[Gnso-impl-thickwhois-rt] Task 4 of the Thick WHOIS Implementation Plan (Legal Review)

[Amr Elsadr]

Hi,

I’d like to revisit two of the topics discussed during the last IRT call; the legal review, and the level of detail of the current plan to address the different implementation tasks (but actually that specific to the legal review).

The third recommendation of the “thick” WHOIS PDP WG was:

"As part of the implementation process a legal review of law applicable to the transition of data from a thin to thick model that has not already been considered in the EWG memo is undertaken and due consideration is given to potential privacy issues that may arise from the discussions on the transition from thin to thick Whois, including, for example, guidance on how the long-standing contractual requirement that registrars give notice to, and obtain consent, from each registrant for uses of any personally identifiable data submitted by the registrant should apply to registrations involved in the transition. Should any privacy issues emerge from these transition discussions that were not anticipated by the WG and which would require additional policy consideration, the Implementation Review Team is expected to notify the GNSO Council of these so that appropriate action can be taken."

I’m curious considering the IRT’s proposed schedule to address the legal review between July and November of 2014. Is there a plan to address this recommendation, and if so, what are the details?

This was probably the most controversial topic of discussion during the WG’s deliberations, and unfortunately remained unresolved. The idea (if I recall correctly) was for the legal review to take action to mitigate any potential conflicts between the implementation of the “thick” WHOIS policy and legal jurisdictions with strict privacy and data protection laws. This, I believe, was true for both “data at rest” and “data at motion”. I personally felt it was even more relevant concerning “data at motion” since implementation of a “thick” WHOIS policy will require a great deal of registrant data being transferred across legal jurisdictions for both existing “thin” gTLD registries as well as all future gTLD registries in subsequent rounds of new gTLDs in the future.

Any insight on how this is being handled would be really appreciated at this point, especially from ICANN legal staff, who I assume have a significant role in implementing this recommendation.

Thanks.

Amr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-impl-thickwhois-rt/attachments/20140813/47f133aa/attachment-0001.html>