Data Protection/Privacy Update Webinar. 2 February 2018

Transcription

1 Data Protection/Privacy Update Webinar 2 February

2 Comment Type Total Comments on ICANN-Proposed Models & Community-Submitted Models 65 (60 published, 1 pending publishing confirmation, 4 not published by request) Comments on Hamilton Legal Analysis 9 2

3 3

4 A B C D E F G H I J K L M Working Draft n-paper -- Selected Interim GDPR Compliance Models & Comments 1 2 as of 1 February 2018 Orange = More substanial change from status quo Green = Greater preservation of status quo Data Collection, Processing, and Retention ECO Electronic Frontier Foundation ICANN Model 3 ICANN Model 2B ICANN Model 2A AppDetex ICANN Model 1 IPC GAC ithreat Coalition for Online Accountability Felman 6 Collection from Registrant to Registrar Minimal collected from registrant - do not collect Admin and Tech contact info Full Thick Data Full Thick Data, except no registrant address Unclear, but implies full collection of Thick Data. ICANN Org or its agent would have some role in redaction of personal Data Transfer from Registrar to Registry Data Transfer to Escrow Agents Data Retention Applicability Must transfer Thin. Permits, but does not require, transfer of registrant Registrar: transfer Minimial collected Registry: transfer Thin + registant if received from registrar Eliminate ICANN retention requirements Life of registration + 60 days Life of registration + 60 days Full transfer of Thick Data Full transfer of existing registration Life of registration + 1 year Life of registration + 1 year Life of registration + 2 years Life of registration + 2 years (te: existing 1-year waivers for European registrars would be preserved) Life of registration + 2 years Life of registration + at least 2 years t addressed by model t addressed by model t addressed by model As long as needed to fulfill specified purposes Unclear, but implies full transfer of Thick. ICANN Org or its agent would have some role in redaction of personal. Registrants who are natural persons would have transferred by ICANN to escrow agent t addressed by model 11 Must Model be applied globally or to European Economic Area? Global [te: Unclear, but seems to imply global applicability.] Global Global Global European Economic Area European Economic Area European Economic Area European Economic Area European Economic Area European Economic Area European Economic Area European Economic Area Registrant Types Affected and legal persons and legal persons and legal persons and legal persons and legal persons and legal persons and legal persons Layered/Tiered Access to WHOIS Public WHOIS Yes, two layers/tiers (Public WHOIS and n-public WHOIS) Registrant Name in Public Registrant Postal Address in Public Yes Yes Yes Yes Yes Yes persons may opt-out of ICANN for approval to redact personal publishing personal persons may opt-out of publishing personal. However, must publish state/province and country ICANN for approval to redact personal 17 Registrant in Public Yes Yes persons may opt-out of ICANN for approval to redact personal publishing personal 4 4

5 1 2 A B C D E F G H I J K L M Working Draft n-paper -- Selected Interim GDPR Compliance Models & Comments as of 1 February 2018 Orange = More substanial change from status quo Green = Greater preservation of status quo 3 4 ECO Electronic Frontier Foundation ICANN Model 3 ICANN Model 2B ICANN Model 2A AppDetex ICANN Model 1 IPC GAC ithreat Coalition for Online Accountability Felman 5 Registrant Phone and Fax in Public persons may opt-out of ICANN for approval to redact personal publishing personal 18 Admin and Tech Contact Names in Public persons may opt-out of ICANN for approval to redact personal publishing personal Admin and Tech Contact Postal Addresses in Public persons may opt-out of publishing personal. However, must publish state/province and country ICANN for approval to redact personal Admin and Tech Contact Addresses in Public Yes Yes Yes Yes Yes Yes ICANN for approval to redact personal Admin and Tech Contact Phone in Public Yes Yes Yes persons may opt-out of ICANN for approval to redact personal publishing personal Registrar Must Offer Registrant an Opt-in to Publish Additional Data in Public Yes Yes Yes Yes Yes Yes Yes t addressed by model Yes Yes Yes n-public WHOIS Self-certification Access to n-public. Create anonymized e- mail address or a web. Access via legal due form to contact registrant process Accredation Program for Access to npublic Yes, accrediation program for limited user groups. Access via legal due process. Access via legal due process. Access via legal due process Yes on interim basis, subject to registry/registrar balancing of requestor's legitimate interest against subject's rights/freedoms Yes, accrediation program to be developed in consultation with the GAC Yes on interim basis, subject to registry/registrar balancing of requestor's legitimate. Create anonymized interest against subject's address or a web form to rights/freedoms contact registrant Yes, accrediation program to be developed in consultation with the GAC Yes, accrediation program similar to Expert Working Group recommendations (access given at level appropriate for each user and stated purpose) Yes, subject to registry/registrar balancing of requestor's legitimate interest against subject's rights/freedoms Yes, for blanket access (no balancing required) unless limited exceptions apply Yes Yes on interim basis, for blanket access (no balancing required) unless limited exceptions apply t addressed by model Yes, subject to registrant's right to object to providing n-public WHOIS Yes, accrediation program to be developed in consultation with t addressed by model the GAC and other stakeholders Yes, accrediation program based on existing processes of EU cctlds 5 5

6 Questions and Answers Please submit your question via the Adobe chat room. 6