The next GNSO Next-Gen RDS PDP Working Group teleconference is scheduled for Tuesday, 3 May at 16:00 UTC for 90 minutes.

09:00 PDT, 12:00 EDT, 17:00 London, 18:00 CEST

For other times: http://tinyurl.com/j28xaqs

Proposed Agenda for RDS PDP WG meeting on 3 May at 16.00 UTC:

1. Roll Call / SOI
2. Update from sub-teams - overview of final template (sub-team leads) - See

• RDSPurpose-InputsSummaries-1May.pdf
• RDSData-InputsSummaries-1May.pdf
• RDSPrivacy-InputsSummaries-1May.pdf

3. Review updated mind map (revised)
See RDS-PDP-Phase1-FundamentalQs-SubQs-MindMap-2May 2016.pdf

4. Update from chair on latest version of work plan

5 Outreach to SO/ACs/SG/C to request early input (revised)
See RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf

6. Helsinki meeting planning

7. Confirm next steps & next meeting

Mp3

Transcript

AC Chat

Attendance

Joining late: 

Apologies: Ayden Férdeline, Stefania Milan, Susan Prosser, Andrew Sullivan, Amr Elsadr, Richard Leaning, Peter Kimpian, Olevie Kouami

On audio only: None

Notes and Action Items

1.   Roll Call / SOI

2.   Update from sub-teams - overview of final template (sub-team leads) 

• Thanks to all sub-teams for their work in pulling together inputs and summarizing them
• We are now regrouping as a full WG and will start with an update from each team leader on the sub-team outputs
• Data Sub-Team Readout:   RDSPurpose-InputsSummaries-1May.pdf

 - A couple of summaries still pending but will be added in the next couple of days
 - Quite a lot of information there to help bring WG members up to speed on inputs relevant to RDS requirements related to data elements

• Purpose Sub-Team Readout:   RDSData-InputsSummaries-1May.pdf

 - Excellent support from sub-team members and staff
 - For those who haven't participated in the discussion of purporse of registration data, the sub-team's output includes summaries of 30-40 documents relevant to the question of purpose
 - They include A29, 2009 European charter on fundamental data rights, the WHOIS RT 2012 was cited a lot in our work, the EWG recommendations was probably the most controversial, and the SAC055 report was also helpful. If I was new to this, I would review those first but others summarized by the purpose team are also helpful for this question
- Additional comments from purpose sub-team members:
- Purpose is a term of art/legal term in the EU under the EU Data Protection Directive and others, it has been interpretted carefully by the A29 WP in a lengthy opinion. Doc is included in the list and was summarized by Stephanie
- Another member got the impression from the documents reviewed that the purpose definition was quite broad. We should all look at the text before we make judgments about how narrow/specific something is  

• Privacy Sub-Team Readout:  RDSPrivacy-InputsSummaries-1May.pdf

- Privacy team identified and summarized many documents - a good bit of overlap with the Purpose list but often summarized by different people from different perspectives, so useful to read all summaries of same input
- Among the inputs identified as most relevant by the sub-team are: SAC054, EWG recommendations, EU Data Protection Directive, Council of Europe's Treaty 108, Professor's Greenleaf's articles on trends and laws, A29 Opinion 2/2003 on the application of data protection principles to WHOIS directories, the Thick WHOIS PDP report and legal review provided to the implementation review team, other A29 correspondence with ICANN. Two additional inputs were flagged as highly relevant by some but not all agreed: Schrems v. Data Protection Commissioner (2015) and McIntyre v. Ohio Elections Commission.
- Additional comments from purpose sub-team members:
- Stephanie is still working on summary of A29 Opinion 6/2004 on the legitimate interests of data controllers w/r/t any impact that new EU data protection regulations may have on this opinion
- As additional documents become relevant to our work, they will need to be taken into account
- See Professor Greenleaf's article and summary for information on emerging trends as well as comprehensive list of data protection laws
- Purpose and Privacy overlap - can be helpful to look at purpose through the prism of DP laws
- Chat comments on this topic from other WG members:
- Data protection regulation will supplant the framework directive, not coexist with it.  (Once the regulation comes into force in 2018)
- Article 29 WP 76 Opinion 2/2003  is in the summaries and does say "registration of domain names by individuals raises different legal considerations than that of companies or other legal persons registering domain names" ... "the publication of certain information about the company or organisation (such as their identification and their physical address) is often a requirement by law in the framework of the commercial or professional activities they perform
- Should the privacy team should include more documents about limitations of privacy rights?  Article 29 WG in 2006 stated that companies do not necessarily have a right to privacy and that imposes an obligation on us to explore that limitation and others"
- Should the privacy team add some of the legal analysis that was presented to the PPSAI group?
- There are really two issues in the quesion: what data is needed (purpose of collecion will focus on why the information is collected) and then what of that information should be available - and to whom
- Does any data currently collected and disclosed via Whois meet the EU definition of "senstitive data"?
- It's not just the privacy of individuals that is protected under data protection laws, but of course, that of human rights groups, minority political groups, minority ethnic and sexual groups. This is covered in the privacy sub-team's summaries, which sub-team members may highlight after the call. 
- Should we make a distinction between personal data of individuals and data from a company or commercial enterprise?
- Re: privacy, UN’s website on Right to Privacy in the Digital Age states that the “right to privacy under international human rights law is not absolute” and one can interfere with the right to privacy where it’s necessary, legitimate, and proportional." and all I've read in A29 seems to support this
- Article 19 - Freedom of Expression extends to organizations as well as individuals (and many organizations are organized as "companies" for tax purposes).
- How does Freedom of Expression relate to registration data?
- Noted that protection of human rights is not included in the privacy group's summaries.
- Human rights protections must be considered, but constitutional proections vary from place to place and aren't universally adopted. 
- Are we conflating two principles? Question as to whether chat accurately reflects A29 Opinion. All WG members should review A29 opinions and all sub-team summaries of them.
- We may need to introduce some nuance into how we talk about individuals vs companies' right to privacy. 
- "Sensitive speech:" also has privacy protections, especially when the organizations are engaged in categories of expression protected under law.
- National law provides more rights to employees in some jurisdictions than in others....but that does not invalidate the principle that we must consider the implications of protection, use and disclosure on groups and individuals.

• All of these sub-team outputs were created to inform the full WG as it continues its phase 1 work.
• Thank you to the sub-teams. While more summaries can always be added as further key inputs are identified, this initial sub-team assignment has now been completed.
   
• Question: New RAA includes additional requirements w/r/t data collection, how will this PDP WG's recommendations impact those requirements?
  Answer: Registries and registrars have an obligation to follow consensus policies and commit to following them even before we know what they'll be. 
  In this PDP WG"s phase 1 work, the WG will make a recommendation about whether a new RDS is needed or WHOIS can be modified to meet requirements, as well as whether to continue to phases 2-3 to make policy recommendations. 
  Phase 2 will draft new consensus policies, phase 3 implementation guidance. 
  This PDP WG will make recommendations for consensus policies, give those to the GNSO council. 
  The GNSO council will decide whether to recommend adoption to the board.
  Only when the board approves the recommended consensus policies do they then get implemented into the registry and registrar agreements. 
  This long process can change future contractual requirements - new consensus policies would be incorporated into agreements with registries and registrars. 
  Part of the board's motion to adopt new consensus policies typically tasks staff with making adjustments to contracts and forming an implementation review team to implement the new policies in as efficient and timely manner as possible. 
  No need for renegotiation of agreements.
  From Chat: For example, see Section 2.2 of Registry Agreement: Compliance with Consensus Policies and Temporary Policies.  Registry Operator shall comply with and implement all Consensus Policies and Temporary Policies found at <http://www.icann.org/general/consensus-policies.htm>, as of the Effective Date and as may in the future be developed and adopted in accordance with the ICANN Bylaws, provided such future Consensus Polices and Temporary Policies are adopted in accordance with the procedure and relate to those topics and subject to those limitations set forth in Specification 1 attached hereto (“Specification 1”).  

3.   Review updated mind map (revised)

• See RDS-PDP-Phase1-FundamentalQs-SubQs-MindMap-2May 2016.pdf 
• Mind map is a tool to visualize the different elements that are contained in our charter.
• The map has the first 5 questions, some of the sub-questions contained in the charter and issue report, and some initial inputs.
• This update adds the most relevant documents identified by each of the sub-teams, along with links to the full outputt of each sub-team.
• The update also includes #s in order of charter simply to enable reference during discussion but can be changed as the result of WG discussion.
• Specifically: the changes made are to Key Inputs for Purpose, Data Elements, and Privacy, expanding the list to include the documents that each sub-team identified as most relevant. Other documents are included in linked material, also relevant to each of those questions.
• Also, added an explicit note at upper left of map indicating that charter questions are numbered as ordered in the charter and process framework. The order is subject to change by the WG.
• Question: I thought we had removed the numbers for each question.
  Answer: Chuck wanted numbers there so that we see how questions are ordered in the charter with the understanding that the WG can reorder and then renumber the questions based on discussion. This has been noted on the mind map.

4.  Update from chair on latest version of work plan

• Intention was to have revised work plan ready for review by WG during this call - still working on it, should be ready later this week.
• The work plan has been updated with a few changes to reflect the past month's work by sub-teams and corresponding changes to dates and next steps.
• The leadership team hopes to address one open item and then get an updated draft work plan out to the full WG well in advance of the next WG call to give everyone time to consider and prepare for discuss during next week's call.
• The bulk of next week's call may be focused on discussing and finalizing the work plan, in advance of taking the next step.
• The next step currently proposed is to gather potential or possible requirements in preparation for WG deliberations.
• All should be thinking about possible requirements based on all of the inputs identified so far.
• Part of the benefit of the sub-team work is to inform the full WG on the work plan, including the order of the questions and what we might look at first. This will likely be a major topic of discussion in next week's WG call.
• Comment: The business of following a logical order in the work plan is nice but the problem is that these questions are inter-related and the work is inherently cyclical. For example, as we work on any question, we may have to stop and look at definitions of other questions.
• It would easiest if we could do this in a totally linear way but that will not be possible - in fact, this is noted in charter and process framework. But what we want to do in the work plan is organize our phase 1 work to be more effective. We can highlight this in our work plan, and it will be true all the way through. In fact, we may even run into snags with phase 1 recommendations after we begin phase 2 and have to iterate a little bit there - hopefully minimal, but we do need to accept iteration will be needed.
• Chat Comment: WHOIS efforts have stalemated before. And the world is a lot more complex now. This will not be easy, but we HAVE to succeed.

5   Outreach to SO/ACs/SG/C to request early input (revised)

• See RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf 
• We are at a point now where we an do early outreach to SOs, ACs, GNSO SGs/Cs, and perhaps broader community to gather input to inform the WG.
• Draft prepared by leadership group for WG review and comment.
• Highlights of request for input:
  • Template (format used for other PDPs) to fill out to respond to specific questions.
  • Provides WG progress to date and asks for input on completeness of key inputs identified to date. Are there any docs that are missing or that haven't been identified as relevant but should be and why.
  • The issue report, comments on issue report, and other past inputs - are those inputs still relevant or does any input need to be updated to reflect that group's input to the WG.
  • Are there any charter questions that are missing and should be taken into account by the WG?
  • Any other input not noted above.
  • PDP process requires min 35 days, WG can extend if more time needed but idea is to have input ASAP.
• Critical that each WG member reach out to their own group and serve as facilitator to solicit early inputs.

• WG members should feel free to suggest edits to make sure this is an effective outreach to solicity early input.

• Questions: Response time (35 days min but some groups may require longer), who to include in broader community (eg DPAs?)

Action item: Staff to distribute RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf  to full WG with until Sunday UTC for review/comment and agreement to go ahead a distribute to SOs/ACs/SGs/Cs. 

6.   Helsinki meeting planning

• Currently in latest drat schedule, there is one and possibly two sessions for the RDS PDP WG:
  • A carve-out for a whole morning for this PDP WG to meet. 
  • Also a possibility that this topic will identified for 75m cross-community discussion.
• As soon as schedule is confirmed, the WG will need to consider how to organize its time to best make use of it - particularly if cross-community session is scheduled, the WG may need to prepare tutorial or other presentation or questions to make that session effective.
• Note that we will have a regular WG meeting (both remote and in-person participation options) whether or not this topic is identified for a cross-community session.
• Our Helsinki WG session will be open to anyone - not just WG members - so that everyone can participate .
• Concern that there will likely be conflicts between sessions that impact those who participate in multiple groups. Chuck has raised this concern to the planning committee but some conflicts are inevitable. There aren't as many as a regular ICANN meeting. On GNSO side, there's been an effort to avoid as much as possible conflicts between GNSO communities. However, there are also conflicts between SOs, ACs that may still be examined to adjust and reduce conflicts. There wil be some growing pains since this is the first "B" meeting with this new schedule to facilitate policy development. What is the mechanism to make conflicts known?

Action item: Staff to carry forward this feedback on conflict minimization - if GNSO would firm up its sessions, SOs/ACs could adjust accordingly - and to provide WG with scheduled session dates for this PDP WG.

7.   Confirm next steps & next meeting

• Tuesday 10 May 2016 at same time (16.00 UTC)
• Primary agenda item: work plan, facilitated by mind map description of inputs, questions, and subquestions

Action item: Staff to schedule early leadership team meeting (possibly Wednesday of this week) to finalize draft work plan for distribution to full WG

Reference Documents

RDSPurpose-InputsSummaries-1May.pdf

RDSData-InputsSummaries-1May.pdf

RDSPrivacy-InputsSummaries-1May.pdf

RDS-PDP-Phase1-FundamentalQs-SubQs-MindMap-2May 2016.pdf 

RDS PDP - SO AC SG C Input Template - 2 May 2016 rev.pdf  

Latest versions of all sub-team outputs: https://icann-community.atlassian.net/wiki/x/RAANBg.

Membership of the sub-teams: https://icann-community.atlassian.net/wiki/x/dgQNBg