[gnso-rds-pdp-purpose] Summaries from Relevant Sections of International Working Group on Data Protection in Telecommunications and Media Documents - Purpose

Greg Aaron gca at icginc.com
Mon Apr 11 17:30:14 UTC 2016 

Dear Sana and Stephanie:

Regarding the below and the various “International Working Group on Data Protection in Telecommunications and Media Documents” listed in the purpose group inputs checklist…especially RE: "Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe" and the "Ten Commandments" documents:

Those documents are about the interception of Internet traffic, which is a very different topic than  WHOIS or domain registration.  The summaries below do not make that entirely clear.  The documents were also written sixteen years ago, and have probably been superceded by more relevant documents.  Given all this, I question the relevance of these documents to our work.

There are five "Common Positions" documents listed on the Purpose group's checklist.  These are more relevant to domain name registration data, but they were written in 2000.  We need to know if and where those documents have been superceded (or not).

While historical reference is nice, I think the WG needs to develop a clear idea of what the _current_ state of privacy law is.

All best,
--Greg


From: gnso-rds-pdp-purpose-bounces at icann.org [mailto:gnso-rds-pdp-purpose-bounces at icann.org] On Behalf Of Sana Ali via gnso-rds-pdp-purpose
Sent: Sunday, April 10, 2016 9:17 PM
To: gnso-rds-pdp-purpose at icann.org
Subject: [gnso-rds-pdp-purpose] Summaries from Relevant Sections of International Working Group on Data Protection in Telecommunications and Media Documents - Purpose

Users/Purposes: Who should have access to gTLD registration data and why (for what purposes)?


Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe

In this respect the Working Group supports the findings of the European Data Protection Commissioners Conference that such retention of traffic data by Internet service providers would be an  improper invasion of the fundamental rights guaranteed to individuals by the European Convention on Human Rights.This goes also for storing data revealing the use of the Internet by  individuals. Existing powers for tracing crimes should not be extended in a way that invades privacy until the need for such measures has been clearly demonstrated. The Working Group has  in the past stated that any Interception of Private Communications should be subject to appropriate safeguards. Existing conditions and safeguards  provided for under domestic law and the Convention on Mutual Assistance in Criminal Matters between the Member States of the  European Union (Art. 23) must be respected. Such conditions and safeguards should at least include • prior judicial authorisation, •
(subsequent) notification of individuals, • limits on use, • record-keeping requirements, • monitoring and auditing as well as • public reporting.  In particular the cooperation of national authorities with operators of public and private networks should be based on solid, legal obligations rather than on voluntary agreement that are very difficult to control.



Ten Commandments to protect Privacy in the Internet World Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements

Informational Separation of Powers: Network and Service Providers must not intercept or interfere with any contents except where explicit law requires it. Insofar as Network or Service Providers provide contents themselves, responsibilities for the respective functions have to be separated.
            •           Virtual Right to be Alone: Nobody must be forced to let his or her personal data be published in directories or other indices. Every user has to be given the right to object to his or her data being collected by a search engine or other agents. Every user has to be given the right and the technical means to prevent the intrusion of external software into his own devices.
            •           Restriction on Secondary Use: Traffic data must not be used for other purposes than those which are necessary to run the networks or services without explicit consent of the user.


Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet




  *               these databases were originally intended to facilitate the technical maintenance of the network (e.g. to contact the person running a domain which produced errors hindering the functioning of the net)
            •  Any technical mechanism to be introduced to access the data collected from the registrants must furthermore have safeguards to meet the principle of purpose limitation and avoidance of the possibility to unauthorised secondary use of the registrant's data.




Common Position relating to Reverse Directories

            •           It is in any case necessary to endow the persons with the right to be informed by their provider of telephone or e-mail service, at the time of the collection of data concerning them, or if they have already subscribed, by a specific means of information, of the existence of services of reverse search and - if express consent is not required - of their right to object, free of charge, to such a search.




 Comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS data


            •           In assessing these proposals, ICANN should be aware that the purpose of collecting and publishing contact details in the WHOIS database is to facilitate contact about technical issues. The original purpose definition reads: “The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS name server."
            •           The Working Party finds the proposed new requirement to annually re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.




Sana Ali
sana.ali2030 at gmail.com<mailto:sana.ali2030 at gmail.com>
https://ca.linkedin.com/in/sanaali2030




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160411/957f8046/attachment-0001.html>

More information about the gnso-rds-pdp-purpose mailing list