[bc-gnso] European Privacy Authorities Object to ICANN Whois Proposals

Phil Corwin psc at vlaw-dc.com
Tue Feb 26 15:46:26 UTC 2013 

FYI, re:WHOIS---

http://www.circleid.com/posts/20120928_european_privacy_authorities_object_to_icann_whois_proposals/

European Privacy Authorities Object to ICANN Whois Proposals<http://www.circleid.com/posts/20120928_european_privacy_authorities_object_to_icann_whois_proposals/>
*         Sep 28, 2012 11:47 AM PST
*         Comments: 1<http://www.circleid.com/posts/print/20120928_european_privacy_authorities_object_to_icann_whois_proposals/#comments>
*         Views: 3,265
By Brenden Kuerbis<http://www.circleid.com/members/2009/>
[Brenden Kuerbis]
In response to a letter from ICANN's Noncommercial Users Constituency<http://ncuc.org/> (NCUC) to data protection authorities concerning overreaching requests of law enforcement agencies in ICANN's ongoing Registrar Accreditation Agreement negotiations<http://www.icann.org/en/news/announcements/announcement-5-24sep12-en.htm>, the Article 29 Data Protection Working Party<http://ec.europa.eu/justice/policies/privacy/workinggroup/index_en.htm> has written the ICANN Board. Their comments focused on two new requirements proposed by LEAs for domain name registrars, namely that they re-verify registrant contact details and that they retain registrant data for a period of two years after a contract for a domain has ended.
Regarding re-verification the Working Party noted that the problem of inaccurate WHOIS data can only be solved by addressing the unlimited public accessibility of private contact details in the WHOIS database. It also disagreed with the notion that the re-verification request originated from LEAs when the purpose of the WHOIS database is to facilitate contact about technical issues:
The fact that WHOIS data can be used for other beneficial purposes does not in itself legitimise the collection and processing of personal data for those other purposes.
The Working Party finds the proposed new requirement ... excessive and therefore unlawful.
Concerning data retention, the Working Party found the proposed specification to have very broad scope, suggesting it may well facilitate the collection of information like credit card data, Skype handles, and communication log files and registration data. They noted that the requirement did not stem from any legal requirement in Europe, but "is explicitly introduced by ICANN to accommodate wishes from law enforcement." As such,
The Working Party strongly objects to the introduction of data retention by means of contract issued by a private corporation in order to facilitate (public) law enforcement..."
You can read the Working Party's entire letter here<http://www.circleid.com/pdf/20120926-scan-ICANN-letter-revised-final.pdf>.
By Brenden Kuerbis<http://www.circleid.com/members/2009/>, Fellow in Internet Security Governance, Citizen Lab, Univ of Toronto. Kuerbis is also a contributor to the Internet Governance Project blog<http://internetgovernance.org/>.


Philip S. Corwin, Founding Principal
Virtualaw LLC
1155 F Street, NW
Suite 1050
Washington, DC 20004
202-559-8597/Direct
202-559-8750/Fax
202-255-6172/cell

Twitter: @VlawDC

"Luck is the residue of design" -- Branch Rickey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/bc-gnso/attachments/20130226/40909722/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 7006 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/bc-gnso/attachments/20130226/40909722/image001.jpg>

More information about the Bc-gnso mailing list