<html>
<body>
Hi Greg, that is in reference to:<br><br>
Article 29 WP comments on the data protection impact of the revision of
the ICANN RAA concerning accuracy and data retention of WHOIS (2012)<br>
-
<a href="https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf">
https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf</a>
<br>
-
<a href="https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en" eudora="autourl">
https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en</a>
<br><br>
This correspondence is being summarized by Kirin for the purpose team.
Sana summarized it for other teams and inadverdently included in her
email.<br><br>
Thanks<br>
Lisa<br><br>
At 12:26 PM 4/11/2016, Greg Shatan via gnso-rds-pdp-purpose wrote:<br>
<blockquote type=cite class=cite cite="">Sana,<br><br>
<font face="verdana">What is the final document you have summarized
(which you entitled "Comments on the data protection impact of the
revision of the ICANN RAA concerning accuracy and data retention of WHOIS
data") I don't see this on our Wiki or on the the website showing
all of this group's papers. Thank you.<br><br>
Greg <br>
</font><br>
<font face="Times New Roman, Times">Â <br>
</font><br>
<font face="Times New Roman, Times">Â <br>
</font><br><br>
<br>
On Sun, Apr 10, 2016 at 9:16 PM, Sana Ali via gnso-rds-pdp-purpose
<<a href="mailto:gnso-rds-pdp-purpose@icann.org">
gnso-rds-pdp-purpose@icann.org</a>> wrote:<br>
<dl>
<dd>Users/Purposes:Â Who should have access to gTLD registration data and
why (for what purposes)?<br>
</b><br><br>
<dd>Common Position on data protection aspects in the Draft Convention on
cyber-crime of the Council of Europe <br>
</b><br>
<dd>In this respect the Working Group supports the findings of the
European Data Protection Commissioners Conference that such retention of
traffic data by Internet service providers would be an improper
invasion of the fundamental rights guaranteed to individuals by the
European Convention on Human Rights.This goes also for storing data
revealing the use of the Internet by individuals. Existing powers
for tracing crimes should not be extended in a way that invades privacy
until the need for such measures has been clearly demonstrated. The
Working Group has in the past stated that any Interception of
Private Communications should be subject to appropriate safeguards.
Existing conditions and safeguards provided for under domestic law
and the Convention on Mutual Assistance in Criminal Matters between the
Member States of the European Union (Art. 23) must be respected.
Such conditions and safeguards should at least include • prior judicial
authorisation, •â€˘Â <br>
<dd>(subsequent) notification of individuals, • limits on use,  ˘
record-keeping requirements, • monitoring and auditing as well as •
public reporting. In particular the cooperation of natioonal
authorities with operators of public and private networks should be based
on solid, legal obligations rather than on voluntary agreement that are
very difficult to control. <br><br>
<br><br>
<dd>Ten Commandments to protect Privacy in the Internet World Common
Position on Incorporation of telecommunications-specific principles in
multilateral privacy agreements<br>
</b><br>
<dd>Informational Separation of Powers: Network and Service Providers
must not intercept or interfere with any contents except where explicit
law requires it. Insofar as Network or Service Providers provide contents
themselves, responsibilities for the respective functions have to be
separated. <br>
<dd>•Virtual Right to be Alone: Nobody must be forced to let his or her
personal data be published in directories or other indices. Every user
has to be given the right to object to his or her data being collected by
a search engine or other agents. Every user has to be given the right and
the technical means to prevent the intrusion of external software into
his own devices. <br>
<dd>•Resttriction on Secondary Use: Traffic data must not be used for
other purposes than those which are necessary to run the networks or
services without explicit consent of the user. <br><br>
<br>
<dd>Common Position on Privacy and Data Protection aspects of the
Registration of Domain Names on the Internet<br>
</b><br><br>
<dd>these databases were originally intended to facilitate the technical
maintenance of the network (e.g. to contact the person running a domain
which produced errors hindering the functioning of the net)
<dd>•Â Any technical mechannism to be introduced to access the data
collected from the registrants must furthermore have safeguards to meet
the principle of purpose limitation and avoidance of the possibility to
unauthorised secondary use of the registrant's data. <br><br>
<br><br>
<br>
<dd>Common Position relating to Reverse Directories<br>
</b><br>
<dd>•It is in any case necessary to endow the persons with the right to
be informed by their provider of telephone or e-mail service, at the time
of the collection of data concerning them, or if they have already
subscribed, by a specific means of information, of the existence of
services of reverse search and - if express consent is not required - of
their right to object, free of charge, to such a search.<br><br>
<br><br>
<br><br>
<dd>Â Comments on the data protection impact of the revision of the ICANN
RAA concerning accuracy and data retention of WHOIS data<br>
</b><br><br>
<dd>•In assessing these proposals, ICANN should be aware that the purpose
of collecting and publishing contact details in the WHOIS database is to
facilitate contact about technical issues. The original purpose
definition reads: “The purpose of the gTLD Whois service is to provide
information sufficient to contact a responsible party for a particular
gTLD domain name who can resolve, or reliably pass on data to a party who
can resolve, issues related to the configuration of the records
associated with the domain name within a DNS name server."<br>
<dd>•The Working Party finds the proposed new requirement to annually
re-verify both the telephone number and the e-mail address and publish
these contact details in the publicly accessible WHOIS database excessive
and therefore unlawful. Because ICANN is not addressing the root of the
problem, the proposed solution is a disproportionate infringement of the
right to protection of personal data. <br><br>
<br><br>
<br>
<dd>Sana Ali<br>
<dd><a href="mailto:sana.ali2030@gmail.com">sana.ali2030@gmail.com</a><br>
<dd><a href="https://ca.linkedin.com/in/sanaali2030" eudora="autourl">
https://ca.linkedin.com/in/sanaali2030</a><br><br>
<br><br>
<br><br>
<br>
<dd>_______________________________________________<br>
<dd>gnso-rds-pdp-purpose mailing list<br>
<dd><a href="mailto:gnso-rds-pdp-purpose@icann.org">
gnso-rds-pdp-purpose@icann.org</a><br>
<dd>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose</a><br><br>
</dl><br>
_______________________________________________<br>
gnso-rds-pdp-purpose mailing list<br>
gnso-rds-pdp-purpose@icann.org<br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose" eudora="autourl">
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose</a>
</blockquote></body>
</html>