>         force a company to violate a national law as a
>>>>>>>>         condition of complying
>>>>>>>>         with that national law. Every lawyer advises businesses
>>>>>>>>         to comply with
>>>>>>>>         the laws and regulations of their field. To do
>>>>>>>>         otherwise is to face
>>>>>>>>         fines, penalties, loss of the business, even jail for
>>>>>>>>         officers and
>>>>>>>>         directors. Legal business strives to be law-abiding; no
>>>>>>>>         officer or
>>>>>>>>         director wants to go to jail for her company's
>>>>>>>>         violations. It is the
>>>>>>>>         essence of an attorney's advice to his/her clients to
>>>>>>>>         fully comply with
>>>>>>>>         the laws and operate clearly within the clear
>>>>>>>>         boundaries and limits of
>>>>>>>>         laws and regulations, both national, by province or
>>>>>>>>         state and local.
>>>>>>>>
>>>>>>>>         In these Reply Comments, we support and encourage ICANN
>>>>>>>>         to adopt
>>>>>>>>         policies consistent with the initial comments submitted
>>>>>>>>         by the European
>>>>>>>>         Commission:
>>>>>>>>
>>>>>>>>              o
>>>>>>>>
>>>>>>>>                that the Whois Procedure be changed from
>>>>>>>>         requiring specific
>>>>>>>>                prosecutorial action instead to allowing
>>>>>>>>         ?demonstrating evidence
>>>>>>>>                of a potential conflict widely and e.g.
>>>>>>>>         accepting information on
>>>>>>>>                the legislation imposing requirements that the
>>>>>>>>         contractual
>>>>>>>>                requirements would breach as sufficient
>>>>>>>>         evidence.? (European
>>>>>>>>                Commission comments)
>>>>>>>>
>>>>>>>>         We also agree with Blacknight:
>>>>>>>>
>>>>>>>>              o
>>>>>>>>
>>>>>>>>                ?It's completely illogical for ICANN to require
>>>>>>>>         that a
>>>>>>>>                contracting party already has litigation before
>>>>>>>>         they can use a
>>>>>>>>                process. We would have loved to use a procedure
>>>>>>>>         or process to
>>>>>>>>                get exemptions, but expecting us to already be
>>>>>>>>         litigating before
>>>>>>>>                we can do so is, for lack of a better word,
>>>>>>>>         nuts.? (Blacknight
>>>>>>>>                comments in this proceeding).
>>>>>>>>
>>>>>>>>
>>>>>>>>            1.1a How can the triggering event be meaningfully
>>>>>>>>         defined?
>>>>>>>>
>>>>>>>>         1.1 a Response: This is an important question.
>>>>>>>>         Rephrased, we might ask
>>>>>>>>         together ? what must a Registry or Registrar show ICANN
>>>>>>>>         in support of
>>>>>>>>         its claim that certain provisions involving Whois data
>>>>>>>>         violate
>>>>>>>>         provisions of national data protection and privacy laws?
>>>>>>>>
>>>>>>>>         NCSG respectfully submits that there are at least four
>>>>>>>>         ?triggering
>>>>>>>>         events? that ICANN should recognize:
>>>>>>>>
>>>>>>>>              o
>>>>>>>>
>>>>>>>>                Evidence from a national Data Protection
>>>>>>>>         Commissioner or his/her
>>>>>>>>                office (or from a internationally recognized
>>>>>>>>         body of national
>>>>>>>>                Data Protection Commissioners in a certain
>>>>>>>>         region of the world,
>>>>>>>>                including the Article 29 Working Party that
>>>>>>>>         analyzes the
>>>>>>>>                national data protection and privacy laws) that
>>>>>>>>         ICANN's
>>>>>>>>                contractual obligations for Registry and/or
>>>>>>>>         Registrar contracts
>>>>>>>>                violate the data protection laws of their
>>>>>>>>         country or their group
>>>>>>>>                of countries;
>>>>>>>>
>>>>>>>>              o
>>>>>>>>
>>>>>>>>                Evidence of legal and/or jurisdictional conflict
>>>>>>>>         arising from
>>>>>>>>                analysis performed by ICANN's legal department
>>>>>>>>         or by national
>>>>>>>>                legal experts hired by ICANN to evaluate the
>>>>>>>>         Whois requirements
>>>>>>>>                of the ICANN contracts for compliance and
>>>>>>>>         conflicts with
>>>>>>>>                national data protection laws and cross-border
>>>>>>>>         transfer limits)
>>>>>>>>                (similar to the process we understand was
>>>>>>>>         undertaken for the
>>>>>>>>                data retention issue);
>>>>>>>>
>>>>>>>>
>>>>>>>>              o
>>>>>>>>
>>>>>>>>                Receipt of a written legal opinion from a
>>>>>>>>         nationally recognized
>>>>>>>>                law firm in the applicable jurisdiction that
>>>>>>>>         states that the
>>>>>>>>                collection, retention and/or transfer of certain
>>>>>>>>         Whois data
>>>>>>>>                elements as required by Registrar or Registry
>>>>>>>>         Agreements is
>>>>>>>>                ?reasonably likely to violate the applicable
>>>>>>>>         law? of the
>>>>>>>>                Registry or Registrar (per the process allowed
>>>>>>>>         in RAA Data
>>>>>>>>                Retention Specification); or
>>>>>>>>
>>>>>>>>
>>>>>>>>              o
>>>>>>>>
>>>>>>>>                An official opinion of any other governmental
>>>>>>>>         body of competent
>>>>>>>>                jurisdiction providing that compliance with the
>>>>>>>>         data protection
>>>>>>>>                requirements of the Registry/Registrar contracts
>>>>>>>>         violates
>>>>>>>>                applicable national law (although such
>>>>>>>>         pro-active opinions may
>>>>>>>>                not be the practice of the Data Protection
>>>>>>>>         Commissioner's office).
>>>>>>>>
>>>>>>>>         The above list draws from the comments of the European
>>>>>>>>         Commission, Data
>>>>>>>>         Retention Specification of the 2013 Registrar
>>>>>>>>         Accreditation Agreement,
>>>>>>>>         and sound compliance and business practices for the
>>>>>>>>         ICANN General
>>>>>>>>         Counsel's office.
>>>>>>>>
>>>>>>>>         We further agree with Blacknight that the requirements
>>>>>>>>         for triggering
>>>>>>>>         any review and consideration by ICANN be: simple and
>>>>>>>>         straightforward,
>>>>>>>>         quick and easy to access.
>>>>>>>>
>>>>>>>>
>>>>>>>>            1.3 Are there any components of the triggering
>>>>>>>>         event/notification
>>>>>>>>         portion of the RAA's Data Retention waiver process that
>>>>>>>>         should be
>>>>>>>>         considered as optional for incorporation into a
>>>>>>>>         modified Whois Procedure?
>>>>>>>>
>>>>>>>>
>>>>>>>>         1.3 Response: Absolutely, the full list in 1.1a above,
>>>>>>>>         together with
>>>>>>>>         other constructive contributions in the Comments and
>>>>>>>>         Reply Comments of
>>>>>>>>         this proceeding, should be strongly considered for
>>>>>>>>         incorporation into a
>>>>>>>>         modified Whois Procedure, or simply written into the
>>>>>>>>         contracts of the
>>>>>>>>         Registries and Registrars contractual language, or a
>>>>>>>>         new Annex or
>>>>>>>>         Specification.
>>>>>>>>
>>>>>>>>         We respectfully submit that the obligation of
>>>>>>>>         Registries and Registrars
>>>>>>>>         to comply with their national laws is not a matter of
>>>>>>>>         multistakeholder
>>>>>>>>         decision making, but a matter of law and compliance. In
>>>>>>>>         this case, we
>>>>>>>>         wholeheartedly embrace the concept of building a
>>>>>>>>         process together that
>>>>>>>>         will allow exceptions for data protection and privacy
>>>>>>>>         laws to be adopted
>>>>>>>>         quickly and easily.
>>>>>>>>
>>>>>>>>
>>>>>>>>            1.4 Should parties be permitted to invoke the Whois
>>>>>>>>         Procedure before
>>>>>>>>         contracting with ICANN as a registrar or registry?
>>>>>>>>
>>>>>>>>
>>>>>>>>         1.4 Response: Of course, Registries and Registrars
>>>>>>>>         should be allowed to
>>>>>>>>         invoke the Whois Procedure, or other appropriate
>>>>>>>>         annexes and
>>>>>>>>         specifications that may be added into Registry and
>>>>>>>>         Registrar contracts
>>>>>>>>         with ICANN. As discussed above, the right of a legal
>>>>>>>>         company to enter
>>>>>>>>         into a legal contracts is the most basic of
>>>>>>>>         expectations under law.
>>>>>>>>
>>>>>>>>
>>>>>>>>            2.1 Are there other relevant parties who should be
>>>>>>>>         included in this
>>>>>>>>         step?
>>>>>>>>
>>>>>>>>
>>>>>>>>         2.1 Response: We agree with the EC that ICANN should be
>>>>>>>>         working as
>>>>>>>>         closely with National Data Protection Authorities as
>>>>>>>>         they will allow. In
>>>>>>>>         light of the overflow of work into these national
>>>>>>>>         commissions, and the
>>>>>>>>         availability of national experts at law firms, ICANN
>>>>>>>>         should also turn to
>>>>>>>>         the advice of private experts, such as well-respected
>>>>>>>>         law firms who
>>>>>>>>         specialize in national data protection laws. The law
>>>>>>>>         firm's opinions on
>>>>>>>>         these matters would help to guide ICANN's knowledge and
>>>>>>>>         evaluation of
>>>>>>>>         this important issue.
>>>>>>>>
>>>>>>>>
>>>>>>>>            3.1 How is an agreement reached and published?
>>>>>>>>
>>>>>>>>         3.1 Response. As discussed above, compliance with
>>>>>>>>         national law may not
>>>>>>>>         be the best matter for negotiation within a
>>>>>>>>         multistakeholder process. It
>>>>>>>>         really should not be a chose for others to make whether
>>>>>>>>         you comply with
>>>>>>>>         your national data protection and privacy laws. That
>>>>>>>>         said, the process
>>>>>>>>         of refining the Consensus Procedure, and adopting new
>>>>>>>>         policies and
>>>>>>>>         procedures, or simply putting new contract provisions,
>>>>>>>>         annexes or
>>>>>>>>         specifications into the Registry and Registrar
>>>>>>>>         contracts SHOULD be
>>>>>>>>         subject to community discussion, notification and
>>>>>>>>         review. But once the
>>>>>>>>         new process is adopted, we think the new changes,
>>>>>>>>         variations,
>>>>>>>>         modifications or exceptions of Individual Registries
>>>>>>>>         and Registrars need
>>>>>>>>         go through a public review and process. The results,
>>>>>>>>         however, Should be
>>>>>>>>         published for Community notification and review.
>>>>>>>>
>>>>>>>>
>>>>>>>>         We note that in conducting the discussion with the
>>>>>>>>         Community on the
>>>>>>>>         overall or general procedure, policy or contractual
>>>>>>>>         changes, ICANN
>>>>>>>>         should be assertive in its outreach to the Data Protection
>>>>>>>>         Commissioners. Individual and through their
>>>>>>>>         organizations, they have
>>>>>>>>         offered to help ICANN evaluate this issue numerous
>>>>>>>>         times. The Whois
>>>>>>>>         Review Team noted the inability of many external bodies
>>>>>>>>         to monitor ICANN
>>>>>>>>         regularly, but the need for outreach to them by ICANN
>>>>>>>>         staff nonetheless:
>>>>>>>>
>>>>>>>>
>>>>>>>>         *Recommendation 3: Outreach*
>>>>>>>>
>>>>>>>>         *ICANN should ensure that WHOIS policy issues are
>>>>>>>>         accompanied by
>>>>>>>>         cross-community*
>>>>>>>>
>>>>>>>>         *outreach, including outreach to the communities
>>>>>>>>         outside of ICANN with a
>>>>>>>>         specific*
>>>>>>>>
>>>>>>>>         *interest in the issues, and an ongoing program for
>>>>>>>>         consumer awareness.*
>>>>>>>>
>>>>>>>>         This is a critical policy item for such outreach and
>>>>>>>>         input.
>>>>>>>>
>>>>>>>>
>>>>>>>>            3.2 If there is an agreed outcome among the relevant
>>>>>>>>         parties, should
>>>>>>>>         the Board be involved in this procedure?
>>>>>>>>
>>>>>>>>
>>>>>>>>         3.2 Response: Clearly, the changing of the procedure,
>>>>>>>>         or the adoption of
>>>>>>>>         a new policy or new contractual language for Registries
>>>>>>>>         and Registrars,
>>>>>>>>         Board oversight and review should be involved. But once
>>>>>>>>         the new
>>>>>>>>         procedure, policy or contractual language is in place,
>>>>>>>>         then subsequent
>>>>>>>>         individual changes, variations, modifications or
>>>>>>>>         exceptions should be
>>>>>>>>         handled through the process and ICANN Staff ? as the
>>>>>>>>         Data Retention
>>>>>>>>         Process is handled today.
>>>>>>>>
>>>>>>>>
>>>>>>>>            4.1 Would it be fruitful to incorporate public
>>>>>>>>         comment in each of
>>>>>>>>         the resolution scenarios?
>>>>>>>>
>>>>>>>>         4.1 Response: We think this question means whether
>>>>>>>>         there should be
>>>>>>>>         public input on each and every exception? We
>>>>>>>>         respectfully submit that
>>>>>>>>         the answer is No. Once the new policy, procedure or
>>>>>>>>         contractual language
>>>>>>>>         is adopted, then the process should kick in and the
>>>>>>>>         Registrar/Registry
>>>>>>>>         should be allowed to apply for the waiver, modification
>>>>>>>>         or revision
>>>>>>>>         consistent with its data protection and privacy laws.
>>>>>>>>         Of course, once
>>>>>>>>         the waiver or modification is granted, the decision
>>>>>>>>         should be matter of
>>>>>>>>         public record so that other Registries and Registrars
>>>>>>>>         in the
>>>>>>>>         jurisdiction know and so that the ICANN Community as a
>>>>>>>>         whole can monitor
>>>>>>>>         this process' implementation and compliance.
>>>>>>>>
>>>>>>>>         Step Five: Public notice
>>>>>>>>
>>>>>>>>
>>>>>>>>            5.2 Is the exemption or modification termed to the
>>>>>>>>         length of the
>>>>>>>>         agreement? Or is it indefinite as long as the
>>>>>>>>         contracted party is
>>>>>>>>         located in the jurisdiction in question, or so long as
>>>>>>>>         the applicable
>>>>>>>>         law is in force.
>>>>>>>>
>>>>>>>>         5.2 Response: We agree with the European Commission in
>>>>>>>>         its response,
>>>>>>>>         ?/By logic the exemption or modification shall be in
>>>>>>>>         place as long as
>>>>>>>>         the party is subject to the jurisdiction in conflict
>>>>>>>>         with ICANN rules.
>>>>>>>>         If the applicable law was to change, or the contacted
>>>>>>>>         party moved to a
>>>>>>>>         different jurisdiction, the conditions should be
>>>>>>>>         reviewed to assess if
>>>>>>>>         the exemption is still justified.? But provided it is
>>>>>>>>         the same parties,
>>>>>>>>         operating under the same laws, the modification or
>>>>>>>>         change should
>>>>>>>>         continue through the duration of the relationship
>>>>>>>>         between the
>>>>>>>>         Registry/Registrar and ICANN. /
>>>>>>>>
>>>>>>>>
>>>>>>>>            5.3 Should an exemption or modification based on the
>>>>>>>>         same laws and
>>>>>>>>         facts then be granted to other affected contracted
>>>>>>>>         parties in the same
>>>>>>>>                jurisdiction without invoking the Whois Procedure
>>>>>>>>
>>>>>>>>         5.3 Response. The European Commission in its comments
>>>>>>>>         wrote, and we
>>>>>>>>         strongly agree: /?the same exception should apply to
>>>>>>>>         others in the same
>>>>>>>>         jurisdiction who can demonstrate that they are in the
>>>>>>>>         same situation.?
>>>>>>>>         /Further, Blacknight wrote and we support: /?if ANY
>>>>>>>>         registrar in
>>>>>>>>         Germany, for example, is granted a waiver based on
>>>>>>>>         German law, than ALL
>>>>>>>>         registrars based in Germany should receive the same
>>>>>>>>         treatment.? /Once a
>>>>>>>>         national data protection or privacy law is interpreted
>>>>>>>>         as requiring and
>>>>>>>>         exemption or modification, it should be available to all
>>>>>>>>         Registries/Registrars in that country.
>>>>>>>>
>>>>>>>>         Further, we recommend that ICANN should be required to
>>>>>>>>         notify each gTLD
>>>>>>>>         Registry and Registrar in the same jurisdiction as that
>>>>>>>>         of the decision
>>>>>>>>         so they will have notice of the change.
>>>>>>>>
>>>>>>>>         We thank ICANN staff for holding this comment period.
>>>>>>>>
>>>>>>>>         Respectfully submitted,
>>>>>>>>
>>>>>>>>         NCSG
>>>>>>>>
>>>>>>>>
>>>>>>>>         DRAFT
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>         _______________________________________________
>>>>>>>>         PC-NCSG mailing list
>>>>>>>>         PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>>>>         http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>>>>
>>>>>>>         _______________________________________________
>>>>>>>         PC-NCSG mailing list
>>>>>>>         PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>>>         http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>>>
>>>>>>>
>>>>>>         <NSCG DRAFT Comments for Review of WHOIS Consensus
>>>>>>         Proceduresp+ad.doc>_______________________________________________
>>>>>>
>>>>>>         PC-NCSG mailing list
>>>>>>         PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>>         http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>
>>>>>         _______________________________________________
>>>>>         PC-NCSG mailing list
>>>>>         PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>         http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>
>>>
>>>
>>>
>>>     _______________________________________________
>>>     PC-NCSG mailing list
>>>     PC-NCSG at ipjustice.org  <mailto:PC-NCSG at ipjustice.org>
>>>     http://mailman.ipjustice.org/listinfo/pc-ncsg
>>
>>
>>     _______________________________________________
>>     PC-NCSG mailing list
>>     PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>     http://mailman.ipjustice.org/listinfo/pc-ncsg
>>
>>
>> <NSCG Draft Comments for Review of WHOIS Consensus Procedure NCSG 
>> Edits3 (00690163).DOC>_______________________________________________
>> PC-NCSG mailing list
>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ipjustice.org/pipermail/pc-ncsg/attachments/20140731/902116b7/attachment-0001.html>



More information about the NCSG-PC mailing list