[gnso-rds-pdp-purpose] Additional summary re: collecting and publishing data for legal purposes: Privacy and Proxy PDP

Fri Apr 8 15:09:24 UTC 2016

Dear group:

Below is a summary of a recently completed PDP.  It is expected that the ICANN Board will approve it this year, making it a new Consensus Policy.  It has to do with proxy and privacy services and the related collection and publication of contact information.  It is therefore very relevant to our future discussions.

Please add the below to our document summaries.

All best,
--Greg

**********************

Privacy & Proxy Services Accreditation Issues Policy Development, and Consensus Policy

On 21 January 2016 the GNSO Council voted unanimously to approve all the recommendations contained in the Final Report from the GNSO Working Group that had been chartered to conduct a Policy Development Process (PDP) on privacy and proxy services accreditation issues.  This Recommendations Report has been sent to the ICANN Board for its review, which the GNSO Council recommended be adopted by the Board.  When approved by the Board the recommendations will become ICANN Consensus Policy.

The forthcoming policy covers various items including the collection of customer contact data and its publication in WHOIS, requirements for the rights and responsibilities of privacy and proxy service customers, and an accreditation program for privacy and proxy service providers.  Among other things, the recommendations:
* Affirm that privacy and proxy services should be available to all registrants, whether commercial or noncommercial, individual or corporate.
* Domain contact data must be validated and verified in a manner consistent with the requirements of the 2013 RAA.
* Privacy and proxy service providers must publish their policies and procedures for when they will publish or disclose their customers’ contact information (including in WHOIS), outside of the circumstances where it is required by applicable law; and
* Establish that privacy and proxy service providers should not create impediments to transfers, renewals, or restorations of domain names and should prevent publication of customer contact information during these processes.
References:
* Final Report on the Privacy & Proxy Services Accreditation Issues Policy Development Process:
http://gnso.icann.org/en/issues/raa/ppsai-final-07dec15-en.pdf
* GNSO Council Recommendations Report to the Board regarding Adoption of the Final Recommendations from the Policy Development
Process Working Group on Privacy and Proxy Services Accreditation Issues:
http://gnso.icann.org/en/drafts/council-board-ppsai-recommendations-09feb16-en.pdf

BACKGROUND: The final recommendations include the following language:

I. DEFINITIONS
...
* "Privacy Service" means a service by which a Registered Name is registered to its beneficial user as the Registered Name Holder, but for which alternative, reliable contact information is provided by the privacy or proxy service provider for display of the Registered Name Holder's contact information in the Registration Data Service (WHOIS) or equivalent services.
* "Proxy Service" is a service through which a Registered Name Holder licenses use of a Registered Name to the privacy or proxy customer in order to provide the privacy or proxy customer use of the domain name, and the Registered Name Holder's contact information is displayed in the Registration Data Service (WHOIS) or equivalent services rather than the customer's contact information....
* “Publication” means the reveal of a person’s (i.e. the licensee or beneficial owner of a registered domain name) identity/contact details in the WHOIS system.
* “Disclosure” means the reveal of a person’s (i.e. the licensee or beneficial owner of a registered domain name) identity/contact details to a third party Requester without Publication in the WHOIS system.
* The term “person” as used in these definitions is understood to include natural and legal persons, as well as organizations and entities.

II. NO DISTINCTION IN TREATMENT; WHOIS LABELING REQUIREMENTS; VALIDATION &
VERIFICATION OF CUSTOMER DATA:
....
II.3: The status of a registrant as a commercial organization, non-commercial organization, or individual should not be the driving factor in whether P/P services are available to the registrant. Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals. Further, P/P registrations should not be limited to private individuals who use their domains for non-commercial purposes....
5. P/P customer data is to be validated and verified in a manner consistent with the requirements outlined in the WHOIS Accuracy Program Specification of the 2013 RAA (as may be updated from time to time)....
MANDATORY PROVISIONS TO BE INCLUDED IN PROVIDER TERMS OF SERVICE & MINIMUM REQUIREMENTS TO BE COMMUNICATED TO CUSTOMERS:
6. All rights, responsibilities and obligations of registrants and P/P service customers as well as those of accredited P/P service providers need to be clearly communicated in the P/P service registration agreement, including a provider’s obligations in managing those rights and responsibilities and any specific requirements applying to transfers and renewals of a domain name. In particular, all accredited P/P service providers must disclose to their customers the conditions under which the service may be terminated in the event of a transfer of the domain name, and how requests for transfers of a domain name are handled.
7. All accredited P/P service providers must include on their websites, and in all Publication and Disclosure-related policies and documents, a link to either a request form containing a set of specific, minimum, mandatory criteria, or an equivalent list of such criteria, that the provider requires in order to determine whether or not to comply with third party requests, such as for the Disclosure or Publication of customer identity or contact details.
8. All accredited P/P service providers must publish their terms of service, including pricing (e.g. on their websites). In addition to other mandatory provisions recommended by the WG, the terms should at a minimum include the following elements in relation to Disclosure and Publication:
*  Clarification of when those terms refer to Publication requests (and their consequences) and when they refer to Disclosure requests (and their consequences). The WG further recommends that accredited providers expressly include a provision in their terms of service explaining the meaning and consequences of Publication.
* The specific grounds upon which a customer’s details may be Disclosed or Published or service suspended or terminated, including Publication in the event of a customer’s initiation of a transfer of the underlying domain name In making this recommendation, the WG noted the changes to be introduced to the Inter Registrar Transfer Policy (“IRTP”) in
2016, where following a Change of Registrant17 a registrar is required to impose a 60-day inter-registrar transfer lock.
*  Clarification as to whether or not a customer: (1) will be notified when a provider receives a Publication or Disclosure request from a third party; and (2) may opt to cancel its domain
registration prior to and in lieu of Publication or Disclosure. However, accredited P/P service providers that offer this option should nevertheless expressly prohibit cancellation of a domain name that is the subject of a UDRP proceeding....

DISCLOSURE OR PUBLICATION OF A CUSTOMER’S IDENTITY OR CONTACT DETAILS:
18. Regarding Disclosure and Publication, the WG agreed that none of its recommendations should be read as being intended to alter (or mandate the alteration of) the prevailing practice among P/P service providers to review requests manually or to facilitate direct resolution of an issue between a Requester and a P/P service customer. It also notes that disclosure of at least some contact details of the customer may in some cases be required in order to facilitate such direct  resolution. In relation to Publication that is subsequently discovered to be unwarranted, the WG believes that contractual agreements between providers and their customers and relevant applicable laws will govern, and are likely to provide sufficient remedies in such instances.
19. The WG has developed an illustrative Disclosure Framework to apply to Disclosure requests made to P/P service providers by intellectual property (i.e. trademark and copyright) owners. The proposal includes requirements concerning the nature and type of information to be provided by a Requester, non-exhaustive grounds for refusal of a request, and the possibility of neutral dispute resolution/appeal in the event of a dispute. The WG recommends that a review of this Disclosure Framework be conducted at an appropriate time after the launch of the program and periodically thereafter, to determine if the implemented recommendations meet the policy objectives for which they were developed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160408/a63d146a/attachment-0001.html>