[NCUC-EC] Fwd: [cc-humanrights] Another rights-related law becomes applicable to ICANN?

[Renata Aquino Ribeiro]

Hi all

These policy related news brought by Corinne can make up a good
segment for our CD in ICANN63
If no objection by next Tuesday, I'll ask Corinne to bring that
discussion to ICANN63


---------- Forwarded message ----------
From: Collin Kurre <collin at article19.org>
Date: Fri, Jul 27, 2018 at 6:40 AM
Subject: Re: [cc-humanrights] Another rights-related law becomes
applicable to ICANN?
To: NCSG-DISCUSS at listserv.syr.edu


Dear colleagues,

I’m resurrecting this thread to share some tangentially related news I
stumbled across recently:

First, the EU Parliament adopted a resolution on the rights of
indigenous peoples this week calling for the EU to: "fulfill its
extraterritorial duties related to human rights”, create legislation
to prevent and sanction violations, and “devise clear rules of conduct
and regulatory frameworks for extraterritorial action by companies and
investors that fall within its jurisdiction” (see 48). While these
provisions exclusively relate to the protection of indigenous peoples
and local communities, the thrust behind them seems to support the
trend toward application of laws based on non-territorial conditions
that Raphaël observed in his recent CCWP-HR post.

Meanwhile, in the UK, a criminal and regulatory litigation firm
published a blog post outlining ways that companies may be held
criminally liable for human rights abuses, wherever they may occur.
Again, this is only marginally related, but potentially of interest
considering that the 2018 UK Data Protection Act introduced some
criminal offenses for unlawfully obtaining personal data, among other
things. The threat of fines + criminal liability will be a very
effective motivator if, as the post implies, the “legislative
appetite” continues in this direction.

Comments welcome on this Friday food for thought, especially from the
lawyers (which I am not).

Have a nice weekend,
Collin

--
Collin Kurre
ARTICLE 19




On Jul 5, 2018, at 8:43 PM, Raphaël BEAUREGARD-LACROIX
<raphael.beauregardlacroix at sciencespo.fr> wrote:

Dear Collin, all,

This is indeed timely and I find the call to "holisticism" (if there
is such a thing, or is it holism?) quite relevant.

That being said I also think it is important to remain as focus and
concrete as possible, which I do not think is incompatible with being
holistic. Certainly, the Californian CPA will provide, on a
theoretical and practical level, an interesting comparative
perspective, contrasting with the GDPR.

I suppose the most rational and straightforward path here is that
ICANN (org and comm) should hold itself to the highest of standards,
in case anyone else besides the EU and California would have the idea
to follow up with further developments of data protection law...

Best,

On 5 July 2018 at 17:41, Collin Kurre <collin at article19.org> wrote:
>
> Dear colleagues,
>
> You might be interested to hear that the California passed new data protection legislation last week, the 2018 Consumer Privacy Act. For those interested, the International Association of Privacy Professionals (IAPP) has produced a comprehensive overview of the new law: https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/
>
> I found the following excerpt from their analysis particularly relevant to ICANN:
>
> "Some companies implemented many of their new privacy protection measures worldwide in the hopes of being able to avoid having to make further jurisdiction-specific updates for a while. The passage of the California Consumer Privacy Act has now raised the question as to whether these measures will be sufficient to the extent they reach California residents with their GDPR-related compliance measures. Unfortunately, the answer is largely, ‘No.’
>
> Global companies can and should try to address the requirements of the California Consumer Privacy Act, EU GDPR and other privacy regimes simultaneously and holistically in the interest of efficiency.”
>
> The Human Rights Bylaw (which will come into effect when the WS2 recommendations are approved, likely in Q4 of this year) states that ICANN should be guided by the core value of “respecting internationally recognized human rights as required by applicable law.”
>
> The HR FoI recognizes that the notion of applicable law “is a dynamic concept inasmuch as laws, regulations, etcetera, change over time.” However, based on the GDPR experience, it seems like waiting for rights-related laws to become applicable may not be the best strategy in the long run.
>
> Once the bylaw comes into effect, ICANN org and each SO and AC will be required to develop policies and frameworks to take human rights into account and avoid human rights violations in policy-development and decision-making processes. Some have perceived this as an additional administrative burden, though it’s hard to contest the bylaw's relevance given the amount of time the community has spent discussing access, accreditation, EPDPs, and other topics spawned by GDPR, a piece of privacy — and therefore human rights-related — legislation.
>
> I therefore see strategic potential in developing new compliance mechanisms for the human rights bylaw. Just as corporate human rights impact assessments serve to identify gaps and mitigate risks, multistakeholder ICANN HRIAs should be devised and incorporated to promote more holistic, efficient, and proactive self-governance.
>
> Thoughts and comments are certainly welcome! And as a reminder, you can find a few resources on related work on the ICANN Human Rights website, here: https://icannhumanrights.net/documents/
>
>
> Warm regards,
> Collin
>
> --
> Collin Kurre
> ARTICLE 19
>
>
>
>
>
> _______________________________________________
> cc-humanrights mailing list
> cc-humanrights at icann.org
> https://mm.icann.org/mailman/listinfo/cc-humanrights
>



--
Raphaël Beauregard-Lacroix
LinkedIn - @rbl0012