[PC-NCSG] [NCSG-Discuss] [urgent] Draft Comments for Whois Proceeding
Stephanie Perrin
stephanie.perrin
Thu Jul 31 21:37:17 EEST 2014
I could not find Joy's comments in the text either....the draft I just
circulated has Avri's concerns noted ( I think I missed the shocked bit,
we are supposed to be busy drafting something else here in meissen right
now :-))
If somebody forwards joy's text I would be grateful, having a difficult
time getting attachments, it appears to be hit or miss...
cheers steph
On 2014-07-31, 13:11, Amr Elsadr wrote:
> Hi,
>
> Is this the latest draft? I don?t see Joy?s input regarding the UN?s
> High Commissioner on Human Rights in here. I also have a problem with
> this part is ?Response 1.3?:
>
> /?We respectfully submit that the obligation of Registries and
> Registrars to comply with their national laws is not a matter of
> multistakeholder decision making, but a matter of law and compliance.
> In this case, we wholeheartedly embrace the concept of building a
> process together that will allow exceptions for data protection and
> privacy laws to be adopted quickly and easily.?/
>
> Although I do feel that contracted parties need to comply with local
> laws (or else they can?t operate), I do not agree on giving a message
> that the NCSG believes that this is not a matter of multistakeholder
> decision-making. We?ve asked the MSM within the GNSO to address issues
> of compliance with data protection and privacy laws in the past (like
> in the ?thick? WHOIS PDP), and we should encourage ICANN to continue
> to do this. I suggest we drop this paragraph.
>
> Thanks.
>
> Amr
>
> On Jul 31, 2014, at 6:00 PM, Rafik Dammak <rafik.dammak at gmail.com
> <mailto:rafik.dammak at gmail.com>> wrote:
>
>> thanks Stephanie, I am attaching the latest version
>>
>> Rafik
>>
>>
>>
>> 2014-08-01 0:56 GMT+09:00 Stephanie Perrin
>> <stephanie.perrin at mail.utoronto.ca
>> <mailto:stephanie.perrin at mail.utoronto.ca>>:
>>
>> So I vote yes, and am reviewing the last text Kathy sent right now...
>> SP
>>
>> On 2014-07-31, 11:53, Rafik Dammak wrote:
>>> Hi Kathy,
>>>
>>> thank you for the changes, we should hear from other member of
>>> PC, Maria can make the last call and declare consensus.
>>> the deadline for sending the comment is 1 Aug 2014 23:59 UTC, so
>>> we need to get endorsement before that.
>>>
>>> Best,
>>> Rafik
>>>
>>>
>>> 2014-08-01 0:09 GMT+09:00 Kathy Kleiman <kathy at kathykleiman.com
>>> <mailto:kathy at kathykleiman.com>>:
>>>
>>> Hi Stephanie,
>>> Tx for adding Avri's comments. I've reviewed all of the
>>> changes, and also added one more to this most recent
>>> version. _Newest version (NCSGEdits3) attached. _
>>> **Due tomorrow**
>>> Best,
>>> Kathy
>>> :
>>>> I also agreed with Avri and inserted a few of her changes,
>>>> Kathy did not get those edits....we need to make sure we
>>>> have a final copy that Rafik can sign, which reflects all
>>>> the agreed changes. Do you want me to have another edit
>>>> one last time, to make sure that Joy's comments (which were
>>>> on an earlier draft) and Avri's are all in there?
>>>> cheers stephanie
>>>> On 2014-07-31, 9:22, Amr Elsadr wrote:
>>>>> Hi all,
>>>>>
>>>>> On Jul 30, 2014, at 2:57 PM, Avri Doria <avri at ACM.ORG>
>>>>> <mailto:avri at ACM.ORG> wrote:
>>>>>
>>>>>> hi,
>>>>>>
>>>>>> Reviewed the document.
>>>>>>
>>>>>> Made a change so it could be a NCSG document.
>>>>> Thanks.
>>>>>
>>>>>> There are parts I am uncomfortable with, some of which I
>>>>>> deleted and
>>>>>> some of which I left and still am uncomfortable with.
>>>>>>
>>>>>> I do not think we should ever dismiss the
>>>>>> Multistakeholder model. I do
>>>>>> not wish to find ourselves in the situation of being
>>>>>> quoted for having
>>>>>> suggested that there are times when the model should be
>>>>>> superseded. That
>>>>>> would be a gold mine for some. I deleted those references.
>>>>> Fully agree. Although I don?t feel that was the intent, it
>>>>> could certainly be perceived that way. No need to bring it
>>>>> up.
>>>>>
>>>>>> I am also uncomfortable with saying there are things that
>>>>>> don't need
>>>>>> public comment on. To just have to take the legal staff
>>>>>> view on things
>>>>>> is dangerous. What if they say the law does not require
>>>>>> something when
>>>>>> someone knows better. Better to have a null review. I
>>>>>> have not,
>>>>>> however, removed these as they were an entire section.
>>>>>> I would like
>>>>>> to see that section reworded or removed before approving
>>>>>> the documents.
>>>>> IMHO, I don?t see the need for a public comment period on
>>>>> every time this policy might be used. If a new set of
>>>>> policies and processes are adopted for handling WHOIS
>>>>> conflicts with privacy laws, then they should be clear
>>>>> enough during implementation to not require public
>>>>> comment, right? Isn?t this the case with all policies? For
>>>>> instance, is there a public comment period every time a
>>>>> new registrar signs a contract with ICANN? Or will there
>>>>> be a public comment period when implementation of the
>>>>> ?thick? WHOIS policy kicks in?
>>>>>
>>>>> Another thought is that a public comment period will also
>>>>> lengthen the period during which a registrar will
>>>>> potentially be at risk for non-compliance with local laws.
>>>>> Unless there is an important reason why there should be a
>>>>> public comment for each of the resolution scenarios, then
>>>>> I suggest we support Kathy?s recommendation to not have any.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Amr
>>>>>
>>>>>> I also removed a bunch of weasel words like 'respectfully'
>>>>>>
>>>>>> avri
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 30-Jul-14 14:28, Avri Doria wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Started reviewing them, actually Stephanie's comments.
>>>>>>> They are written
>>>>>>> from an NCUC perspective and need to be approved by
>>>>>>> them, not us.
>>>>>>>
>>>>>>> avri
>>>>>>>
>>>>>>>
>>>>>>> On 30-Jul-14 11:36, Rafik Dammak wrote:
>>>>>>>> Hi everyone,
>>>>>>>>
>>>>>>>> Kathy sent a draft comment to the whois conflict with
>>>>>>>> local laws. we
>>>>>>>> have a tight schedule and we should act quickly.
>>>>>>>> we are responding during the reply period which means
>>>>>>>> the last chance
>>>>>>>> for us to do so.
>>>>>>>> @Maria can you please follow-up with this request?
>>>>>>>>
>>>>>>>> Best,
>>>>>>>>
>>>>>>>> Rafik
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------- Forwarded message ----------
>>>>>>>> From: *Kathy Kleiman* <kathy at kathykleiman.com
>>>>>>>> <mailto:kathy at kathykleiman.com>
>>>>>>>> <mailto:kathy at kathykleiman.com>
>>>>>>>> <mailto:kathy at kathykleiman.com>>
>>>>>>>> Date: 2014-07-30 2:44 GMT+09:00
>>>>>>>> Subject: Draft Comments for Whois Proceeding
>>>>>>>> To: Rafik Dammak <rafik.dammak at gmail.com
>>>>>>>> <mailto:rafik.dammak at gmail.com>
>>>>>>>> <mailto:rafik.dammak at gmail.com>
>>>>>>>> <mailto:rafik.dammak at gmail.com>>,
>>>>>>>> NCSG-DISCUSS at listserv.syr.edu
>>>>>>>> <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>> <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>> <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>>
>>>>>>>>
>>>>>>>> To Rafik, NCSG Executive Committee and NCSG Membership,
>>>>>>>>
>>>>>>>> There is an important, but very quiet comment
>>>>>>>> proceeding that has been
>>>>>>>> taking place this summer. It is the /Review of the
>>>>>>>> ICANN Procedure for
>>>>>>>> Handling WHOIS Conflicts with Privacy Law///at
>>>>>>>> /https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Stephanie put out a call for comments, and not seeing
>>>>>>>> any, I drafted
>>>>>>>> these. It has been dismayeding ever since ICANN
>>>>>>>> adopted its Consensus
>>>>>>>> Procedure for Handling WHOIS Conflicts with Privacy law
>>>>>>>> -- because it
>>>>>>>> basically requires that Registrars and Registries have
>>>>>>>> to be sued or
>>>>>>>> receive an official notice of violation before they can
>>>>>>>> ask ICANN for a
>>>>>>>> waiver of the Whois requirements. That always seemed
>>>>>>>> very unfair- that
>>>>>>>> you have to be exposed to allegation of illegal
>>>>>>>> activity in order to
>>>>>>>> protect yourself or your Registrants under your
>>>>>>>> national data protection
>>>>>>>> and privacy laws.
>>>>>>>>
>>>>>>>> In the more recent Data Retention Specification, of the
>>>>>>>> 2013 RAA, ICANN
>>>>>>>> Staff and Lawyers saw this problem and corrected it --
>>>>>>>> now Registrars
>>>>>>>> can be much more pro-active in showing ICANN that a
>>>>>>>> certain clause in
>>>>>>>> their contract (e.g., extended data retention) is a
>>>>>>>> clear violation of
>>>>>>>> their national law (e.g., more limited data retention).
>>>>>>>>
>>>>>>>> So to this important comment proceeding, I drafted
>>>>>>>> these comments for us
>>>>>>>> to submit. As Reply Comments (during the Reply Period),
>>>>>>>> we are asked to
>>>>>>>> respond to other commenters. That's easy as the
>>>>>>>> European Commission and
>>>>>>>> Registrar Blacknight submitted useful comments.
>>>>>>>>
>>>>>>>> Rafik, can we edit, finalize and submit by the deadline
>>>>>>>> on Friday?
>>>>>>>> Comments below and attached. If you have edits, in the
>>>>>>>> interest of time,
>>>>>>>> kindly suggest alternate language. Tx!!
>>>>>>>>
>>>>>>>> Best,
>>>>>>>> Kathy
>>>>>>>> --------------------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>>
>>>>>>>> DRAFT NCSG Response to the Questions of the
>>>>>>>>
>>>>>>>> /Review of the ICANN Procedure for Handling WHOIS
>>>>>>>> Conflicts with Privacy
>>>>>>>> Law//
>>>>>>>> https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Introduction*
>>>>>>>>
>>>>>>>> The Noncommercial Stakeholders Group represents
>>>>>>>> noncommercial
>>>>>>>> organizations in their work in the policy and
>>>>>>>> proceedings of ICANN and
>>>>>>>> the GNSO. We respectfully submit as an opening premise
>>>>>>>> that every legal
>>>>>>>> business has the right and obligation to operate within
>>>>>>>> the bounds and
>>>>>>>> limits of its national laws and regulations. No legal
>>>>>>>> business
>>>>>>>> establishes itself to violate the law; and to do so is
>>>>>>>> an invitation to
>>>>>>>> civil and criminal penalties. ICANN Registries and
>>>>>>>> Registrars are no
>>>>>>>> different ? they want and need to abide by their laws.
>>>>>>>>
>>>>>>>> Thus, it is timely for ICANN to raise the questions of
>>>>>>>> this proceeding,
>>>>>>>> /Review of the ICANN Procedure for Handling WHOIS
>>>>>>>> Conflicts with Privacy
>>>>>>>> Law/(albeit at a busy time for the Community and at the
>>>>>>>> height of
>>>>>>>> summer; we expect to see more interest in this time
>>>>>>>> towards the Fall).
>>>>>>>> We submit these comments in response to the issues
>>>>>>>> raises and the
>>>>>>>> questions asked.
>>>>>>>>
>>>>>>>> *Background*
>>>>>>>>
>>>>>>>> The /ICANN Procedure for Handling Whois Conflicts with
>>>>>>>> Privacy Law /was
>>>>>>>> adopted in 2006 after years of debate on Whois issues.
>>>>>>>> This Consensus
>>>>>>>> Procedure was the first step of recognition that data
>>>>>>>> protection laws
>>>>>>>> and privacy law DO apply to the personal and sensitive
>>>>>>>> data being
>>>>>>>> collected by Registries and Registrars for the Whois
>>>>>>>> database.
>>>>>>>>
>>>>>>>> But for those of us in the Noncommercial Users
>>>>>>>> Constituency (now part of
>>>>>>>> the Noncommercial Stakeholders Group/NCSG) who helped
>>>>>>>> debate, draft and
>>>>>>>> adopt this Consensus Procedure in the mid-2000s, we
>>>>>>>> were always shocked
>>>>>>>> that the ICANN Community did not do more. At the time,
>>>>>>>> multiple Whois
>>>>>>>> Task Forces were at work with multiple proposals which
>>>>>>>> include important
>>>>>>>> and pro-active suggestions to allow Registrars and
>>>>>>>> Registries to come
>>>>>>>> into compliance with their national data protection and
>>>>>>>> privacy laws.
>>>>>>>>
>>>>>>>> At the time, we never expected this Consensus Procedure
>>>>>>>> to be an end
>>>>>>>> itself ? but the first step of many steps. It was an
>>>>>>>> ?end? for too long,
>>>>>>>> so we are glad the discussion is reopened and once
>>>>>>>> again we seek to
>>>>>>>> allow Registrars and Registries to be in full
>>>>>>>> compliance with their
>>>>>>>> national data protection and privacy laws ? from the
>>>>>>>> moment they enter
>>>>>>>> into their contracts with ICANN.
>>>>>>>>
>>>>>>>> *II. Data Protection and Privacy Laws ? A Quick
>>>>>>>> Overview of the
>>>>>>>> Principles that Protect the Personal and Sensitive Data
>>>>>>>> of Individuals
>>>>>>>> and Organizations/Small Businesses *
>>>>>>>>
>>>>>>>> **
>>>>>>>>
>>>>>>>> /*[Stephanie, Tamir or Others with Expertise in
>>>>>>>> Canadian and European
>>>>>>>> Data Protection Laws may choose to add something here]. */
>>>>>>>>
>>>>>>>> III/*. */Questions asked of the Community in this
>>>>>>>> Proceeding
>>>>>>>>
>>>>>>>> The ICANN Review Paper raised a number of excellent
>>>>>>>> questions. In
>>>>>>>> keeping with the requirements of a Reply Period, these
>>>>>>>> NCSG comments
>>>>>>>> will address both our comments and those comments we
>>>>>>>> particularly
>>>>>>>> support in this proceeding.
>>>>>>>>
>>>>>>>> 1.
>>>>>>>>
>>>>>>>> Is it impractical for ICANN to require that a
>>>>>>>> contracted party
>>>>>>>> already has litigation or a government
>>>>>>>> proceeding initiated
>>>>>>>> against it prior to being able to invoke the
>>>>>>>> Whois Procedure?
>>>>>>>>
>>>>>>>> 1.1 Response: Yes, it is completely impractical (and
>>>>>>>> ill-advised) to
>>>>>>>> force a company to violate a national law as a
>>>>>>>> condition of complying
>>>>>>>> with that national law. Every lawyer advises businesses
>>>>>>>> to comply with
>>>>>>>> the laws and regulations of their field. To do
>>>>>>>> otherwise is to face
>>>>>>>> fines, penalties, loss of the business, even jail for
>>>>>>>> officers and
>>>>>>>> directors. Legal business strives to be law-abiding; no
>>>>>>>> officer or
>>>>>>>> director wants to go to jail for her company's
>>>>>>>> violations. It is the
>>>>>>>> essence of an attorney's advice to his/her clients to
>>>>>>>> fully comply with
>>>>>>>> the laws and operate clearly within the clear
>>>>>>>> boundaries and limits of
>>>>>>>> laws and regulations, both national, by province or
>>>>>>>> state and local.
>>>>>>>>
>>>>>>>> In these Reply Comments, we support and encourage ICANN
>>>>>>>> to adopt
>>>>>>>> policies consistent with the initial comments submitted
>>>>>>>> by the European
>>>>>>>> Commission:
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> that the Whois Procedure be changed from
>>>>>>>> requiring specific
>>>>>>>> prosecutorial action instead to allowing
>>>>>>>> ?demonstrating evidence
>>>>>>>> of a potential conflict widely and e.g.
>>>>>>>> accepting information on
>>>>>>>> the legislation imposing requirements that the
>>>>>>>> contractual
>>>>>>>> requirements would breach as sufficient
>>>>>>>> evidence.? (European
>>>>>>>> Commission comments)
>>>>>>>>
>>>>>>>> We also agree with Blacknight:
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> ?It's completely illogical for ICANN to require
>>>>>>>> that a
>>>>>>>> contracting party already has litigation before
>>>>>>>> they can use a
>>>>>>>> process. We would have loved to use a procedure
>>>>>>>> or process to
>>>>>>>> get exemptions, but expecting us to already be
>>>>>>>> litigating before
>>>>>>>> we can do so is, for lack of a better word,
>>>>>>>> nuts.? (Blacknight
>>>>>>>> comments in this proceeding).
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.1a How can the triggering event be meaningfully
>>>>>>>> defined?
>>>>>>>>
>>>>>>>> 1.1 a Response: This is an important question.
>>>>>>>> Rephrased, we might ask
>>>>>>>> together ? what must a Registry or Registrar show ICANN
>>>>>>>> in support of
>>>>>>>> its claim that certain provisions involving Whois data
>>>>>>>> violate
>>>>>>>> provisions of national data protection and privacy laws?
>>>>>>>>
>>>>>>>> NCSG respectfully submits that there are at least four
>>>>>>>> ?triggering
>>>>>>>> events? that ICANN should recognize:
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> Evidence from a national Data Protection
>>>>>>>> Commissioner or his/her
>>>>>>>> office (or from a internationally recognized
>>>>>>>> body of national
>>>>>>>> Data Protection Commissioners in a certain
>>>>>>>> region of the world,
>>>>>>>> including the Article 29 Working Party that
>>>>>>>> analyzes the
>>>>>>>> national data protection and privacy laws) that
>>>>>>>> ICANN's
>>>>>>>> contractual obligations for Registry and/or
>>>>>>>> Registrar contracts
>>>>>>>> violate the data protection laws of their
>>>>>>>> country or their group
>>>>>>>> of countries;
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> Evidence of legal and/or jurisdictional conflict
>>>>>>>> arising from
>>>>>>>> analysis performed by ICANN's legal department
>>>>>>>> or by national
>>>>>>>> legal experts hired by ICANN to evaluate the
>>>>>>>> Whois requirements
>>>>>>>> of the ICANN contracts for compliance and
>>>>>>>> conflicts with
>>>>>>>> national data protection laws and cross-border
>>>>>>>> transfer limits)
>>>>>>>> (similar to the process we understand was
>>>>>>>> undertaken for the
>>>>>>>> data retention issue);
>>>>>>>>
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> Receipt of a written legal opinion from a
>>>>>>>> nationally recognized
>>>>>>>> law firm in the applicable jurisdiction that
>>>>>>>> states that the
>>>>>>>> collection, retention and/or transfer of certain
>>>>>>>> Whois data
>>>>>>>> elements as required by Registrar or Registry
>>>>>>>> Agreements is
>>>>>>>> ?reasonably likely to violate the applicable
>>>>>>>> law? of the
>>>>>>>> Registry or Registrar (per the process allowed
>>>>>>>> in RAA Data
>>>>>>>> Retention Specification); or
>>>>>>>>
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> An official opinion of any other governmental
>>>>>>>> body of competent
>>>>>>>> jurisdiction providing that compliance with the
>>>>>>>> data protection
>>>>>>>> requirements of the Registry/Registrar contracts
>>>>>>>> violates
>>>>>>>> applicable national law (although such
>>>>>>>> pro-active opinions may
>>>>>>>> not be the practice of the Data Protection
>>>>>>>> Commissioner's office).
>>>>>>>>
>>>>>>>> The above list draws from the comments of the European
>>>>>>>> Commission, Data
>>>>>>>> Retention Specification of the 2013 Registrar
>>>>>>>> Accreditation Agreement,
>>>>>>>> and sound compliance and business practices for the
>>>>>>>> ICANN General
>>>>>>>> Counsel's office.
>>>>>>>>
>>>>>>>> We further agree with Blacknight that the requirements
>>>>>>>> for triggering
>>>>>>>> any review and consideration by ICANN be: simple and
>>>>>>>> straightforward,
>>>>>>>> quick and easy to access.
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.3 Are there any components of the triggering
>>>>>>>> event/notification
>>>>>>>> portion of the RAA's Data Retention waiver process that
>>>>>>>> should be
>>>>>>>> considered as optional for incorporation into a
>>>>>>>> modified Whois Procedure?
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.3 Response: Absolutely, the full list in 1.1a above,
>>>>>>>> together with
>>>>>>>> other constructive contributions in the Comments and
>>>>>>>> Reply Comments of
>>>>>>>> this proceeding, should be strongly considered for
>>>>>>>> incorporation into a
>>>>>>>> modified Whois Procedure, or simply written into the
>>>>>>>> contracts of the
>>>>>>>> Registries and Registrars contractual language, or a
>>>>>>>> new Annex or
>>>>>>>> Specification.
>>>>>>>>
>>>>>>>> We respectfully submit that the obligation of
>>>>>>>> Registries and Registrars
>>>>>>>> to comply with their national laws is not a matter of
>>>>>>>> multistakeholder
>>>>>>>> decision making, but a matter of law and compliance. In
>>>>>>>> this case, we
>>>>>>>> wholeheartedly embrace the concept of building a
>>>>>>>> process together that
>>>>>>>> will allow exceptions for data protection and privacy
>>>>>>>> laws to be adopted
>>>>>>>> quickly and easily.
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.4 Should parties be permitted to invoke the Whois
>>>>>>>> Procedure before
>>>>>>>> contracting with ICANN as a registrar or registry?
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.4 Response: Of course, Registries and Registrars
>>>>>>>> should be allowed to
>>>>>>>> invoke the Whois Procedure, or other appropriate
>>>>>>>> annexes and
>>>>>>>> specifications that may be added into Registry and
>>>>>>>> Registrar contracts
>>>>>>>> with ICANN. As discussed above, the right of a legal
>>>>>>>> company to enter
>>>>>>>> into a legal contracts is the most basic of
>>>>>>>> expectations under law.
>>>>>>>>
>>>>>>>>
>>>>>>>> 2.1 Are there other relevant parties who should be
>>>>>>>> included in this
>>>>>>>> step?
>>>>>>>>
>>>>>>>>
>>>>>>>> 2.1 Response: We agree with the EC that ICANN should be
>>>>>>>> working as
>>>>>>>> closely with National Data Protection Authorities as
>>>>>>>> they will allow. In
>>>>>>>> light of the overflow of work into these national
>>>>>>>> commissions, and the
>>>>>>>> availability of national experts at law firms, ICANN
>>>>>>>> should also turn to
>>>>>>>> the advice of private experts, such as well-respected
>>>>>>>> law firms who
>>>>>>>> specialize in national data protection laws. The law
>>>>>>>> firm's opinions on
>>>>>>>> these matters would help to guide ICANN's knowledge and
>>>>>>>> evaluation of
>>>>>>>> this important issue.
>>>>>>>>
>>>>>>>>
>>>>>>>> 3.1 How is an agreement reached and published?
>>>>>>>>
>>>>>>>> 3.1 Response. As discussed above, compliance with
>>>>>>>> national law may not
>>>>>>>> be the best matter for negotiation within a
>>>>>>>> multistakeholder process. It
>>>>>>>> really should not be a chose for others to make whether
>>>>>>>> you comply with
>>>>>>>> your national data protection and privacy laws. That
>>>>>>>> said, the process
>>>>>>>> of refining the Consensus Procedure, and adopting new
>>>>>>>> policies and
>>>>>>>> procedures, or simply putting new contract provisions,
>>>>>>>> annexes or
>>>>>>>> specifications into the Registry and Registrar
>>>>>>>> contracts SHOULD be
>>>>>>>> subject to community discussion, notification and
>>>>>>>> review. But once the
>>>>>>>> new process is adopted, we think the new changes,
>>>>>>>> variations,
>>>>>>>> modifications or exceptions of Individual Registries
>>>>>>>> and Registrars need
>>>>>>>> go through a public review and process. The results,
>>>>>>>> however, Should be
>>>>>>>> published for Community notification and review.
>>>>>>>>
>>>>>>>>
>>>>>>>> We note that in conducting the discussion with the
>>>>>>>> Community on the
>>>>>>>> overall or general procedure, policy or contractual
>>>>>>>> changes, ICANN
>>>>>>>> should be assertive in its outreach to the Data Protection
>>>>>>>> Commissioners. Individual and through their
>>>>>>>> organizations, they have
>>>>>>>> offered to help ICANN evaluate this issue numerous
>>>>>>>> times. The Whois
>>>>>>>> Review Team noted the inability of many external bodies
>>>>>>>> to monitor ICANN
>>>>>>>> regularly, but the need for outreach to them by ICANN
>>>>>>>> staff nonetheless:
>>>>>>>>
>>>>>>>>
>>>>>>>> *Recommendation 3: Outreach*
>>>>>>>>
>>>>>>>> *ICANN should ensure that WHOIS policy issues are
>>>>>>>> accompanied by
>>>>>>>> cross-community*
>>>>>>>>
>>>>>>>> *outreach, including outreach to the communities
>>>>>>>> outside of ICANN with a
>>>>>>>> specific*
>>>>>>>>
>>>>>>>> *interest in the issues, and an ongoing program for
>>>>>>>> consumer awareness.*
>>>>>>>>
>>>>>>>> This is a critical policy item for such outreach and
>>>>>>>> input.
>>>>>>>>
>>>>>>>>
>>>>>>>> 3.2 If there is an agreed outcome among the relevant
>>>>>>>> parties, should
>>>>>>>> the Board be involved in this procedure?
>>>>>>>>
>>>>>>>>
>>>>>>>> 3.2 Response: Clearly, the changing of the procedure,
>>>>>>>> or the adoption of
>>>>>>>> a new policy or new contractual language for Registries
>>>>>>>> and Registrars,
>>>>>>>> Board oversight and review should be involved. But once
>>>>>>>> the new
>>>>>>>> procedure, policy or contractual language is in place,
>>>>>>>> then subsequent
>>>>>>>> individual changes, variations, modifications or
>>>>>>>> exceptions should be
>>>>>>>> handled through the process and ICANN Staff ? as the
>>>>>>>> Data Retention
>>>>>>>> Process is handled today.
>>>>>>>>
>>>>>>>>
>>>>>>>> 4.1 Would it be fruitful to incorporate public
>>>>>>>> comment in each of
>>>>>>>> the resolution scenarios?
>>>>>>>>
>>>>>>>> 4.1 Response: We think this question means whether
>>>>>>>> there should be
>>>>>>>> public input on each and every exception? We
>>>>>>>> respectfully submit that
>>>>>>>> the answer is No. Once the new policy, procedure or
>>>>>>>> contractual language
>>>>>>>> is adopted, then the process should kick in and the
>>>>>>>> Registrar/Registry
>>>>>>>> should be allowed to apply for the waiver, modification
>>>>>>>> or revision
>>>>>>>> consistent with its data protection and privacy laws.
>>>>>>>> Of course, once
>>>>>>>> the waiver or modification is granted, the decision
>>>>>>>> should be matter of
>>>>>>>> public record so that other Registries and Registrars
>>>>>>>> in the
>>>>>>>> jurisdiction know and so that the ICANN Community as a
>>>>>>>> whole can monitor
>>>>>>>> this process' implementation and compliance.
>>>>>>>>
>>>>>>>> Step Five: Public notice
>>>>>>>>
>>>>>>>>
>>>>>>>> 5.2 Is the exemption or modification termed to the
>>>>>>>> length of the
>>>>>>>> agreement? Or is it indefinite as long as the
>>>>>>>> contracted party is
>>>>>>>> located in the jurisdiction in question, or so long as
>>>>>>>> the applicable
>>>>>>>> law is in force.
>>>>>>>>
>>>>>>>> 5.2 Response: We agree with the European Commission in
>>>>>>>> its response,
>>>>>>>> ?/By logic the exemption or modification shall be in
>>>>>>>> place as long as
>>>>>>>> the party is subject to the jurisdiction in conflict
>>>>>>>> with ICANN rules.
>>>>>>>> If the applicable law was to change, or the contacted
>>>>>>>> party moved to a
>>>>>>>> different jurisdiction, the conditions should be
>>>>>>>> reviewed to assess if
>>>>>>>> the exemption is still justified.? But provided it is
>>>>>>>> the same parties,
>>>>>>>> operating under the same laws, the modification or
>>>>>>>> change should
>>>>>>>> continue through the duration of the relationship
>>>>>>>> between the
>>>>>>>> Registry/Registrar and ICANN. /
>>>>>>>>
>>>>>>>>
>>>>>>>> 5.3 Should an exemption or modification based on the
>>>>>>>> same laws and
>>>>>>>> facts then be granted to other affected contracted
>>>>>>>> parties in the same
>>>>>>>> jurisdiction without invoking the Whois Procedure
>>>>>>>>
>>>>>>>> 5.3 Response. The European Commission in its comments
>>>>>>>> wrote, and we
>>>>>>>> strongly agree: /?the same exception should apply to
>>>>>>>> others in the same
>>>>>>>> jurisdiction who can demonstrate that they are in the
>>>>>>>> same situation.?
>>>>>>>> /Further, Blacknight wrote and we support: /?if ANY
>>>>>>>> registrar in
>>>>>>>> Germany, for example, is granted a waiver based on
>>>>>>>> German law, than ALL
>>>>>>>> registrars based in Germany should receive the same
>>>>>>>> treatment.? /Once a
>>>>>>>> national data protection or privacy law is interpreted
>>>>>>>> as requiring and
>>>>>>>> exemption or modification, it should be available to all
>>>>>>>> Registries/Registrars in that country.
>>>>>>>>
>>>>>>>> Further, we recommend that ICANN should be required to
>>>>>>>> notify each gTLD
>>>>>>>> Registry and Registrar in the same jurisdiction as that
>>>>>>>> of the decision
>>>>>>>> so they will have notice of the change.
>>>>>>>>
>>>>>>>> We thank ICANN staff for holding this comment period.
>>>>>>>>
>>>>>>>> Respectfully submitted,
>>>>>>>>
>>>>>>>> NCSG
>>>>>>>>
>>>>>>>>
>>>>>>>> DRAFT
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> PC-NCSG mailing list
>>>>>>>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> PC-NCSG mailing list
>>>>>>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>>>
>>>>>>>
>>>>>> <NSCG DRAFT Comments for Review of WHOIS Consensus
>>>>>> Proceduresp+ad.doc>_______________________________________________
>>>>>>
>>>>>> PC-NCSG mailing list
>>>>>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>
>>>>> _______________________________________________
>>>>> PC-NCSG mailing list
>>>>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> PC-NCSG mailing list
>>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>
>>
>> _______________________________________________
>> PC-NCSG mailing list
>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>
>>
>> <NSCG Draft Comments for Review of WHOIS Consensus Procedure NCSG
>> Edits3 (00690163).DOC>_______________________________________________
>> PC-NCSG mailing list
>> PC-NCSG at ipjustice.org <mailto:PC-NCSG at ipjustice.org>
>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ipjustice.org/pipermail/pc-ncsg/attachments/20140731/902116b7/attachment-0001.html>
More information about the NCSG-PC
mailing list