Versions Compared

Version Old Version 175 New Version 176
Changes made by

Jean-Baptiste Deroulez

Jean-Baptiste Deroulez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Item #Source of RequestDate of RequestAction Item RequestAction OwnerRequest Clarified (link to email archive; date)Anticipated Completion Date
304#48

 

Stephanie to provide language update on Paragraph on "Possible Impact of GDPR and Other Applicable Laws Rec #4 Compliance: Stephanie to provide language update on Paragraph on "Possible Impact of GDPR and Other Applicable Laws "ICANN org

303#48

 

Send out a reminder on call for consensus at the end of this callICANN org

302#47

 

Operational Input

- All to review and confirm operational input is taken into account in report and recommendations.

All

301#47

 

Rec# #11 Common Interface

- ICANN org to follow up with Susan/Volker and see whether these two highlighted questions can be removed

ICANN org

300#47

 

Rec#10 Privacy/Proxy Services

Issue #1: leave it as is and remove comment.

Alan/ICANN org

299#47

 

Rec#5-9 Data Accuracy

- Alan to address section issues with Lili

Alan/ICANN org

298#47

 

Rec#4 Compliance

- Susan to review action items

- Alan to complete action item on paragraph on current situation, and consider GDPR control issues.


Susan

Alan



297#47

 

Rec#3: Outreach

- Add comment in the public comment tool rather than in the report

ICANN org

296#47

 

Single Whois Policy

- p3: "were suspended and later terminated due to the ongoing effort to adress GDPR" (+ remove paragraph afterwards)

- p4: remove dash after "In any event'"

- p4: delete highlighted section

p6: Move four bullet points to "research section", and report "none" under "Recommendations"

Alan/ICANN org

295#47

 

Strategic Priority

- p6 Alan to clean up wording on p6 "but that was in fact done"

- p9 Alan to update paragraph

- p10: replace most/many with "some"

- p12: add footnote on "soft policy "such as guidance documents, best practices."

- p13: add a note in the report "any timeline mentioned in the report make reference to when the board takes action."

Alan/ICANN org

294#46

 

Review team members/subject matter experts are invited to

  • review with care their sections in the report (looking for errors, inconsistencies)
  • confirm the section is consistent and tight, by Friday 18 January 2019 23:59 UTC. (Extra day allowed for Stephanie, considering the ePDP meeting)
  • come up with suggestions before plenary call #47 as to how the sections can be cleaned up.
ICANN org

293#46

 

WHOIS1 Rec #4: ComplianceUnder “Possible Impact GDPR and other applicable laws” Alan to add a paragraph on current situation pointing out the paradox of goodwill vs doing it properly. Add sentence on whether contractual compliance can verify compliance if they can't look at the data.

Alan

292#46

 

Subgroup 3 - Law Enforcement NeedsJackie to emphasize the "at minimum" sentence in rationale. Replace the "or" at the end of the 4th line with an "and".

ICANN org

291#46

 

WHOIS1 Rec #1 - Strategic Priority: R1.3should say "working group" not "Working Group"Review Team

290#46

 

WHOIS1 Rec #1 - Strategic Priority: R1.1, R1.2: Implementation section should say "working group" not "Working Group"Review Team

289#45

 

Alan/Jackie to review and clean up report sections.Alan/Jackie

288#44

 

Alan to insert  associated text in new CM.3.Alan

287#43

 

BY.1: Replace “Eliminate the reference” with “Extend the reference”, add “(which refers to the OECD Guidelines) after “replace section 4.6€(iii) of the ICANN Bylaws.”Review Team

286#43

 

CM.5: Numbering of recommendation should change to CM.3Review Team

285#43

 

SG.1: Alan to review body of the report with an eye to section 3.2 of the 2013 RAA.

Alan

284#43

 

LE.2

  • Add a clause for factoring costs/benefits in this recommendation.
  • Remove “extending” , and add “conducting comparable” in the recommendation.
Review Team

283#43

 

R11.1:  Language is accepted, with the addition that “should arise” to be changed with “be noted”Review Team

281#43

 

R10.1 Due to the many changes made to the recommendation, send out an email showing recommendation before and after changes.

Review Team

280#43

 

R3.2Remove “in light of GDPR-driven changes,”, and remove “effectively” in the original text. Move the reference to GDPR, and other substantial policy changes into the dialogue. Add ”in light of substantial policy changes, ICANN should consider the need for education.”

Review Team

279#43

 

R1.1 | R1.2: Cathrin/Dmitry to update surrounding text making sure that process will be more active for both ICANN and national stakeholders at least.Cathrin/Dmitry

278#43

 

Draft Report Updates to be completed by 21st of December 2018. Review Team

277#43

 

CM.5 Clarify in recommendation what a “risk base approach is”. Stephanie provided: “A risk-based approach simply means that you do a risk assessment before you take an action to determine whether it’s really necessary.”

Review Team

276#43

 

CM.3 Review team to use the GAC term, which is underserved regions, as there are some conflicting views on Global South.

Review Team

275#43

 

CM.1 Rephrase the recommendation so that the board decide how to best implement this recommendation.

Review Team

274#43

 

SG.1: Alan to add clarification as well as a reference to the RAA 2013 section 3.2.

Alan

273#43

 

LE.2

Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations. and to consider he review team’s recommendations.

Review Team

272#43

 

LE.1

  • Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations.
  • Review this recommendation and specify what we mean by regular, by perhaps clarifying recommendation itself and also adding a little rationale to explain the two reasons that review team see for conducting such surveys and studies, which are, A, to do an ex-ante impact assessment of projected new policies or prepare a review team, or B, to evaluate new policies once they are in place. 
  • Bring the above and survey questions to the EPDP (Alan) and GAC (Cathrin)
Review Team

271#43

 

Law Enforcement Needs: Clarify what regular refers to in the recommendations, and potentially refine the scope of the envisioned survey so that its purpose is well defined.Review Team

270#43

 

R4.2 Remove “Sanctions should be applied if significant deficiencies in RDS (WHOIS) data validation or verification are identified.” Or make it clear that we are talking about sanctions that are on the books.

Review Team

269#43

 

R1.3 Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations. Review Team

268#43

 

R1.1 | R1.2 

  • Recommendation refers to reports covering all the ongoing legislative initiatives, but in fact, should also identify previous legislative efforts across the globe.
  • Implementation note “review should be implemented as soon as possible and at the latest within 6 months” should be reviewed to factor in section 4.6 of the ICANN Bylaws where  the ICANN Board has six months within receipt of the final report to consider the review team’s recommendations. 
Review Team

267#43

 

Instead of trying to assign a high, medium or low priority, describe when RT believes this recommendation should be implemented and what the target completion date should be. Include a description of an ideal completion date recognizing some of the ongoing dependencies, and consideration should be given to resources (costs, community resources) that would be needed.

Review Team

266#43

 

Carlton to reword BY.1

Carlton

265#43

 

Objective 5: Safeguarding Registrant Data

  • Reply to I2C comment: “we support compliance with law and support compliance with ICANN contracts.”
  • Reply to BC comment “RT is specifying that they believe ICANN org must be notified of data breaches. Review team is saying use reasonable industry standards in protecting data.”
Review Team

264#43

 

Susan/Jackie to rework some of the basic language  in this section to lead it up to that recommendation.

Susan/Jackie

263#43

 

LE.2

  • Response to ALAC comment: “The only way that they do that is their results may cause entities to take action which may enhance law enforcement activities. There is no direct connection, it depends on the details. Such enhancements may not be possible.”
  • Response to I2C comment: “regular basis was our best attempt at identifying a group of people who often work in conjunction with law enforcement but not on a formal basis”.
  • Response to NCSG comment, add a clause “factoring costs/benefits analysis”. Also, reword the recommendation to define what “extend” means.
  • Response to DNRC comment: “RT is not clear as to how your comment responds to the possibility of polling the third parties that are not law enforcement agencies. We are not proposing noncompliance with law, we are proposing an assessment of needs.”
  • Response to RrSG comment: Review team will consider extending concept  of surveys and studies but not the pool of the survey takers.
Review Team

262#43

 

LE.1

  • Reply to RySG, BC and ALAC comment: Noted, and Cathrin to work with Jackie to add clarifying text/update rationale to reflect difference between use of surveys and studies. Surveys and studies may allow us to recognize we have to make changes and that is a multi-stage project.
  •  Reply to RrSG comment: RT takes this comment onboard, the need should be addressed in future iterations.
  • Reply to NCSG comment: MSSI to estimate number of hours spent on the LE survey in response to NCSG request for estimated cost associated with conducting the survey.
Review Team

261#43

 

Law Enforcement Needs: reply to BC comment: As representation of the community, we tried to formulate the questions in a nonbiased manner.Cathrin to provide language.Cathrin

260#43

 

R15.1

  • RT to add a sentence to that effect, focusing on outcomes and effectiveness on an annual report basis.
  • Stephanie to liaise with Jackie on adding a sentence in recommendation to amplify the impact evaluation. “The impact evaluation not being just greater accuracy for the benefit of third parties seeking data from ICANN, but response burden on the contracted parties that inevitably winds up for higher cost for end users.”

Review Team

Stephanie

Jackie



259#43

 

R11.2: RySG comment: Complete agreement and certainly in line with what RT  were imagining would be done, even though RT is not recommending what to change the name of the page to.

Review Team

258#43

 

R11.1:

  • ALAC comment: At this point, there is data available and lawfully available that the portal is not delivering, and RT believes  that needs to be rectified and not wait for things to change. The portal may well have to change going forward, but not delivering data currently implies broken,  RT stands by the current request to do this in a shorter term.
  • BC/NCSG Comment: RT to respond to these two comments, but no action taken to change the recommendation. 
Review Team

257#43

 

R10.1: Recommendation stands but need to make sure wording is clear. Review Team

255#43

 

CM.4: Alan to write to ICANN org Compliance and negotiate language to be added to relevant page(s). If successful, recommendation will be deleted.Alan

254#43

 

Recommendation CM.3 to be deleted. Alan to add this as a more targeted outreach in the relevant recommendation. The existence of ARS is not relevant in the future and this item will be moved under outreach.

Alan

253#43

 

Volker to add more details to CM.2 to clarify the registrant fields being addressed in the recommendation. Additionally, the whole recommendation should be reworded to better convey intent. Alan and Volker to re-write.Volker

252#43

 

Alan to reword CM.1 so that it does not say “the Board should negotiate …”. The goal is to ensure the recommendation is not dictating a PDP but suggesting a change somehow.

Alan

251#43

 

CM.1: reply to RrSG public comment: The only mechanisms by which ICANN can change a contract are through negotiations or, if applicable, a PDP and we are simply giving the board full latitude to use whatever tools are available.Review Team

250#43

 

Objective 6: Contractual Compliance Actions: public comment from Domain Name Rights Coalition: Review team is not aware that we are recommending brute force enforceability and anything relating to suspending domains other than what is in our current policies. Review team is not aware of any abuse issues of the ARS because the data in the ARS is randomly sampled. The review team is not aware of the legal issues surrounding unilateral release of the domain name, it is an option given to the complainant currently.

Review Team

249#43

 

R4.2 (NCSG) Given that the ePDP changes have not been implemented, this RT is not able to make a recommendation for enforcing new requirements that have not been finalized yet.Review Team

248#43

 

R4.2 (DNRC): What is in the WHOIS database, whatever will be available after RDS changes have been implemented, still needs to remain accurate.

Review Team

247#43

 

R4.2 (I2C & RrSG) Noted. RT will take this under consideration.Review Team

246#43

 

Volker and Alan work on rewording R4.2 and add some metrics in for measurability and success of implementation.Volker/Alan

245#43

 

R4.1 (NCSG comment) RT is not advocating random sampling of the data. We are suggesting looking at Rr X based on number of complaints received.Review Team

244#43

 

R4.1 (RrSG and NCSG comments) Volker to provide language (suggested text: “Enforce registrar obligations with regard to RDS data accuracy requirements.”) to update recommendation 4.1 based on RrSG and NCSG comments.

Volker

243#43

 

R4.1 (DNRC Public Comment):Report in Public Comment form “as we read this, you’re requesting that we essentially ignore certain current contractual terms. That would require policy change and that is outside of this review’s scope”

Review Team

242#43

 

R4.1 (DNRC Public Comment): Volker to provide language to update recommendation 4.1, adding a limitation “use incoming complaints to proactively monitor” to make sure that the recommendation itself states this limitation in scope.Volker

241#43

 

R4.1: Clarify that ICANN will not go on face-finding missions but use the information they currently have on hand (input received). Clarify that Compliance enforces Registrars to enforce data accuracy for registrants.Review Team

240#43

 

R5.1 (NCSG comment): The data will be lawfully available by some means and it is for those who will have access that the accuracy matters. Cathrin will include citations from GDPR that will address this.Review Team

239#43

 

Double check whether the recommendation number R5.1 was in response to whois1 rec5 or rec 5-9. Adjust numbering as needed.

Review Team

238#43

 

R5.1: Add a bookmark “if indeed it is conceivable that the outcome of ePDP is that the work that Compliance does today becomes more complex than it currently is, compliance must be properly resourced to do its job.” Wording to be discussed.Review Team

237#43

 

Mark BC public comment as noted, and include in recommendation rationale that of course one benefit of greater data accuracy would be that we could be more confident in distinguishing as appropriate according to the new rules as to whether you're dealing with a legal entity and where that entity sits.Review Team

236#43

 

Data accuracy: Cathrin to phrase a reply to RrSG public comment. Cathrin to provide Jackie with the correct references.Cathrin

235#43

 

R3.2: NCSG comment: Alan to work with Jackie on rewording of the recommendations to clearly articulate the need for outreach before and after RDS changes are finalized.Alan/Jackie

234#43

 

R3.2: RrSG comment: add implementation note, that the RT does not have any input on ICANN budgetReview Team

233#43

 

R3.1: NCSG comment: Need to be updated to Neutral, instead of Disagreement. Suggested response to PC: RT is sympathetic to the concerns expressed by NCSG. However, overall ICANN comment is larger and out of scope for this review. ICANN org has initiated the ITI project to address the overall website issue.  Review Team

232#43

 

Outreach: Domain Name Rights Coalition comment: Alan to clarify that there has been a lot of internal communications within ICANN engagement groups, but it’s clear that there's a certain disconnect with the areas.

Review Team

231#43

 

Comments from NCSG on R1.1, R1.2 and R3.1 need to be updated to Neutral, instead of Disagreement in the public comment summary.ICANN org

230#43

 

R1.3: Reform it to say any “board working group” and any group that is focusing on RDS issues should be made public and not make specific reference to a particular WG.Review Team

229#43

 

R1.1, 1.2 (NCSG): In the implementation, do a request to make such reports to the ICANN Board public as appropriate.Review Team

228#43

 

R1.1, 1.2 (NCSG): Reaffirm/strengthen strategic priority, making sure that in the implementation note, the reference to dialoging with stakeholders is there, and it should not be purely the board acting unilaterally.

Review Team

227#43

 

R1.1, 1.2 (NCSG): In the implementation note, review team will appreciate further updates were also given on how previous recommendations from the WHOIS1 review team have been followed up on, in particular where the implementation checks that they did show deficiencies, as it is for the strategic priorityReview Team

226#43

 

Add explanation in the report on recommendations numbering

Alan

224#43

 

Review and update glossary

ICANN org/Jackie

223#42

 

ICANN org to act on NCSG comments on draft report clarity, in preparation of the face-to-face meeting.

ICANN org

222#42

 

Review team to consider extending coverage of the recommendation R1.2  to the council as well.

Review Team

221#42

 

Emphasize in recommendation R1.1 that the focus should be global as opposed to either just Europe or just the US.

Review Team

220#42

 

Reword recommendation BY.1 to make sure that ““safeguard registrant data” are incorporated into it. 

Review Team

...