<div dir="ltr">Dear all,<div><br></div><div>As I hadn't properly defined the summary I produced here a revised copy of my summary.</div><div><p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:14.65pt;background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif;color:#212121">After reviewing the documents in the section above the following can be
summarised as follows:</span></p>
<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:14.65pt;background-image:initial;background-position:initial;background-repeat:initial"><span style="color:rgb(33,33,33);font-family:Helvetica,sans-serif;font-size:10pt;line-height:14.65pt">There has been enough discussion on the if I can call it the maintenance
of how data should be kept in according to the laws of various countries as all
have different laws that more or less try to do the same thing in different
words and explanation. For e.g. </span></p><p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:14.65pt;background-image:initial;background-position:initial;background-repeat:initial"><span style="color:rgb(33,33,33);font-family:Helvetica,sans-serif;font-size:10pt;line-height:14.65pt">Opinion 5/2000 - The use of Public Directories for Reverse or Multi-criteria Searching Services</span></p><p class="MsoNormal" style="margin-bottom:0.0001pt;background-image:initial;background-position:initial;background-repeat:initial"></p><ol style="line-height:14.65pt"><li><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><span style="font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'"> </span></span><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)">Directive 95/46/EC
- the protection of individuals
with regard to the processing of the personal data, in
Article 6.1 b), which establishes that personal data must be
"collected for specified, explicit and legitimate purpose and
not further processed in a way incompatible with those purposes".</span><br></li><li><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><span style="font-size:10pt;line-height:107%">Note the purpose of conventional telephone directories is
the disclosure of subscriber's telephone number starting
from the knowledge of subscriber's name and that its use is limited
to that specific purposes.</span></span></li><li><span style="color:rgb(33,33,33);font-family:Helvetica,sans-serif;font-size:10pt;line-height:14.65pt">Must
establish the balance of interests, the interests and risks
to privacy at stake have to be identified and evaluated. Directive
97/66/EC gives helpful indications: as long as the minimum information
necessary to identify a subscriber is at stake, thus this
information can be included in conventional public directories unless
the subscriber objects. It must be considered that the interest of
the individual in being protected override the interests of controller or
third parties. Therefore such processing is only legitimate if the individual
has given his/her informed consent prior to any inclusion of his
/her personal data in public directories for reverse or
multi-criteria searches.</span><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><span style="font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'"> </span></span></li><li><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)">Specific and
informed consent of the subscriber must be obtained prior to the inclusion of
his personal data into all kinds of public directories which include all type
of communication devices used for reverse or multi-criteria searches. There
must be some given consent on how personal data can be used.</span></li><li><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"><span style="font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'"> </span></span><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)">As most conclusions
regard the directives of the EC previous WP
on the Protection of Individuals with regards to protection of data
takes the position that processing of said personal data in
reverse directories or multi-criteria searching services
without unambiguous and informed consent by subscriber is unfair
and unlawful. Thus fully implementing and accepting the EC proposal
for draft directive on processing personal data.</span></li></ol><div style="line-height:14.65pt"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:13.3333px">t Opinion 4/2001 - On the Council of Europe's Draft Convention on Cyber-Crime</span></font></div><div style="line-height:14.65pt"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:13.3333px"><br></span></font></div><div style="text-indent: -24px;"><ol style="line-height:14.65pt"><li><span style="font-size:13.3333px;color:rgb(33,33,33);font-family:Helvetica,sans-serif;line-height:14.65pt"> </span><span style="color:rgb(33,33,33);font-family:Helvetica,sans-serif;font-size:10pt;line-height:14.65pt">Article 15 of
draft Convention could create the impression that the protection of human
rights shall only be considered when it is "due" and shall on be
"adequate". It can be seen as limiting the safeguards and procedures
it would considerably low if not fully undermine the protection of
fundamental rights. </span></li><li><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33)"> Finally with
several EU countries implementing Directive 95/46/EC shows
that national laws requires personal data can be in </span><span style="line-height:14.65pt;font-size:10pt;font-family:Helvetica,sans-serif;color:rgb(33,33,33);background-image:initial;background-position:initial;background-repeat:initial">principle only be sent to non-EU countries if this
country does provide an </span><span style="line-height:14.65pt">adequate</span><span style="line-height:14.65pt"> level of protection of individuals with regard to the </span><span style="line-height:14.65pt">processing</span><span style="line-height:14.65pt"> of their personal
data. The level of protection in these countries must be checked. Otherwise if
no </span><span style="line-height:14.65pt">adequate</span><span style="line-height:14.65pt"> protection
on offer in third country then transfer f personal data may nevertheless
be necessary to fight against crime.</span></li></ol></div><p></p><p class="MsoNormal">Adopted 30/2002 - Working document on determining the international
application of EU data protection law to personal data processing on the
Internet by non-EU based web site</p><p class="MsoNormal"><span style="line-height:14.65pt">In all these cases, the application of EU data protection law means among other things
the following: </span></p><p class="MsoNormal"></p><ol><li><span style="line-height:14.65pt">With a view to making the collection of personal data fair and lawful, the controller
has to clearly define the purpose of the processing. </span></li><li><span style="line-height:14.65pt">The controller has also to ensure that the data are adequate, relevant and not excessive
in relation to the purpose for which they are collected.</span></li><li><span style="line-height:14.65pt">The collection must be based on a legitimate ground (unambiguous consent,
performance of a contract, compliance with a legal obligation, in pursuance of
legitimate interests of the controller etc.) and the individual has the right of access to
and the rectification or erasure of his personal data. </span></li><li><span style="line-height:14.65pt">The individual has at least to be informed about the identity of the controller and his
representative if any, the purpose of the collection, the recipients and about his rights
32
. </span></li><li><span style="line-height:14.65pt">Another important aspect is the security of the processing which may require the
controller, right from the collection on, to apply specific technical and organisational
measures in order to protect the data against accidental or unlawful destruction or
accidental loss, alteration, unauthorised disclosure or access, in particular where the
data are transmitted over a network. Such measures shall ensure a level of security
appropriate to the risks presented and the nature of the data. </span></li><li><span style="line-height:14.65pt">As regards sensitive data, specific provisions, dealing in particular with security
requirements, regulate their collection.</span><br></li><li><span style="line-height:14.65pt">The Article 29 Data Protection Working Party considers that the development of a
programme for the promotion of European data protection rules in a pragmatic way
would also help controllers in third countries to better understand, implement and
demonstrate privacy compliance. A European system of labels/web seals, open also
to non-EU web sites, could be the cornerstone of such action.</span><br></li></ol> 17 April 2014 - ICANN's public consultation on 2013 RAA Data Retention Specification
Data Elements and Legitimate Purposes for Collection and Retention<span style="line-height:19.5333px"><br></span><p></p><p class="MsoNormal"></p><ol><li>The Draft Specification should only require collection of personal data, which is genuinely
necessary for the performance of the contract between the Registrar and the Registrant (e.g.
billing) or for other compatible purposes such as fighting fraud related to domain name
registration. This data should be retained for no longer than is necessary for these purposes. It
would not be acceptable for the data to be retained for longer periods or for other, incompatible
purposes, such as law enforcement purposes or to enforce copyright. </li><li>Retention of personal data originally collected for commercial purposes, and subsequently
retained for law enforcement purposes, has been the subject of a recent landmark ruling by the
European Court of Justice, which held Directive 2006/24/EC to be invalid, as an unjustified
interference with those rights. The Court recognised that the retention of personal data might
be considered appropriate for the purposes of the detection, investigation and prosecution of
serious crime, but judged that the Directive 'exceeded the limits imposed by compliance with
the principle of proportionality'. It is reasonable to expect requirements for retaining personal
data to be subject to increasing scrutiny and legal challenges in the EU. And limit processing of
this data to compatible purposes, such as proportionate measures to fight fraud related to
domain name registration.</li></ol>Opinion 6/2014 - Opinion of the European Data Protection Supervisor
on the Commission Communication on Internet Policy and Governance - Europe`s role in
shaping the future of Internet Governance <p></p><p class="MsoNormal"></p><ol><li>Base the future development of Internet
Governance on the respect of fundamental rights. We welcome this principle, but we stress
the need to translate it into practical policy initiatives, which is not always sufficiently the case. </li><li>We emphasise that, in order to "sustain and develop the Internet as an essential part of life" and to create a "single, open, free, unfragmented network of networks" with a "safe, secure,
sound and resilient architecture", Internet Governance should be built starting from
commonly shared international rights and values. Consequently, privacy and data protection
principles need to gain more weight within Internet Governance fora<span style="line-height:1.5"> and mechanisms. </span></li><li>We note some positive developments at international level in recognising privacy and data
protection as essential values for the internet. At the Net Mundial, a general consensus was
reached on the need to protect privacy on the Internet, by pointing out that "The right to
privacy must be protected. This includes not being subject to arbitrary or unlawful
surveillance, collection, treatment and use of personal data. The right to the protection of the
law against such interference should be ensured". </li><li><span style="line-height:14.65pt">Th</span><span style="line-height:14.65pt">e Communication emphasizes that the Internet has become a key infrastructure with global
dimensions and that, as a consequence, greater international balance within the existing
structures would increase the probability of issuing legitimate outcomes.</span></li></ol><span style="line-height:19.5333px">Finally the other documents seem to repeat or rewrite similar points that will not make this summary any easier to further what can be used as a defined process of how data can be collated for use and kept in the way that provides the privacy required. </span><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:10pt;line-height:14.65pt">This shows that the EU or EC directive on the protection of personal
data has been the benchmark and implemented to used to protect personal data and privacy. No specific
mention of length of time to hold such data although I think 6 weeks has been
mentioned in one document I think. Also the last couple of summarised documents are </span><span style="font-size:13.3333px;line-height:19.5333px">definitely</span><span style="font-size:10pt;line-height:14.65pt"> more on the privacy relation of personal data but think there may show some </span><span style="font-size:13.3333px;line-height:19.5333px">relevance</span><span style="font-size:10pt;line-height:14.65pt"> towards the items we collect that can reference how data can be seen. </span></font><p></p><p class="MsoNormal"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:10pt;line-height:14.65pt">Hope I defined it better this time</span></font></p><p class="MsoNormal"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:10pt;line-height:14.65pt"><br></span></font></p><p class="MsoNormal"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:10pt;line-height:14.65pt">Regards</span></font></p><p class="MsoNormal"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:10pt;line-height:14.65pt"><br></span></font></p><p class="MsoNormal"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:10pt;line-height:14.65pt">R. Padilla MSc.</span></font></p><p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:14.65pt;background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif;color:#212121"></span></p><p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:14.65pt;background-image:initial;background-position:initial;background-repeat:initial"></p><div style="text-indent: -24px;"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:13.3333px"><br></span></font></div><div style="text-indent: -24px;"><font color="#212121" face="Helvetica, sans-serif"><span style="font-size:13.3333px"><br></span></font></div><p></p></div></div><div dir="ltr">-- <br></div><div dir="ltr">Richard Padilla MSc</div>