ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
SectionTemp Spec TextRevised draft (not final language)CommentRegistrar PurposeRegistry PurposeICANN PurposeThird Party InterestsInput on whether "x" has been properly allocated (make sure to add your initials and affiliation)Input on revised draft language (make sure to add your initials and affiliation)Other comments / suggestions (make sure to add your initials and affiliation)
2
Alex-IPC: Regarding the heading of Column H. In the July 5 Letter from Jelinek to Marby, the EDPB states “There are processing activities determined by ICANN, for which ICANN, as well as the registrars and registries, require their own legal basis and purpose, and then there are processing activities determined by third parties, which require their own legal basis and purpose”. Column H should be “Purposes determined by 3rd Party Interests”.
3
4/4/2001Reflecting the rights of a Registered Name Holder in a Registered Name and ensuring that the Registered Name Holder may exercise its rights in respect of the Registered Name;unalteredxxxAlex-IPC: Agree; Margie- BC- agreeShould a Registered Name Holder Column be added? Note that purposes only need to be identified for data controllers. (from 11/9 meeting) - Margie- BC - yes the RNH should be added for this purpose
4
4/4/2002Providing access to accurate, reliable, and uniform Registration Data based on legitimate interests not outweighed by the fundamental rights of relevant data subjects, consistent with GDPR;Providing access to accurate, reliable, and uniform Registration Data consistent with GDPR;Parked until we get to disclosureAlex-IPC: ICANN and Third Party purpose; Margie -BC, Add Agree with new text, but add Registry, ICANN and 3rd Party purposesAlex-IPC: The EPDP charter (Part 1 (a)) indicates that questions related to Purposes (Sections 4.4.1-4.4.13) must be answered before work on a standardized access model can commence. It goes on to say that purposes relating to access “will inform decisions about how personal data in registration data is processed. Because providing access to non-public Registration Data is a processing activity, there must be a legitimate purpose(s) with corresponding legal basis(es) established prior to granting such access.” As such the charter is explicit that the purpose described in Temp Spec Section 4.4.2 can’t be “parked” and must be defined by the EPDP as a pre-requesite to further discussions on policy and methods/frameworks related to access.
5
4/4/2003Enabling a reliable mechanism for identifying and contacting the Registered Name Holder for a variety of legitimate purposes more fully set out below;Enabling a reliable mechanism for contacting the Registered Name Holder;This has been split into two purposes to separate "contacting" from "identifying" xxAlex-IPC: This should be an ICANN Purpose also; Margie-BC add ICANN & RegistryI assume that by omitting "based on legitimate interests" we are putting the base for the data processing as all the lawful bases mentioned under article 6.1 of the GDPR, which legitimate interest is only one of (Hadia, ALAC)
6
Enabling a reliable mechanism for identifying the Registered Name Holder;xAlex-IPC: This should be an ICANN Purpose also; Margie-BC add ICANN & Registry AE/NCSG: Don't understand how identification of the Registered Name Holder assists in fulfilling any of the below purposes. A reliable means to contact the RNH should be enough.FB/NCSG agreed with Amr.FB/NCSG: [Enabling a reliable mechanism for identifying the registered domain name holder is only third party legitimate interest. So this has to be discussed in access segment for access to WHOIS data. Not now.]
7
4/4/2004Enabling a mechanism for the communication or notification of payment and invoicing information and reminders to the Registered Name Holder by its chosen Registrar;Purposes relating to payment and invoicing should not be covered by an ICANN policy. It is a purpose pursued by the registrar outside the scope ofthis work and should neither be mandated nor enforced by ICANN. Additionally, invoicing to the whois contacts is not occuring in practice. Invoices are directed at account holders or resellers. Margie: BC - this is needed for escrow purposes in the event of failure of the registrar but not be part of WHOIS/RDDS registry for registrant protection purposes. The policy should require it to remain included in Escrow.
8
4/4/2005Enabling a mechanism for the communication or notification to the Registered Name Holder of technical issues and/or errors with a Registered Name or any content or resources associated with such a Registered Name;Enabling a mechanism for the communication or notification to the Registered Name Holder of technical issues with a Registered Name xxxAE/NCSG: Do not believe this should be listed as a third-party interest, so long as we are only discussing purposes for collection and other processing, but not disclosure/access. Important not to conflate ICANN's or Registrars' purposes for collection and processing (other than disclosure) with purposes of third-parties. The same could be said for other purposes within this exercise.Margie BC: Disagree with the new text-- content is relevant for the UDRPs/URSs and to resolve issues related to content that appear on the website. This doesnt mean that ICANN is making policy regarding resolving content issues beyond the UDRP/URS, but simply that WHOIS can be used to contact the registrant to resolve issues related to the content on the website. Alex-IPC: Responding to Amr's comment see my comment to 4.4.2 above. This exercise is to define purposes for processing - all types of processing. As such we must define purposes for access, per charter.
9
4/4/2006Enabling a mechanism for the Registry Operator or the chosen Registrar to communicate with or notify the Registered Name Holder of commercial or technical changes in the domain in which the Registered Name has been registered;Might not be necessary as contacting the registrant is already covered and since the registrars typically go to the account holder.
10
4/4/2007Enabling the publication of technical and administrative points of contact administering the domain names at the request of the Registered Name Holder;Allowing the Registered Name Holder to provide optional additional data for Admin-C and Tech-CxxxxAlex-IPC: Agree; Margie - BC - agree that the tech/admin should be optional but that at least 2 contacts should be required for security purposes;
11
4/4/2008Supporting a framework to address issues involving domain name registrations, including but not limited to:Supporting a framework to address issues involving domain name registrations:The purposes in this section need to be further specified. Another team is working on this.Alex-IPC: Agree; Margie- BC - agreeAlex-IPC: See discussion/work on the update to this section on the list.
12
4.4.8 (a)consumer protectionxxx has been properly allocated (HE)
13
4.4.8 (b)investigation of cybercrimexx
14
4.4.8.(c)DNS abusexxxxx has been properly allocated (HE)
15
4.4.8 (d)intellectual property protection intellectual property protection by means of URS and UDRPxxx has been properly allocated (HE)Margie: BC - its more than URS/UDRP, use of the WHOIS for IP related litigation too
16
4/4/2009Providing a framework to address appropriate law enforcement needs;Enabling the prevention and detection of cybercrime and illegal DNS abuse to promote the resilience, security, stability and/or reliability of the DNS and the Internet.  Enabling the prevention of unlawful conduct to meet the legitimate needs of law enforcement and public authorities promoting consumer trust in the DNS and the Internet and safeguarding registrant data.The proposed edits set by Ashley may allow for the deletion of other purposes.xxAlex-IPC: Agree; Margie - BC agreeAE/NCSG: The issue of disclosure of Registration Data in relation to competent authorities should be deferred until we deliberate on purposes for access, but generally, I believe the revised language is far too broad, and goes beyond the scope of ICANN's mission, particularly when focusing on purposes for collection and processing of data for purposes other than third-party access.FB/NCSG: [I would like to know what Ashley means when she says "ilegal DNS abuse". So it has to be based on applicable law? Good. Which law? but which law?
Safeguarding registrants data is in to address apprpriate law enforcement needs?
Public authorties added. (danger zone)
Again unlawful conduct. so this is based on the applicable law then?
I would like to know what is "consumer trust" in the DNS. I also want to know how this is an ICANN purpose when it says "consumer trsut in the DNS and the Internet". In the DNS, ok. but the Internet as a whole?]
17
4/4/2010Facilitating the provision of zone files of gTLDs to Internet usersdelete?Is there any document explaining why wide access to zone files is required? The contract between registrant and registrar does not require that and it is difficult to determine whose interests are concerned. Alex-IPC: Should be an ICANN and Third party purpose (assuming it is not deleted)
18
4/4/2011Providing mechanisms for safeguarding Registered Name Holders' Registration Data in the event of a business or technical failure, or other unavailability of a Registrar or Registry Operator;xx has been properly allocated
Alex-IPC: It seems this safeguarding applies to R&R's also. Margie- BC: agree with Alex
19
4/4/2012Coordinating dispute resolution services for certain disputes concerning domain names;Coordinating dispute resolution services for disputes concerning domain names;Duplication w. 4.4.8.Alex-IPC: ICANN and Third Party Purpose.; Margie: ICANN and Third party purposeAlex-IPC: Seems very vague. Needs to be updated to be more secific/concrete.
We need to make sure that the redrafting of 4.4.8 covers this (HE-ALAC); Margie: BC -- this needs to reference UDRP and URS
20
4/4/2013Handling contractual compliance monitoring requests, audits, and complaints submitted by Registry Operators, Registrars, Registered Name Holders, and other Internet users.Is there any document describing why and what data is required to perform those tasks?xx has been properly allocated
Alex-IPC: Agree; Margie BC -- Add 3rd Party Interest, registry and registrars
Third parties need to be able to access WHOIS as relevant to the contractual compliance complaints they bring to ICANN's attention; registries/registrars have to access if they are involved in the compliance inquiry
21
22
Added purposes:
23
Operating a central repository of registration data for a given TLD to be able to help resolve ownership disputesx
24
Being able to identify patterns of abusive registrations See Spec 11 of the new gTLD Agreementxxxx has been properly allocatedBeing able to identify patterns of abusive registrations is a technique not a purpose. As such, consider removing this purpose. (from 11/9 meeting)
[FB/ NCSG: Note that spec 11 is not in ICANN mission. ICANN only instructs the registries to include a provision in their agreement that prohibits the registrants from carrying out a bunch of things.Spec 11 has many terrible things that if we allow them use invoke it now we have lost. It has copyright, counterfeiting et language. Research access is vague, how is it in ICANN mission. ]
25
Supporting a framework for research access;xxx has been properly allocated (HE-ALAC)AE/NCSG: Purpose not specific enough. ICANN and contracted parties should not have this as a purpose, except under specific circumstances. For example, a CCT-RT may recommend that ICANN conducts research using Registration Data, but unless there are specific purposes accompanied by a legal basis for collection and processing (other than access) of data relevant to third-parties, this should be removed.
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100