[IRPCoalition] Fwd: [cc-humanrights] Another rights-related law becomes applicable to ICANN?

Marianne Franklin m.i.franklin at gold.ac.uk
Fri Jul 6 14:25:49 EEST 2018

Dear all

Am forwarding the reply to what is quite an interesting theme

-------- Forwarded Message --------
Subject: 	Re: [cc-humanrights] Another rights-related law becomes
applicable to ICANN?
Date: 	Thu, 5 Jul 2018 21:43:49 +0200
From: 	Raphaël BEAUREGARD-LACROIX <raphael.beauregardlacroix at sciencespo.fr>
To: 	Collin Kurre <collin at article19.org>
CC: 	NCSG-DISCUSS at listserv.syr.edu, CCWP-HR <cc-humanrights at icann.org>

Dear Collin, all,

This is indeed timely and I find the call to "holisticism" (if there is
such a thing, or is it holism?) quite relevant. 

That being said I also think it is important to remain as focus and
concrete as possible, which I do not think is incompatible with being
holistic. Certainly, the Californian CPA will provide, on a theoretical
and practical level, an interesting comparative perspective, contrasting
with the GDPR. 

I suppose the most rational and straightforward path here is that ICANN
(org and comm) should hold itself to the highest of standards, in case
anyone else besides the EU and California would have the idea to follow
up with further developments of data protection law...


On 5 July 2018 at 17:41, Collin Kurre <collin at article19.org
<mailto:collin at article19.org>> wrote:

    Dear colleagues,

    You might be interested to hear that the California passed new data
    protection legislation last week, the 2018 Consumer Privacy Act. For
    those interested, the International Association of Privacy
    Professionals (IAPP) has produced a comprehensive overview of the
    law: https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/

    I found the following excerpt from their analysis particularly
    relevant to ICANN:

        "Some companies implemented many of their new privacy protection
        measures worldwide in the hopes of being able to avoid having to
        make further jurisdiction-specific updates for a while. The
        passage of the California Consumer Privacy Act has now raised
        the question as to whether these measures will be sufficient to
        the extent they reach California residents with their
        GDPR-related compliance measures. Unfortunately, the answer is
        largely, ‘No.’ 

        /Global companies can and should try to address the requirements
        of the California Consumer Privacy Act, EU GDPR and other
        privacy regimes simultaneously and holistically in the interest
        of efficiency/.” 

    The Human Rights Bylaw
    <https://www.icann.org/resources/pages/governance/bylaws-en> (which
    will come into effect when the WS2 recommendations are approved,
    likely in Q4 of this year) states that ICANN should be guided by the
    core value of “respecting internationally recognized human rights as
    required by applicable law.” 

    The HR FoI
    <https://community.icann.org/display/WEIA/Documents?preview=/59641302/79437270/CCWG-Accountability-WS2-HumanRight-FinalReport-20171106%5B1%5D.pdf> recognizes
    that the notion of applicable law “is a dynamic concept inasmuch as
    laws, regulations, etcetera, change over time.” However, based on
    the GDPR experience, it seems like waiting for rights-related laws
    to become applicable may not be the best strategy in the long run. 

    Once the bylaw comes into effect, ICANN org and each SO and AC will
    be required to develop policies and frameworks to take human rights
    into account and avoid human rights violations in policy-development
    and decision-making processes. Some have perceived this as an
    additional administrative burden, though it’s hard to contest the
    bylaw's relevance given the amount of time the community has spent
    discussing access, accreditation, EPDPs, and other topics spawned by
    GDPR, a piece of privacy — and therefore human rights-related —

    I therefore see *strategic potential in developing new compliance
    mechanisms for the human rights bylaw.* Just as corporate human
    rights impact assessments serve to identify gaps and mitigate risks,
    multistakeholder ICANN HRIAs should be devised and incorporated to
    promote more holistic, efficient, and proactive self-governance.

    Thoughts and comments are certainly welcome! And as a reminder, you
    can find a few resources on related work on the ICANN Human Rights
    website, here: https://icannhumanrights.net/documents/

    Warm regards,

    Collin Kurre
    ARTICLE 19

    cc-humanrights mailing list
    cc-humanrights at icann.org <mailto:cc-humanrights at icann.org>

Raphaël Beauregard-Lacroix
@rbl0012 <https://twitter.com/rbl0112>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.internetrightsandprinciples.org/mailman/private/irp/attachments/20180706/d6edbfe6/attachment.html>
-------------- next part --------------
cc-humanrights mailing list
cc-humanrights at icann.org

More information about the IRP mailing list