<div dir="ltr">Hello All,<div><br></div><div>This is, in attach, my summary of the Comment on the WHOIS Review Team Report by the SSAC. The main thing to note is the main unsolved problem is the purpose of the registration data, which is an issue covered by another subgroup. However, understanding the purpose is good to know who should access, why to access and how protection can be done.</div><div><br></div><div>I apologize in advance for the typos.. I am not English native speaker nor a full bilingual, but I've tried my best.</div><div><br></div><div>Can we have a list of the remaining to docs to summarize ?</div><div><br></div><br><div class="gmail_quote"><div dir="ltr">Le lun. 11 avr. 2016 à 02:04, Sana Ali via Gnso-rds-pdp-privacy <<a href="mailto:gnso-rds-pdp-privacy@icann.org">gnso-rds-pdp-privacy@icann.org</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div style="margin:0px;font-family:'Times New Roman'"><b>•<span style="white-space:pre-wrap"> </span>Privacy: What steps are needed to protect data and privacy?</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe </b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"> Existing conditions and safeguards provided for under domestic law and the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (Art. 23) must be respected. Such conditions and safeguards should at least include • prior judicial authorisation, • (subsequent) notification of individuals, • limits on use, • record-keeping requirements, • monitoring and auditing as well as • public reporting. In particular the cooperation of national authorities with operators of public and private networks should be based on solid, legal obligations rather than on voluntary agreement that are very difficult to control. </div><div style="margin:0px;font-family:'Times New Roman'">Existing powers for tracing crimes should not be extended in a way that invades privacy until the need for such measures has been clearly demonstrated. The Working Group has in the past stated that any Interception of Private Communications should be subject to appropriate safeguards</div><div style="margin:0px;font-family:'Times New Roman'">The introduction of new offences in the criminal law has to be handled extremely carefully, as a broad wording of such new offences as well as the penalisation of attempt and aiding and abetting such offences might lead to a considerable lowering of the privacy standard for all users of telecommunications networks by producing an enormous amount of personal identifiable data about Internet and telecommunications network usage, thus abolishing the right to anonymous use of such services.</div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Ten Commandments to protect Privacy in the Internet World Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"> Virtual Right to be Alone: Nobody must be forced to let his or her personal data be published in directories or other indices. Every user has to be given the right to object to his or her data being collected by a search engine or other agents. Every user has to be given the right and the technical means to prevent the intrusion of external software into his own devices.</div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'">The necessity to protect individuals has been recognised for more than twenty years in the existing national data protection regimes as well as in the international community (e.g. in the OECD guidelines on Privacy of 1980, the Council of Europe Convention No. 108, and, more recently, the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data). These regulations outline similar basic principles on the fair processing of personal information. Among these principles are the obligation to inform the data subjects about the processing of their personal data, the principle of limiting the collection and use of personal data to what is essential to the purpose specified and protection against unauthorised secondary uses. </div><div style="margin:0px;font-family:'Times New Roman'">At the same time, any secondary use incompatible with the original purpose specified (e.g. marketing) should be based on the data subject´s informed consent. In this respect the level of privacy guaranteed by the present RAA (cf. point II.F.6.f) is not sufficient. </div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'">The Working Group stresses that any registrar operating within the jurisdiction of existing data protection laws and any national domain name registration procedures are subject to the existing national data protection and privacy legislation and to the control by the existing national Data Protection and Privacy Commissioners. </div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Common Position relating to Reverse Directories</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'">It is in any case necessary to endow the persons with the right to be informed by their provider of telephone or e-mail service, at the time of the collection of data concerning them, or if they have already subscribed, by a specific means of information, of the existence of services of reverse search and - if express consent is not required - of their right to object, free of charge, to such a search.</div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b> Comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS data</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><p style="margin:0px;font-family:'Times New Roman';min-height:15px"><span style="white-space:pre-wrap"> </span><br></p><div style="margin:0px;font-family:'Times New Roman'"> The Working Party finds the proposed new requirement to annually re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.</div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div>
<div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div>Sana Ali</div><div><a href="mailto:sana.ali2030@gmail.com" target="_blank">sana.ali2030@gmail.com</a></div><div><a href="https://ca.linkedin.com/in/sanaali2030" target="_blank">https://ca.linkedin.com/in/sanaali2030</a></div><div><br></div><div><br></div></div><br><br>
</div>
<br></div>_______________________________________________<br>
Gnso-rds-pdp-privacy mailing list<br>
<a href="mailto:Gnso-rds-pdp-privacy@icann.org" target="_blank">Gnso-rds-pdp-privacy@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-privacy</a></blockquote></div></div><div dir="ltr">-- <br></div><div dir="ltr">Best regards,<div><br><div>@__f_f__</div></div></div>