Will the data sharing agreement be an addendum to the charter agreement?
Yes, it is an addendum to the charter agreement. To note though: this is not mandatory, but chapters who do not sign will not be able to download the data.
  
Some chapters may not be able to commit to possible liabilities. If less data is shared does that change anything? 

It does not.  It is all or nothing approach because according to the arrangement, the chapter becomes an owner of data.

 
Choice of law: In the DSA it states 'law of England and Wales' as jurisdiction. Why was this jurisdiction chosen.

This is neutral forum and law (instead of selecting Virginia and Virginia law as we typically do in our agreements). We wanted to make sure we are being neutral.

 
What happens if members do not agree with the updated privacy policy?
If they do not agree to the privacy policy they can choose to leave as a member, both as a chapter members as well as global member. In which case we will remove their data as per our member data retention process.


Privacy Note (p3) referring to cookies.  

Currently, the web site shows a cookie message where the task of not accepting the cookies falls onto the user...

The common approach in reputed websites is to offer a simple menu with the "strictly necessary" ones active and the rest (promotion, analytics, performance, etc) disabled by default.

The user may accept all, some of them or the strictly necessary ones only.


We are actually in the process of implementing a cookie consent and management tool to address this point. You should see this on the website shortly.


On the DSA, it is more appropriate to say "NAME OF the CHAPTER" instead of "GEOGRAPHICAL SCOPE" as chapter members may be residents in other areas. 


We can change the geographical scope to 'Name of the Chapter', it does indeed make more sense. 


When a member is resident or has a different citizenship from the country where the Chapter is located, it is not clear what the obligations of the chapter are.

Perhaps we should include that when an individual joins a Chapter (no matter the residence or citizenship) heaccepts the Data Sharing Agreement signed by the Chapter and that it is subject to the local legal regulations applied for the Chapter.

I am afraid it may be cumbersome for Chapters managing members from different countries.


When a member joins Internet Society they do not accept the DSA, they accept the Internet Society privacy policy as they sign up as a member. The Chapter needs to define what their respective local compliance and legal obligations are.  You can refer to section 2 that outlines the compliance areas related to data protection laws.

The acceptance of members from different countries is generally outlined in the Chapter Bylaws. 


If I am not wrong, Chapters need to get the names and email address of the members, at least.

Right now this works and Chapters see the names and email of its members.

With the general terms of the DSA I would like to clarify that this may be feasible still even if the DSA is not signed.

In order to reach the members of the Chapter via mailing we need the name (if it is personalized) and the email address.

Can we ensure this minimum set of personal data is accessible always?


When the DSA is not signed, the chapter can still access the names and emails of their members through Internet Society's AMS (MemberNova), but we are not allowed to share the data otherwise. The whole purpose of the DSA is to give the ability to share and transfer the data by granting ownership rights to the chapters.



Comments and requests for information or updates: 

 
Timeline
  • Please add in the timeline that the final documents go back to the Board at the end of the consultation in case of major changes. 
  • Move deadline for ChAC SC feedback till 16 June  - shift the rest of the timeline accordingly. 
  • The full ChAC will meet on the 22nd of June (13hUTC). Request to present the proposed way forward and give heads-up that the documents will be shared the week after.