Hi,

I think that the compliance models are things that need to be put into
before new policy could be formed.  So the issue is then seen as resting
on existing WHOIS policy, to the extent to which that can be understood
clearly, and what is in Ry & Rr contracts. 

Cleaning up, or establishing, the policy to discuss your consideration
is what would come next, as it can't be done by May.

avri



On 15-Jan-18 11:23, Mueller, Milton L wrote:
>
>  
>
> I do not think we want to maximize the ability of registrars to
> conform to national law. ICANN was created specifically to be a global
> governance agency so that DNS would be globally compatible and the
> market for DNS services would be globally open and competitive.
> Encouraging variations in practices across jurisdictions moves us away
> from that goal.
>
>  
>
> The simple solution to this dilemma is for Whois to conform narrowly
> to ICANN’s legitimate purpose in collecting the data and thus
> _/minimize/_ the data that it collects and makes publicly available.
> Thus, while I agree ICANN not should press for higher national privacy
> standards, I do agree with Ayden that if it minimizes what it collects
> and makes available it flies above the problem of jurisdictional
> variation. If specific jurisdictions want to regulate local registrars
> to force them to collect and/or disseminate more, that is
> (unfortunately) something they will have to deal with, but ICANN
> should make its global whois requirements well above the threshold
> that would violate the privacy laws of any country.
>
>  
>
> In this respect ICANN is not the standard setter for all worldwide
> privacy, but it is, and is supposed to be, the global standard setter
> for DNS policy.
>
>  
>
> Dr. Milton Mueller
>
> Professor, School of Public Policy
>
> Georgia Institute of Technology
>
>  
>
> IGP_logo_gold block_email sig <http://www.internetgovernance.org/>
>
>  
>
>  
>
>  
>
> *From:*NCSG-Discuss [mailto:[log in to unmask]] *On Behalf
> Of *Paul Rosenzweig
> *Sent:* Monday, January 15, 2018 9:35 AM
> *To:* [log in to unmask]
> *Subject:* Re: Data Protection and Privacy Update: Seeking Community
> Feedback on Proposed Compliance Models
>
>  
>
> I tend to agree with Sam on this … the GDPR is a good standard, but it
> is not a universal standard.  And just as we don’t want ICANN to be in
> the business of content regulation we don’t want it to be the standard
> setter for world wide privacy.  Our goal should be to identify the
> minimum contractually necessary and then allow divergence across the
> globe.  The more difficult question is what, precisely, that minimum is …
>
>  
>
> P
>
>  
>
> Paul Rosenzweig
>
> [log in to unmask]
> <mailto:[log in to unmask]>
>
> O: +1 (202) 547-0660
>
> M: +1 (202) 329-9650
>
> VOIP: +1 (202) 738-1739
>
> www.redbranchconsulting.com <http://www.redbranchconsulting.com/>
>
> My PGP Key:
> https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684
>
>  
>
> *From:*NCSG-Discuss [mailto:[log in to unmask]] *On Behalf
> Of *Sam Lanfranco
> *Sent:* Sunday, January 14, 2018 10:59 AM
> *To:* [log in to unmask] <mailto:[log in to unmask]>
> *Subject:* Re: Data Protection and Privacy Update: Seeking Community
> Feedback on Proposed Compliance Models
>
>  
>
> Colleagues,
>
> I may have an overly simplistic view of the issue here, but I would
> like to put it on the table. ICANN has a narrow remit within the
> growing area of global, regional (e.g. EU), and national Internet
> governance. It exercises that remit through a serious of contracts
> with entities (registrars and registries) that operate under diverse
> national Internet governance jurisdictions.
>
> With differing specific data protection language in diverse contexts,
> it is highly unlikely that ICANN can draft “higher standard” contract
> language that will satisfy the data privacy regulations of all, most,
> or even many, national data privacy regimes. So, what is the path
> forward here?
>
> There seem to be two components of a path forward. First, ICANN must
> figure out how it exercises ICANN agency as a stakeholder in the
> various legislative policy venues in which data privacy and other
> Internet governance policy is debated and where regulations are
> formed. Some ICANN stakeholders already “have skin in those games” and
> are already present in those policy debates. ICANN writes contract
> language and needs to be engaged as a stakeholder.
>
> Second, in contrast to seeking “higher standard” contract language,
> ICANN may need to look for “minimum conditions” contract language that
> offers contracted parties maximum freedom to negotiate with and meet
> the conditions of national Internet governance policies. At the same
> time ICANN can use its agency as a stakeholder to press for “higher
> standard” national policies that harmonize regulations, and facilitate
> the work and interests of various stakeholders in the Internet ecosystem.
>
> In short, the path forward may be (a) more ICANN agency as a
> stakeholder, and (b) minimal contract language to maximize the ability
> of contracted parties to deal with national policies and regulations.
>
> Sam L.
>
>  
>
> On 1/14/2018 10:02 AM, Ayden Férdeline wrote:
>
>     Hi Caleb,
>
>      
>
>     While I appreciate that not all countries have data protection
>     laws, privacy remains a fundamental human right. My suggestion is
>     thus that we should adopt the highest level of protection for all
>     domain name registrants. And I suspect it is a lot easier to
>     implement one model, rather than fragmented models for different
>     jurisdictions.
>
>      
>
>     Please also remember that ICANN sets policy by contract; i.e.
>     registries, registrars, and registrants agree by contract to
>     follow the rules and policies created by ICANN, and these policies
>     can be revised and deleted. So while ICANN must of course comply
>     with the law, it can adopt and impose a higher standard on the
>     contracted parties.
>
>      
>
>     Many thanks,
>
>      
>
>     Ayden
>
>      
>
>      
>
>      
>
>         -------- Original Message --------
>
>         Subject: Re: Data Protection and Privacy Update: Seeking
>         Community Feedback on Proposed Compliance Models
>
>         Local Time: 14 January 2018 3:56 PM
>
>         UTC Time: 14 January 2018 14:56
>
>         From: [log in to unmask] <mailto:[log in to unmask]>
>
>         To: [log in to unmask]
>         <mailto:[log in to unmask]>
>
>          
>
>         Hello Badii and Ayden,
>
>          
>
>         For me, i think the Model 2A serves the purposes. Don't forget
>         that not all countries have data protection laws or policy in
>         place.
>
>         Hence, based on jurisdiction, they cannot be governed by laws
>         that is peculiar to a certain continent or sovereign state. 
>
>          
>
>         Caleb Ogundele
>
>          
>
>         On Sun, Jan 14, 2018 at 3:36 PM, Ayden Férdeline
>         <[log in to unmask] <mailto:[log in to unmask]>> wrote:
>
>             I could live with the second model.
>
>              
>
>             The key differentiation between Model 2A and 2B is its
>             applicability: 2A applies only "where the registrant,
>             registry, registrar or a processor are located in the
>             European Economic Area"; 2B "applies to all registrations
>             on a global basis without regard to location of registry,
>             registrar registrant, and processing activities"
>
>              
>
>             On this basis I think Model 2B is the best path forward.
>             To have fragmented approaches for different regions would
>             be a mistake, in my opinion.
>
>              
>
>             Given the short turnaround time here (we need to agree on
>             a position and submit a comment by 29 January) and other
>             obstacles between now and then (Intersessional, GNSO
>             Council Strategic Planning Session), may I suggest that we
>             schedule a call next week to discuss our response?
>
>              
>
>             Best wishes, Ayden
>
>              
>
>              
>
>                 -------- Original Message --------
>
>                 Subject: Data Protection and Privacy Update: Seeking
>                 Community Feedback on Proposed Compliance Models
>
>                 Local Time: 13 January 2018 7:40 PM
>
>                 UTC Time: 13 January 2018 18:40
>
>                 From: [log in to unmask]
>                 <mailto:[log in to unmask]>
>
>                 To: [log in to unmask]
>                 <mailto:[log in to unmask]>
>
>                  
>
>                 Please see the CEO blog on Data protection and privacy:
>
>                  
>
>                 https://www.icann.org/news/blog/data-protection-and-privacy-update-seeking-community-feedback-on-proposed-compliance-models
>
>                  
>
>                 We should understand these models, discuss them and
>                 provide feedback. 
>
>                  
>
>                 Best
>
>                 Farzaneh
>
>              
>
>          
>
>          
>
>          
>
>         -- 
>
>         *Ogundele Olumuyiwa Caleb*
>
>         *[log in to unmask] <mailto:[log in to unmask]>/*
>
>         */234 - 8077377378/*
>
>         */234 - 07030777969/*
>
>      
>
>  
>
> -- 
> ------------------------------------------------
> "It is a disgrace to be rich and honoured
> in an unjust state" -Confucius
>  邦有道，贫且贱焉，耻也。邦无道，富且贵焉，耻也
> ------------------------------------------------
> Dr Sam Lanfranco (Prof Emeritus & Senior Scholar)
> Econ, York U., Toronto, Ontario, CANADA - M3J 1P3
> email: [log in to unmask] <mailto:[log in to unmask]>   Skype: slanfranco
> blog:  https://samlanfranco.blogspot.com
> Phone: +1 613-476-0429 cell: +1 416-816-2852