Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Review Policy Proposal -Comments on staff analysis

serge ilunga sergekbk at gmail.com
Sun May 28 17:19:25 UTC 2017 

Dear Community,

Please find below inline our comments on staff analysis.

*2.0 Staff Comments*

   - On Sec 13.6 - Our previous concerns that AFRINIC may be legally
   exposed regarding what member data can be published in the annual
   "Compliance Report" seem to have been addressed by the inclusion of "in
   accordance with Mauritius Data Protection Act and NDA with members." The
   act however, only concerns personal information. The kind of information to
   include in the compliance report should preferably be to the discretion of
   AFRINIC.


----------------------------------------------------------------------------------------------

*The review process involving as well physical person, personal information
can be as well manipulated and we think that we shall seek as well
compliance with DPA and this is left to the discretion of AfriNIC.*



*---------------------------------------------------------------------*

   - Authors to clarify on if the arbitration process can be initiated by
   the member anytime during or (only) after the review is completed. There
   also needs to be a time limit around when the arbitration process must
   complete (for the arbitration team to produce their findings/report).


--------------------------------------------------------------

*In section, 13.5 we can see that the appeal is made against the result.
This means that the arbitration process can be initiated only after the
review is completed.*

*The arbitration process is to be defined by AfriNIC and it is wise to
leave the responsibility to define the duration to the Team that will have
a clear view on all constraints.*

*-------------------------------------------------------------------------------*

   - On Staff Workload: All review requests shall be handled First in,
   First Out (at staff discretion) - in which case, no significant impact to
   staff workload is expected.
   - On the clause: “The review shall be conducted in full transparency and
   neutrality”. Authors need to expound more on what this means - as AFRINIC
   cannot disclose details of an ongoing audit/review to the public while
   doing the review - if this is what authors meant by "transparency"


--------------------------------------------------------------------------------------

*Transparency means that a clear and known review process should be put in
place. This doesn’t imply that informations exchanged during this process
shall be made public. [This has already been addressed during AfriNIC-25].*


*-----------------------------------------------------------------------*

   - On the Clause: “AFRINIC shall publish the resources to be recovered
   for a period of three (3) months; during which the organization may at any
   time, seek compliance” - AFRINIC will add “remarks” attributes to the
   concerned whois database objects, with information regarding the ongoing
   review. We think that this is sufficient to address the "publish"
   requirement in this clause.

-----------------------------------

*Yes, Agree that this can be a way of publishing.*


*-----------------------------------------*

*3.0 Comments from Legal Counsel*

*Legal Counsel’s Assessment*

1. In the implementation phase staff will have to deal with evidence
emanating from several jurisdictions. Moreover, staff will face the arduous
task of assessing evidence/information/data from different sources and of
different evidential value. Staff will be burdened with testing the
reliability of this evidence/information/data to assess and weigh theses
evidences and to decide whether same may be used to establish abuse or
wrongful use of Internet Number Resources.

The possibility of collecting evidence/information/data coming from
different sources via affidavits or depositions before Commissioner of Oath
may have to be envisaged to partly ease pressure on staff.

AFRINIC will have to protect itself and act only on reliable, cogent and
admissible evidence before finally revoking allocation of resources which
the investigated member claims has been prejudicial to it and consequently
claims for compensation. This possibility should always be envisaged. The
increasing value of IPv4 resources point in that way.

Answer:

---------------------------------------------------------

*This point has already been discussed many times on Mailing list and Face
to face meeting and what this policy is trying to implement is not
different from what AfriNIC is already performing in case of additional
allocation and reviews previously done.*

*The relationship between AfriNIC and the member is covered by The
registration services agreement. The section 10 of the RSA defines AfriNIC
liabilities and this policy proposal change nothing to this relationship. *


*--------------------------------------------------------*

2. What modus operandi should be put into place to “hear” the investigated
party to ensure fairness? The policy proposal does not provide anything in
this regard and should address it.


-------------------------------------------------------------

*Criteria of compliance being defined in the RSA. Data to be provided to
prove compliance can be defined so that with a clear and known review
process, fairness can be guaranteed.*


*--------------------------------------------------------------------*

3. It will not always be possible to confront the investigated party with
data/documents/evidence coming from third parties who may have disclosed
same in confidence and have expressly refused to be named or referred to.

Answer:

-----------------------------------------------------------------------

*What this policy is trying to implement is not different from what AfriNIC
is already performing in case of additional allocation and reviews
previously done.*


*-------------------------------------------------------------------------*

4. The arbitration referred to in the proposal has to be effected within
the jurisdiction of one country – and the main question is – which would
this country be?

Answer:

-------------------------------------------------------------------------

*The decision of the arbitration process is final then no need to involve
any jurisdiction court.*


*---------------------------------------------------------------------------*

5. Section 13.5 of the proposal states: “the outcome of the arbitration
process is unequivocal”. This is in contradiction of, Articles 1027 to
1027-9 of the Code de Procedure Civile of Mauritius which provides that a
party to an arbitration may seek the “annulation “of an award by seizing
the Supreme Court.

------------------------------------------------------

Article 1027-1 of the same Code de Procedure Civile of Mauritius says that
an arbitration decision can be challenged in court *unless the parties have
agreed on renunciation of their right to appeal*.

We can see that this has been used in  the RSA as under section 13 (c),
where incase of arbitration the decision of the board is final.

-------------------------------------------------------------

6. The "Mauritius Data Protection Act" only applies to personal
information/data.

Answer

---------------------------------------------------------------

*The process to be put in place can be subject to Personal information/data
manipulation*
----------------------------------------------------------------------------

With Regards.
*Serge ILUNGA KABWIKA*
*Skype: sergekbk*
*Cell: +243814443160*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20170528/04c4e11c/attachment.html>

More information about the RPD mailing list