10/2: Comments on WHOIS Data Protection Recommendation due

KathrynKL at AOL.COM KathrynKL at AOL.COM
Tue Sep 20 20:38:12 CEST 2005 

Friends:
I am pleased to report that after 3 years of work, the WHOIS Task Force (TF)
finally has a recommendation we can support!   Now posted on both the
GNSO and ICANN homepages is a procedure (from the WHOIS TF to the
Council) that would allow Registrars to respect their own privacy laws and
protect personal data -- when threatened with prosecution under their
national/local privacy laws.

This Recommendation is an important first step -- to allow ICANN to work with
Registrars who live in countries that protect and prosecute under their data
protection laws.  If passed by GNSO Council and the ICANN Board, it will be
the first time that ICANN has a mandate to create a set of exceptions to the
Registrar contracts -- and the first time that ICANN officially recognizes that
the personal data located in the WHOIS databases (including name, address,
telephone and email)
is protected and governed by national and local laws.

Would you please take a moment to support this important recommendation?
Short comments from your organization, or you as an individual, are welcome.
     PROCEEDING:  Combined WHOIS task force (1,2 & 3)
     Preliminary Report on a policy recommendation and advice on a
     procedure for handling conflicts between a registrar/registry's
     legal obligations under privacy laws and their contractual
     obligations to ICANN
       **DEADLINE: Sunday, October 2, 2005, 5pm.**
     LINKS:  www.icann.org or www.gnso.icann.org   click Public Comment Forum
     COMMENTS TO:   gnso-whoisprivacy-cmts at icann.org
     COMMENTS ARCHIVED AT:
http://forum.icann.org/lists/gnso-whoisprivacy-cmts

If you have any questions, feel free to contact me.
Regards,
Kathy Kleiman (co-author of this Recommendation as one of NCUC's
Representation to the Combined WHOIS TF)

p.s.  This Recommendation is an important first step.  Milton and I have told
the TF that we must continue to work towards changes in the WHOIS database
that protect the privacy of ALL registrants.

Additional Background useful for preparing comments:
Published back in 2003, the original report of WHOIS Task Force 2 noted that
Registrars were receiving complaints for violations of privacy laws with the
collection and publication of personal data in the WHOIS database (mandated
by ICANN's Registrar Accreditation Agreement).  The TF2 report was strong in
its conclusions:
      "The Task Force believes that there is an ongoing risk of conflict
between a registrars' or registries' legal obligations under local privacy
laws
and their contractual obligations to ICANN. Since the variety of the existing
local privacy laws does not allow for a one-size-fits-all solution, the
registrars
and registries encountering such local difficulties should be allowed an
exception from the contractual WHOIS obligation for the part of the WHOIS
data in question by the local regulation, after proving the existence of such
a
conflict with a law or regulation."

In this report, TF2 also published a Table of Registrars, their countries and
the
data protection laws (overview) of the countries.  This Excel spreadsheet is
very interesting, and posted at the NCUC website www.ncdnhc.org under
"Summary of national laws affecting data privacy."

This year the Combined WHOIS TF moved forward with the work above and
created the Policy Recommendation  now under review.  It received unanimous
support from all the Constituencies at the TF level!  Here is the text:

"I. Task Force Policy for WHOIS Conflicts with Privacy Law
CONSENSUS POLICY RECOMMENDATION
In order to facilitate reconciliation of any conflicts between
local/national mandatory privacy laws or regulations and applicable
provisions of the ICANN contract regarding the collection, display and
distribution of personal data via Whois, ICANN should:
     Develop and publicly document a procedure for dealing with the
     situation in which a registrar or registry can credibly demonstrate
     that it is legally prevented by local/national privacy laws or
     regulations from fully complying with applicable provisions of
     its ICANN contract regarding the collection, display and
     distribution of personal data via WHOIS.
     Create goals for the procedure which include:

              Ensuring that ICANN staff is informed of a conflict at the
          earliest appropriate juncture;
              Resolving the conflict, if possible, in a manner conducive to
          ICANN's Mission, applicable Core Values and the
          stability and uniformity of the Whois system;
              Providing a mechanism for the recognition, if appropriate, in
          circumstances where the conflict cannot be otherwise
          resolved, of an exception to contractual obligations to
          those registries/registrars to which the specific conflict
          applies with regard to collection, display and distribution
          of personally identifiable data via Whois; and
              Preserving sufficient flexibility for ICANN staff to respond to
          particular factual situations as they arise."

Detailed procedures for the handling conflicts with privacy law are set
out in Section II of the report (see links above).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20050920/1c3f4b0f/attachment.html>

More information about the Ncuc-discuss mailing list