[IRPCoalition] Fwd: [cc-humanrights] Another rights-related law becomes applicable to ICANN?

Marianne Franklin m.i.franklin at gold.ac.uk
Thu Jul 5 18:48:40 EEST 2018

Dear IRPC List members

See below for a forwarded message with regard to how US states are
interpreting the GDPR that came into force in the EU end of May.

Thanks Collin for the update and access to ICANN-Related implications

best wishes


-------- Forwarded Message --------
Subject: 	[cc-humanrights] Another rights-related law becomes applicable
Date: 	Thu, 5 Jul 2018 16:41:23 +0100
From: 	Collin Kurre <collin at article19.org>
To: 	CCWP-HR <cc-humanrights at icann.org>, NCSG-DISCUSS at LISTSERV.SYR.EDU

Dear colleagues,

You might be interested to hear that the California passed new data
protection legislation last week, the 2018 Consumer Privacy Act. For
those interested, the International Association of Privacy Professionals
(IAPP) has produced a comprehensive overview of the new
law: https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/ 

I found the following excerpt from their analysis particularly relevant

    "Some companies implemented many of their new privacy protection
    measures worldwide in the hopes of being able to avoid having to
    make further jurisdiction-specific updates for a while. The passage
    of the California Consumer Privacy Act has now raised the question
    as to whether these measures will be sufficient to the extent they
    reach California residents with their GDPR-related compliance
    measures. Unfortunately, the answer is largely, ‘No.’ 

    /Global companies can and should try to address the requirements of
    the California Consumer Privacy Act, EU GDPR and other privacy
    regimes simultaneously and holistically in the interest of

The Human Rights Bylaw
<https://www.icann.org/resources/pages/governance/bylaws-en> (which will
come into effect when the WS2 recommendations are approved, likely in Q4
of this year) states that ICANN should be guided by the core value of
“respecting internationally recognized human rights as required by
applicable law.” 

The HR FoI
<https://community.icann.org/display/WEIA/Documents?preview=/59641302/79437270/CCWG-Accountability-WS2-HumanRight-FinalReport-20171106%5B1%5D.pdf> recognizes
that the notion of applicable law “is a dynamic concept inasmuch as
laws, regulations, etcetera, change over time.” However, based on the
GDPR experience, it seems like waiting for rights-related laws to become
applicable may not be the best strategy in the long run. 

Once the bylaw comes into effect, ICANN org and each SO and AC will be
required to develop policies and frameworks to take human rights into
account and avoid human rights violations in policy-development and
decision-making processes. Some have perceived this as an additional
administrative burden, though it’s hard to contest the bylaw's relevance
given the amount of time the community has spent discussing access,
accreditation, EPDPs, and other topics spawned by GDPR, a piece of
privacy — and therefore human rights-related — legislation.

I therefore see *strategic potential in developing new compliance
mechanisms for the human rights bylaw.* Just as corporate human rights
impact assessments serve to identify gaps and mitigate risks,
multistakeholder ICANN HRIAs should be devised and incorporated to
promote more holistic, efficient, and proactive self-governance.

Thoughts and comments are certainly welcome! And as a reminder, you can
find a few resources on related work on the ICANN Human Rights website,
here: https://icannhumanrights.net/documents/ 

Warm regards,

Collin Kurre

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.internetrightsandprinciples.org/mailman/private/irp/attachments/20180705/6b8a2d1a/attachment.html>
-------------- next part --------------
cc-humanrights mailing list
cc-humanrights at icann.org

More information about the IRP mailing list