[Gnso-rds-pdp-privacy] Global Data Protections Laws - a rapidly growing number

Farell Folly farellfolly at gmail.com
Sun Apr 3 11:57:11 UTC 2016 

Hello All,



   1. Dear kathy, Thank you very much for this information. I was about to
   suggest we proceed to a benchmark study for data protection and privacy in
   all countries, or we submit our later report to a larger community (UN or
   any organization with a high number of member states compare to the Council
   of Europe(an) -Union). It is a very good point to have such a list of
   countries with or without data privacy laws.
   2. However, we don't have the content of all those laws (to know other
   countries'requirements also) and time won't permit us to doing so.
   Therefore, I suggest we base our job on the principles which are accepted
   by a highest number of countries, or collected let's say an organization
   with the highest number of member states in the world that ratified such
   laws.
   3. The  Opinion 06/2014 on the notion of legitimate interests of the
   data controller under Article 7 of Directive 95/46/EC, adopted on April
   2014 ("ARTICLE 29 DATA PROTECTION WORKING PARTY"), is in my opinion a very
   good document, but it is based on European principles under 95/46/EC. The
   good news is many African countries (include mine) adopted most of legal
   principles of Europe but not all them, nor the countries outside Europe and
   Africa. So we really need to check whether the six grounds stated in this
   document apply everywhere or whether there is an incompatibility with those
   six grounds with another principle in any country outside Europe.
   4. Most of the grounds are related to the user consent while  one
   explicitly recommends to make some balance tests : necessity against data
   subject freedom or right to protection against freedom of expression.
   5. *All the documents provided by most of us are mostly dealing with
   "what information can be accessed and why", but according to EWG final
   report data privacy/protection should also address mechanisms (systems,
   equipements, procedures) to implement to ensure. That is the HOW (to access
   and to ensure that information is accessed in the right manner)*.









My suggestion : is let's brainstorm (may be too late) about

   - what information is required for a domain name management  :
   efficiency, traceability, openness ?
   - what information really needs to be public : in my opinion, if
   somebody does not hold a domain name, I don't know why it should access
   somebody else's domain name information by only using WHOIS (unless the
   intended recipient explictly wishes it so). If a lawyer, for any legal
   purpose, wants to access a registrant's WHOIS information, I am pretty sure
   that there is legal reason and in this case the associated
   registrar/registry has the information to provide; so the lawyer does need
   a WHOIS request to access all the registrant's info. Necessity must always
   be proved before somebody uses WHOIS to access such an information. And
   when a registrant A is allowed to access registrant B's information, the
   reverse should be true.

WHOIS informations should have some mandatory information and optional
depending on local regulation.
Users can choose which information can be made public and the conditions
associated with. Some policies might apply to registrars to not make those
information public, but available, however, for efficiency, traceability
and any other legal reason.

Le sam. 2 avr. 2016 à 23:54, Kathy Kleiman via Gnso-rds-pdp-privacy <
gnso-rds-pdp-privacy at icann.org> a écrit :

> David and All,
> I appreciate this Privacy sub-group mission of seeking additional
> information about privacy and data protection frameworks and laws that
> impact our work in this WG. The world has changed significantly since the
> founding of ICANN, particularly re: privacy and data protection laws.
> Currently, 109 countries have data protection laws – more than half the
> world – and the number is growing rapidly.
>
> I.
> *Global Data Protection Laws *
>
> These countries exist in ICANN's key regions, with countries in Africa,
> Asia & the Pacific, Europe, Latin America and North America. I can't
> imagine any registrar who is not touched by these laws or representing
> registrants in these regions. Per the mandate of this sub-group, we are
> asked to lay out information about these data protection laws and
> frameworks and to that end, I attach:
>
>    1.
>
>    “Global Tables of Data Privacy Laws and Bills (4th Ed, January 2015)”
>    with 109 countries; and
>    2.
>
>    “Global data privacy laws 2015,” an article by Professor Greenleaf,
>    which lays out the clear and rapid path of privacy law adoption. He writes
>    in the opening to this article:
>
>    “This is the fourth in a series of articles which has documented the
>    increasing number of countries with data privacy laws, initially assessed
>    in mid-2011 to an (unexpected high) 76, expanding through new laws and
>    further research to 89 by early 2012, and then by mid-2013 to 99. The
>    number of countries which have now enacted data privacy laws has risen to
>    109 over the past eighteen months.” (attached)
>
> *II. Council of Europe*
>
> Further, the Council of Europe's Treaty 108 on Data Protection is signed
> by 47 countries with 3 more in the process of signing. All are listed in
> this attachment and I would like to request that this treaty and its
> signatories become an official part of our sub-group record:
>
>
> <http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=o943zouk>
> http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/108/signatures?p_auth=o943zouk
>
> III. *European Union*
>
> Finally, the European Data Protection Directive, 1995, is a key document
> for the 28 countries of the European Union and a foundation document for
> the dozens of data protection laws that followed around the world. The 28
> members of the EU are: Austria, Belgium, Bulgaria, Croatia, Republic of
> Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece,
> Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands,
> Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK. I
> would ask that the Directive be included in our materials,
> <http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012>
> http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV%3Al14012.
>
> Tx again for this important collection of documents.
>
> Best,
> Kathy
> _______________________________________________
> Gnso-rds-pdp-privacy mailing list
> Gnso-rds-pdp-privacy at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy

-- 
Best regards,

@__f_f__
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160403/f0cd3f1a/attachment.html>

More information about the Gnso-rds-pdp-privacy mailing list