<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Sana,</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default"><font face="verdana, sans-serif">What is the final document you have summarized (which you entitled "</font><span style="font-size:12.8px"><font face="verdana, sans-serif">Comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS data") I don't see this on our Wiki or on the the website showing all of this group's papers. Thank you.</font></span></div><div class="gmail_default"><span style="font-size:12.8px"><font face="verdana, sans-serif"><br></font></span></div><div class="gmail_default"><span style="font-size:12.8px"><font face="verdana, sans-serif">Greg </font></span></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font size="3" face="Times New Roman"><span style="font-size:12pt;font-family:'Times New Roman',serif"> <u></u></span></font></p><div style="font-size:12.8px"><table border="0" cellspacing="0" cellpadding="0" width="800" style="width:600pt"><tbody><tr><td width="8" style="width:6pt;padding:0in"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><font size="3" face="Times New Roman"><span style="font-size:12pt;font-family:'Times New Roman',serif"> <u></u><u></u></span></font></p></td><td style="padding:0in"><p style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br></p></td></tr></tbody></table></div></div></div></div></div></div>
<br><div class="gmail_quote">On Sun, Apr 10, 2016 at 9:16 PM, Sana Ali via gnso-rds-pdp-purpose <span dir="ltr"><<a href="mailto:gnso-rds-pdp-purpose@icann.org" target="_blank">gnso-rds-pdp-purpose@icann.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><div style="margin:0px;font-family:'Times New Roman'"><b>Users/Purposes: Who should have access to gTLD registration data and why (for what purposes)?</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe </b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'">In this respect the Working Group supports the findings of the European Data Protection Commissioners Conference that such retention of traffic data by Internet service providers would be an improper invasion of the fundamental rights guaranteed to individuals by the European Convention on Human Rights.This goes also for storing data revealing the use of the Internet by individuals. Existing powers for tracing crimes should not be extended in a way that invades privacy until the need for such measures has been clearly demonstrated. The Working Group has in the past stated that any Interception of Private Communications should be subject to appropriate safeguards. Existing conditions and safeguards provided for under domestic law and the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (Art. 23) must be respected. Such conditions and safeguards should at least include • prior judicial authorisation, • </div><div style="margin:0px;font-family:'Times New Roman'">(subsequent) notification of individuals, • limits on use, • record-keeping requirements, • monitoring and auditing as well as • public reporting. In particular the cooperation of national authorities with operators of public and private networks should be based on solid, legal obligations rather than on voluntary agreement that are very difficult to control. </div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Ten Commandments to protect Privacy in the Internet World Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'">Informational Separation of Powers: Network and Service Providers must not intercept or interfere with any contents except where explicit law requires it. Insofar as Network or Service Providers provide contents themselves, responsibilities for the respective functions have to be separated. </div><div style="margin:0px;font-family:'Times New Roman'"><span style="white-space:pre-wrap"> </span>•<span style="white-space:pre-wrap"> </span>Virtual Right to be Alone: Nobody must be forced to let his or her personal data be published in directories or other indices. Every user has to be given the right to object to his or her data being collected by a search engine or other agents. Every user has to be given the right and the technical means to prevent the intrusion of external software into his own devices. </div><div style="margin:0px;font-family:'Times New Roman'"><span style="white-space:pre-wrap"> </span>•<span style="white-space:pre-wrap"> </span>Restriction on Secondary Use: Traffic data must not be used for other purposes than those which are necessary to run the networks or services without explicit consent of the user. </div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><b></b><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div>
<ul>
<li style="margin:0px;font-family:'Times New Roman'"><span style="font-family:Helvetica"></span><span style="white-space:pre-wrap"> </span>these databases were originally intended to facilitate the technical maintenance of the network (e.g. to contact the person running a domain which produced errors hindering the functioning of the net)</li>
</ul><div style="margin:0px;font-family:'Times New Roman'"><span style="white-space:pre-wrap"> </span>• Any technical mechanism to be introduced to access the data collected from the registrants must furthermore have safeguards to meet the principle of purpose limitation and avoidance of the possibility to unauthorised secondary use of the registrant's data. </div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b>Common Position relating to Reverse Directories</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><span style="white-space:pre-wrap"> </span>•<span style="white-space:pre-wrap"> </span>It is in any case necessary to endow the persons with the right to be informed by their provider of telephone or e-mail service, at the time of the collection of data concerning them, or if they have already subscribed, by a specific means of information, of the existence of services of reverse search and - if express consent is not required - of their right to object, free of charge, to such a search.</div><p style="margin:0px;font-family:'Times New Roman';min-height:15px"><span style="white-space:pre-wrap"> </span><br></p><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><b> Comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS data</b></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman'"><span style="white-space:pre-wrap"> </span>•<span style="white-space:pre-wrap"> </span>In assessing these proposals, ICANN should be aware that the purpose of collecting and publishing contact details in the WHOIS database is to facilitate contact about technical issues. The original purpose definition reads: “The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS name server."</div><div style="margin:0px;font-family:'Times New Roman'"><span style="white-space:pre-wrap"> </span>•<span style="white-space:pre-wrap"> </span>The Working Party finds the proposed new requirement to annually re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefore unlawful. Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data. </div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><div style="margin:0px;font-family:'Times New Roman';min-height:15px"><br></div><p style="margin:0px;font-family:'Times New Roman';min-height:15px"><span style="white-space:pre-wrap"> </span><br></p></div><div><br><div>
<div style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word"><div>Sana Ali</div><div><a href="mailto:sana.ali2030@gmail.com" target="_blank">sana.ali2030@gmail.com</a></div><div><a href="https://ca.linkedin.com/in/sanaali2030" target="_blank">https://ca.linkedin.com/in/sanaali2030</a></div><div><br></div><div><br></div></div><br><br>
</div>
<br></div></div><br>_______________________________________________<br>
gnso-rds-pdp-purpose mailing list<br>
<a href="mailto:gnso-rds-pdp-purpose@icann.org">gnso-rds-pdp-purpose@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose</a><br></blockquote></div><br></div></div>