[NCUC-DISCUSS] [Privacy] this is a space for privacy work
Rafik Dammak
rafik.dammak at gmail.com
Sun Apr 6 18:24:19 CEST 2014
Hi Stephanie,
An issue like whois who got the attention of many for years cannot be
considered small.
I was asking about clear strategy, goals and scope. For example, I cannot
really understand the data protection for human resources as priority now
for us.
I do understand about a privacy policy and framework so ICANN get the point
about privacy in all aspects but not sure about your approach. It can be
confusing.
Reading maria email, a short brief looks doable for the short term. I was
only asking what are the objectives and the plan.
Best.
Rafik
On Apr 7, 2014 1:17 AM, "Stephanie Perrin" <
stephanie.perrin at mail.utoronto.ca> wrote:
> I dont agree at all. You cannot have a privacy policy that focuses on
> only one rather small element. This is why Whois has not been resolved,
> all the other pieces are separate.
> On 2014-04-06, at 2:44 AM, Rafik Dammak wrote:
>
> Hi Stephanie,
>
> I am afraid that the focus on thing like ICANN collecting data about
> volunteers and participants can divert the scarce resources we have ,
> instead of working whois-related issues
> more clarity about the strategy and scope would be helpful
>
> Best Regards,
>
> Rafik
>
>
> 2014-04-06 15:41 GMT+09:00 Stephanie Perrin <
> stephanie.perrin at mail.utoronto.ca>:
>
>> I am afraid I don’t understand the question Rafik..we offered to tell
>> them what is wrong with their policy. Item one, is the scope is too
>> narrow. A full policy covers everything. This is what the law would
>> demand, if they were in a jurisdiction with law.
>>
>> On Apr 6, 2014, at 2:18 AM, Rafik Dammak <rafik.dammak at gmail.com> wrote:
>>
>> Hi Stephanie,
>>
>> I read the document but I am somehow puzzled by the scope:
>> - are we talking about privacy within ICANN in regard to the policies
>> development there like in the case of RAA, Whois, new directory services?
>> then providing a privacy framework for ICANN policies, systematic
>> assessment of policy impact on privacy and data protection etc
>> - or it is just about ICANN collecting personal data from the community ,
>> staff etc
>>
>> the scope matters because the resources and the focus we can have at NCSG
>> level. as you know we have already an existing group to discuss privacy
>> within NCSG , with those involved in several working group around whois.
>>
>> Best Regards,
>>
>> Rafik
>>
>>
>> 2014-04-02 20:07 GMT+09:00 Stephanie Perrin <
>> stephanie.perrin at mail.utoronto.ca>:
>>
>>> Further to this note, there is an opening very draft preface to our
>>> comments on the ICANN privacy policy, on the pad set up by Niels. I attach
>>> the word version here, for anyone who is interested in this project. To
>>> join the work group, contact Stefania
>>> It is a conversation starter, no where near a final draft.
>>>
>>>
>>> On Mar 30, 2014, at 2:45 PM, Stephanie Perrin <
>>> stephanie.perrin at mail.utoronto.ca> wrote:
>>>
>>> Further to Robin’s note, I am pasting in a thread that originated in
>>>> NCUC following our meeting with the ICANN Board.
>>>>
>>>>
>>> Numerous members of the NCUC have already volunteered to work on
>>> developing a gap analysis of the existing ICANN privacy policies, with a
>>> view to providing advice back to the Board as to what needs to be done to
>>> bring ICANN privacy policies up to the expected levels. Please join in, as
>>> you can see from Bruce Tonkin’s note back to us, there is a rather poor web
>>> policy, for which I promised to provide a critique. I attach a few other
>>> jobs that need to be done rather soon, if anyone would like to volunteer.
>>> Here is a snippet which I just sent out to the NCUC volunteers:
>>>
>>> OK, perhaps one group of folks would like to have a look at the policy
>>> for new Gtlds, available here, and prepare a critique of what is missing
>>> (gap analysis)
>>>
>>> gTLD Program is addressed in a separate personal data privacy statement
>>> at http://newgtlds.icann.org/en/applicants/agb/program-privacy.
>>> We could also use some help from someone on analysing the transparency
>>> and accountability principles, where the disclosure stuff is apparently
>>> buried. One of the major criticisms of these policies is that it is very
>>> difficult for a user/participant at ICANN to find out what is happening to
>>> their data.
>>> Another task where I would love some help from an American Attorney, is
>>> whether it is legally possible to declare a total disclaimer to breach
>>> liability in the state of California, where there are data breach
>>> disclosure rules. (see the following snippet of the policy which I am
>>> dubbing a web policy):
>>>
>>> Due to the open communication nature of the Internet, ICANN cannot
>>> represent, warrant or guarantee that communications stored on ICANN servers
>>> will be free from unauthorized access by third parties, loss, misuse or
>>> alterations. While ICANN will take reasonable and appropriate security
>>> measures to protect against unauthorized access, disclosure, alteration or
>>> destruction of personal information received, ICANN DISCLAIMS ANY AND ALL
>>> LIABILITY FOR UNAUTHORIZED ACCESS OR USE OR COMPROMISE OF YOUR PERSONAL
>>> INFORMATION. USERS ARE ADVISED THAT THEY SUBMIT SUCH PERSONAL INFORMATION
>>> AT THEIR OWN RISK.
>>> I have to say this is one of the paragraphs that really put me right
>>> over the top….caps included.
>>> Any volunteers for this task, I am working on the three pager and the
>>> basic critique of the web policy.
>>> cheers steph
>>> PS I have still not found the alleged staff policy, if anyone knows
>>> where it is please let me know
>>>
>>> Kind regards,
>>> Stephanie Perrin
>>>
>>> On 26 Mar 2014, at 1:59 pm, Stephanie Perrin <
>>>> stephanie.perrin at mail.utoronto.ca> wrote:
>>>>
>>>> I will certainly volunteer to provide the first draft of a commentary
>>>> on the “privacy policy”. I believe I am already on the hook for that, and
>>>> if folks can self identify if they have an interest in this area, we can
>>>> call it a group and I will send out the marked up copy. If people prefer
>>>> to use a platform (e.g. googledocs) let us know.
>>>> cheers Stephanie Perirn
>>>> On Mar 26, 2014, at 1:43 AM, William Drake <william.drake at uzh.ch>
>>>> wrote:
>>>>
>>>> Hi
>>>>
>>>> We have a number of folks who work on privacy policy. Would anyone be
>>>> interested in organizing a group to provide an input to ICANN on its policy
>>>> regarding the collection and use of personal data?
>>>>
>>>> Bill
>>>>
>>>> Begin forwarded message:
>>>>
>>>> *From: *Bruce Tonkin <Bruce.Tonkin at melbourneit.com.au>
>>>> *Subject: **RE: ICANN privacy policy*
>>>> *Date: *March 25, 2014 at 5:15:07 PM GMT+8
>>>> *To: *William Drake <william.drake at uzh.ch>
>>>> *Cc: *Rafik Dammak <rafik.dammak at gmail.com>, "marie-laure Lemineur (
>>>> mllemineur at gmail.com)" <mllemineur at gmail.com>, David Cake <
>>>> dave at difference.com.au>, Maria Farrell <maria.farrell at gmail.com>, "
>>>> magaly.pazello at gmail.com" <magaly.pazello at gmail.com>, "
>>>> kdrstoll at gmail.com" <kdrstoll at gmail.com>, "Amr Elsadr (
>>>> aelsadr at egyptig.org)" <aelsadr at egyptig.org>, Fadi Chehade <
>>>> fadi.chehade at icann.org>, John Jeffrey <john.jeffrey at icann.org>
>>>>
>>>> Yes indeed - your addresses were just ones that I had to hand.
>>>>
>>>> Regards,
>>>> Bruce Tonkin
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: William Drake [mailto:william.drake at uzh.ch <william.drake at uzh.ch>
>>>> ]
>>>> Sent: Tuesday, 25 March 2014 5:10 PM
>>>> To: Bruce Tonkin
>>>> Cc: Rafik Dammak; marie-laure Lemineur (mllemineur at gmail.com); David
>>>> Cake; Maria Farrell; magaly.pazello at gmail.com; kdrstoll at gmail.com; Amr
>>>> Elsadr (aelsadr at egyptig.org); Fadi Chehade; John Jeffrey
>>>> Subject: Re: ICANN privacy policy
>>>>
>>>> Hi Bruce
>>>>
>>>> Thanks for this. I assume this is an open invitation that we can share
>>>> with our privacy mavens who are not not on the Cc, correct?
>>>>
>>>> Best
>>>>
>>>> Bill
>>>>
>>>> On Mar 25, 2014, at 4:33 PM, Bruce Tonkin <
>>>> Bruce.Tonkin at melbourneit.com.au> wrote:
>>>>
>>>> Hello All,
>>>>
>>>> Regarding the discussion of ICANN's use of private information in the
>>>> NCSG meeting with the Board today.
>>>>
>>>> With respect to ICANN's policy for collection and use of personal data,
>>>> we do have a published privacy policy.
>>>>
>>>> See: http://www.icann.org/en/help/privacy
>>>>
>>>> We would welcome a review of this policy to determine if it needs to be
>>>> improved. IT was last updated in Oct 2012.
>>>>
>>>> Also with respect to staff/HR information etc - I will see what
>>>> information is available on internal policies.
>>>>
>>>> Regards,
>>>> Bruce Tonkin
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ncuc-discuss mailing list
>>>> Ncuc-discuss at lists.ncuc.org
>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>>
>>>>
>>>> _______________________________________________
>>>> Ncuc-discuss mailing list
>>>> Ncuc-discuss at lists.ncuc.org
>>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>>
>>>>
>>>> On Mar 30, 2014, at 2:34 PM, Robin Gross <robin at ipjustice.org> wrote:
>>>
>>> This is an open, archived list for those wishing to develop privacy
>>> policy.
>>>
>>> Make the most of it!
>>>
>>> _______________________________________________
>>> Privacy mailing list
>>> Privacy at ipjustice.org
>>> http://mailman.ipjustice.org/listinfo/privacy
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Ncuc-discuss mailing list
>>> Ncuc-discuss at lists.ncuc.org
>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/ncuc-discuss
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20140407/7a01757c/attachment-0002.html>
More information about the Ncuc-discuss
mailing list