News Review | ICANN EPDP Dysfunction & Burnout, Report Delayed

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2019-02-03 with analysis and opinion: Features •  1) ICANN EPDP Dysfunction & Burnout, Report Delayed, 2) EPDP Meetings, 3) ICANNBelgium's DPA, 4) ACTO, ICANN & .AMAZON, 5) Dot COM Dominates Aftermarket, 6) ICYMI: Internet Freedom, Data Protection, Internet Shutdowns, Google Public Policy Fellowships, 7) Most Read.

UPDATE FEB 5: EPDP Schedule changes a) Final Report 'drop dead date' now Feb 25 (revised timeline embed below). b) EPDP Plenary Meetings this week changed to Tuesday Feb 5, Wednesday Feb 6, Thursday Feb 7, starting at 14:00 UTC (9am EST). Observers: Adobe Connect. More info at 2) below.

4 Feb 2019 Letter (pdf) from ICANN CEO Goran Marby to GNSO Council Chair Keith Drazek:

UPDATES Feb 3-4, 2019: 
EPDP Consensus Call #1 email from EPDP Chair Kurt Pritz with attachment embed below:

EPDP Consensus Call #2 email from EPDP Chair Kurt Pritz with attachment embed below:  

Original Post:
1. EPDP Dysfunction & Burnout, Final Report (Phase I) Delayed:
[GNSO-EPDP-Team mail list] "Extreme workload warning!"
"While I understand that we have a deadline to meet, and we do not wish to push any more work than absolutely necessary to the next phase of our WHOIS policy development, I would like to push back on the amount of activity that we are now expected to join over the next couple of weeks in order to push the EPDP final report over the finish line. Many of us have busy lives beyond ICANN, and cannot drop everything to attend 4 three hour plenary meetings a week, let alone the other small team meetings (and respond to the list). Given that we have achieved really only a modest level of consensus on our policy recommendations to date, I would like to register a very strong warning that we will not accept changes to the text that have not been agreed in full committee with full attendance. This appears to be a golden opportunity for those who are being paid to work full time on lobbying for certain outcomes, to insert or reinsert their favorite language into the text. In the name of maintaining the integrity of the multi-stakeholder process, flawed as it undoubtedly is, let us resist this and accept the fact that we cannot fix in our last couple of weeks what we lingered over for months."--Stephanie Perrin, EPDP member and NCSG Chair, EPDP Mail List, Jan 28, 2019.
"I’d like to echo Stephanie’s concerns ... After two weeks of being AWOL (ePDP Toronto and GNSO Los Angeles), my employer is anxious for me to turn my attention to my real job.  I will not be joining the additional sessions next week, nor do I recall our discussing or agreeing to this ask."--James Bladel, EPDP member (GoDaddy, RrSG), EPDP Mail List, Jan 28, 2019.
Hi James and everyone: I got it. I am at NamesCon and spent the ride to the airport this morning on a EPDP staff call and have been holed up in my room typing up legal issues since I arrived. I haven’t sold (or bought) a domain name yet. The additional sessions are not a requirement; invitations were sent as placeholders as a heads up, but there is no confirmation yet on whether we go ahead with these or whether they are needed. Let’s discuss the go-forward plan on the call tomorrow - although we might not have a Plan B in place by then - we can at least generate a joint understanding of status and final objective. Thanks (Stephanie and James) for this interjection. Best regards, Kurt [Pritz, EPDP Chair (appointed by the GNSO Council)] EPDP Mail List Jan 28, 2019.
EPDP Timeline as of Jan 28, 2019 (pdf) now REVISED as of Feb 4, embed below:

Updated Editor's note: the EPDP's "drop dead date" is Feb 11 25, 2019, for submission of the final report to the GNSO Council.

2) ICANN EPDP Meetings for Week Ending Feb 9, and Weekly Recap
Updated: EPDP Plenary Meetings are now scheduled for Tuesday Feb 5, Wednesday Feb 6, Thursday Feb 7,  Friday Feb 8, at 14:00 UTC (9am EST) (schedule subject to change).

Notes and action items from the Thursday, Feb 7, 2019, EPDP meeting here.

Observers may use Adobe Connect, or audiocast via browser / app. Links: Draft Final Report info, EPDP Initial Report (pdf) and public comments to the Initial Report; PCRT Public Comment Review Tool; GNSO Council EPDP page and updates; links to EPDP meeting transcripts and recordings are on the GNSO calendar. Other EPDP links: wiki; mail list; action items; Temp Spec; EPDP Charter (pdf); Data Elements Workbooks (pdf), packet (pdf) small team agreements, ICANN's legal memo on Controllership (pdf), Bird & Bird legal memos are here.

EPDP recap for week ending Feb 2: Jan 29 EPDP meeting wiki page and Jan 31 EPDP meeting wiki page, notes and action items here; Legal committee Jan 30, and Data Elements group Jan 29 (5 EPDP team members + Pritz) and Jan 31 (4 EPDP team members + Pritz).

The Most Important EPDP development has been the legal advice provided by Ruth Boardman, Bird & Bird, to the select few members of the EPDP "legal committee" but finally made available to the full EPDP working group on Friday, Feb 1, 2019, here and here (note: more legal advice may be forthcoming). So far, the EPDP team has been advised:
  • relevant parties could be subject to liability if a registrant wrongly self-identifies as a legal person (and not a natural person) and the registrant's data is disclosed in reliance on this self-identification;
  • where the RNH [registrant] and the technical contact are not the same person, relying on the RNH to provide notice on the registrar's behalf will not meet GDPR's notice requirements if the RNH fails to provide the notice;
  • it is not clear if the contractual necessity condition [GDPR Article 6(1)(b)] can only apply where there is a contract between data controller and data subject;
  • "What is 'necessary' is interpreted strictly. We do not think that the EPDP could successfully argue that preventing DNS abuses is 'necessary' for the contract with the RNH" [registrant]. 

More info on Jan 29 and 31 EPDP meetings on last week's News Review, but the following from the Jan 29 transcript (pp. 54-57)  gives an indication of what's going on:
Milton Mueller: "As I said, I think we need to clarify with the legal counsel whether ICANN can, as controller, and ICANN needs to decide whether it’s a controller here of course, but assuming it is, then the fact that it doesn’t have the data doesn’t necessarily mean that it can request it if [it] is the controller, so we need legal advice on that and whether that’s actually – needs a distinctive purpose. But, you know, that’s not a third party access issue under any construction, that’s ICANN getting data about its own system and doing research on it, which we support but we don't want it in Purpose 2."
Kurt Pritz: Thanks, Milton. Alan, go ahead – Alan Greenberg. 
Alan Greenberg: "Yes, thank you. I misspoke before when I said it could go into Purpose 2; I’d forgotten that Purpose 2 is third parties right now so it cannot be Purpose 2. ICANN under no conditions is a third party. We can fix it, however, either by adding a new purpose or simply modifying Purpose 2 to say to third parties for legitimate lawful purposes, or to ICANN, and then add a processing activity for it. So we could make Purpose 2 apply to ICANN as well if people – if that’s offensive to people then it probably has to be a new purpose not because we need a purpose for ICANN doing the processing of the data but to ensure that it can be sent to ICANN. So it’s not the processing that’s the purpose, it’s the transmission to ICANN that we have to ensure is enshrined in some purpose. So we can fix 2 by adding ICANN as an Other recipient in addition to third parties. I can't see anywhere else it fits. I wouldn’t want to put it into 5 because 5 is very much a compliance one and this is not a compliance issue. Thank you."
Kurt Pritz: Thanks, Alan. ....
Farzaneh Badii: "Thank you, Kurt. Farzaneh speaking. So I think that we are really getting confused because we keep repeating and digging up issues that – and questions that we have responded to multiple times ..." [Editor's note: and so it goes.]
3) Status of ICANN’s exchanges with Belgium's Data Protection Authority (DPA)
Excerpt from 27 Jan 2019 Letter from ICANN GDD Cyrus Namazi (pdf)  
Video interview with Willem DebeuckelaerePresident of Belgium's DPA, at European Data Protection Days in Berlin in May 2018:

More info at: edpd-conference.com. Editor's note: ICANN has its sole EU office in Brussels, Belgium, and therefore Belgium's Data Protection Authority (DPA).is the "lead supervisory authority" over ICANN, stated Mr. Debeuckelaere in his letter, adding: 
"Finally, I wish to note that the GDPR places responsibility for compliance with the provisions of the GDPR upon the (joint) controller(s). It does not provide for a system of prior consultation, except in the case of article 36. It also does not foresee the possibility of prior approval, except in the cases mentioned by articles 40 (codes of conduct) and 47 (binding corporate rules)." 
See also:
"Use of WHOIS Data .... We also have some concerns about whether the practice of having the DAAR collection system query registration data is compliant with GDPR and other privacy regulations. Such queries would require a disclosure of personal data that has not previously been contemplated and could have significant repercussions for both registry operators and ICANN."--gTLD Registries Stakeholder Group (RySG) comments (link above) (emphasis added).

graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
28 January 2019 Letter (pdf) from Alexandra Moreira Lopez, Secretary General, Amazon Cooperation Treaty Organization (ACTO), to GAC Chair Manal Ismail re: New gTLD Applications for .AMAZON:

5) Names, Domains & Trademarks: Dot COM Dominates Aftermarket
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
GoDaddy 2019 aftermarket domain trends and NamesCon keynote | slideshare.net excerpt:

6) ICYMI Internet Domain News: Internet Freedom, Data Protection, Internet Shutdowns and Google Public Policy Fellowships
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
Has the internet afforded humans more freedom, or less?--Social-Media Outrage Is Collapsing Our Worlds--The internet once made it easier to slip from one domain to another. Is there a way to preserve that vital freedom?--theatlantic.com.

Google and IAB ad category lists show ‘massive leakage of highly intimate data,’ GDPR complaint claims--techcrunch.com.

Ireland questions Facebook’s plan to merge Messenger, Instagram, and WhatsApp--previous data-sharing proposals have ‘given rise to significant data protection concerns’--theverge.com.

Dr Paul Vixie, Farsight Security, on pushing back against cyber criminals--Tech Radio via Soundcloud.com.

African governments use internet shutdowns to silence opposition more and more--what can people do?--euronews.com. See also Zimbabwe President Mnangagwa Justifies Internet Shut Down, Although “He Deeply Believes In Freedom Of Speech And Expression”--techzim.co.zw.

Venezuela: The Committee to Protect Journalists have called on Venezuelan authorities to stop blocking news outlets and to ensure that access to the internet is available amid the country's political crisis and widespread protests--cpj.org.

Applications are open for the Google North America Public Policy Fellowship--all applications must be received by 12:00 p.m. EST, Friday, February, 15th. More information about Google Public Policy Fellowships, including in Latin America, Europe, Middle East, and Africahere.

7) Most Read this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

-- John Poole, Editor  Domain Mondo 

feedback & comments via twitter @DomainMondo


Domain Mondo archive