[gnso-rds-pdp-data] Summaries of Relevant Sections from International Working Group on Data Protection in Telecommunications and Media Documents - Data

[Sana Ali]

•	Data Elements: What data should be collected, stored, and disclosed?

Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe 

In this respect the Working Group fully supports the findings of the European Data Protection Commissioners Conference that such retention of traffic data by Internet service providers would be an improper invasion of the fundamental rights guaranteed to individuals by the European Convention on Human Rights.This goes also for storing data revealing the use of the Internet by individuals. Existing powers for tracing crimes should not be extended in a way that invades privacy until the need for such measures has been clearly demonstrated. The Working Group has in the past stated that any Interception of Private Communications should be subject to appropriate safeguards


Ten Commandments to protect Privacy in the Internet World Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements

Data Austerity: Telecommunications infrastructure has to be designed in a way that as few personal data are used to run the networks and services as technically possible. 
Virtual Right to be Alone: Nobody must be forced to let his or her personal data be published in directories or other indices. Every user has to be given the right to object to his or her data being collected by a search engine or other agents. Every user has to be given the right and the technical means to prevent the intrusion of external software into his own devices. 

Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet

		•	The amount of data collected and made publicly available in the course of the registration of a domain name should be restricted to what is essential to fulfil the purpose specified. In this respect the Working Group has reservations against a mandatory publication of any data exceeding name (which might also be the name of a company and not of a natural person), address and e-mailaddress in cases where the domain name holder is not himself responsible for the technical maintenance of the domain but has this done through a service provider (as is the case with many private persons who have registered domain names). 
	•	Any technical mechanism to be introduced to access the data collected from the registrants must furthermore have safeguards to meet the principle of purpose limitation and avoidance of the possibility to unauthorised secondary use of the registrant's data. 

Common Position relating to Reverse Directories
			•	It is in any case necessary to endow the persons with the right to be informed by their provider of telephone or e-mail service, at the time of the collection of data concerning them, or if they have already subscribed, by a specific means of information, of the existence of services of reverse search and - if express consent is not required - of their right to object, free of charge, to such a search.
	
 Comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS data

	•	The Working Party recalls its previous contributions to the process of collecting and disclosing WHOIS data, as included in the Opinion 2/2003 on the application of the data protection principles to WHOIS directories4 as well as its letters of 22 June 2006 to the Board of Directors of ICANN5 and of 12 March 2007 to the Chairman of the Board of Directors of ICANN6 in which the relevant data protection principles have been outlined
	•	In assessing these proposals, ICANN should be aware that the purpose of collecting and publishing contact details in the WHOIS database is to facilitate contact about technical issues. The original purpose definition reads: “The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS name server."
	•	The Working Party strongly objects to the introduction of data retention by means of a contract issued by a private corporation in order to facilitate (public) law enforcement. If there is a pressing social need for specific collections of personal data to be available for law enforcement, and the proposed data retention is proportionate to the legitimate aim pursued, it is up to national governments to introduce legislation that meets the demands of article 8 of The European data retention directive 2006/24/EC imposes data retention obligations on providers of public electronic communication networks and services. Registrars are not such providers and are therefore not subjected to this European data retention obligation. the European Convention on Human Rights and article 17 of the International Covenant on Civil and Political rights.
	

Sana Ali
sana.ali2030 at gmail.com <mailto:sana.ali2030 at gmail.com>
https://ca.linkedin.com/in/sanaali2030 <https://ca.linkedin.com/in/sanaali2030>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-data/attachments/20160410/dc9a20f7/attachment.html>