Thanks, Sam! Responses to your comments: 1) I have discussed this a bit with Avri and I am reluctant to drop the Snowden reference, even if it is a wee bit inflammatory....this is partly because I am tired of talking in general terms about public policy, they will simply interpret that as compliance with law enforcement demands, not privacy expectations of consumers. 2) agreed, I am tempted to say that in the comment but resisting 3) re the typos, I will have to go back, check the quotes, and square bracket/sic them. thanks! cheers stephanie On 2014-07-31, 13:19, Sam Lanfranco wrote: > It is late in the time left for revising this document so I will just > offer three short comments without going in and attempting to > wordsmith inside the document. Food for though! > > #1: Page 1: As part of the opening logic to the submission the text > as written is: > > /In the matter of protection of personal and confidential information, > which is a very newsworthy issue in the 21st century, privacy > practices are a matter of consumer trust, and therefore high risk for > those operating an Internet business. Even if customers have > obediently complied with demands for excessive collection and > disclosure of personal information up to this point, in the current > news furor over Snowden and the cooperation of business with national > governments engaged in surveillance, this could change with the next > news story. The Internet facilitates successful privacy campaigns./ > > I would suggest that the submission focus in immediately on ICANN > practice and evolving policy on the protection of personal and > confidential information, and not so much Snowden and news stories. > > [Possible revision] > > /In the matter of protection of personal and confidential information > on the Internet social norms and public policy are evolving and ICANN > should be in the forefront of helping define workable practice, as > well as bringing its contract language in line with public policy. It > is bad ICANN business practice to put registrars at odds with national > privacy policy. It also jeopardizes registrars' consumer trust and > puts at risk the business of those operating an Internet business. / > > #2: [Comment] There is a saying about the Catholic Church, to the > effect that dealing with social norms it always arrives a little late > and out of breath. ICANN is acting in a similar way. ICANN could both > handle this in contract language, and help evolve best and workable > practices around the protection of personal and confidential > information by (a) contract language that is consistent with national > policy, and (b) showing some leadership in what would be good and > workable policy here. ICANN is neither a King nor a Church bestowing > favors on registries and registrars. It is a business entering into > contractual obligations with its direct customers. > > #3: [*Typo*] I don't know if the typo is in the Blacknight quote or > not, but 5.3 should read ...., then [not than] ALL registrars based in > Germany..." > > 5.3 Response. The European Commission in its comments wrote, and we > strongly agree: "the same exception should apply to others in the same > jurisdiction who can demonstrate that they are in the same situation." > Further, Blacknight wrote and we support: "if ANY registrar in > Germany, for example, is granted a waiver based on German law, *then* > ALL registrars based in Germany should receive the same treatment." > Once a national data protection or privacy law is interpreted as > requiring and exemption or modification, it should be available to all > Registries/Registrars in that country. > > Sam L.