[gnso-rds-pdp-wg] Possible requirements form EDPS on ICANN’s public consultation on 2013 RAA Data Retention Specification Data Elements and Legitimate Purposes for Collection and Retention (17 April 2014).

[Beth Allegretti]

Hi All:

Below is my summary of requirements from the below document:

EDPS on ICANN’s public consultation on 2013 RAA Data Retention Specification Data Elements and Legitimate Purposes for Collection and Retention (17 April 2014).
https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Comments/2014/14-04-17_EDPS_letter_to_ICANN_EN.pdf


According to the European Data Protection Supervisor, the 2013 RAA and the Draft Specification do not comply with European data protection law.  He states that personal data should only be collected to perform the contract between Registrar and Registrant, and that it should be retained no longer than is necessary for these purposes.

Users/Purposes: Who should have access to gTLD registration data and why?

1. “The Draft Specification should only require collection of personal data, which is genuinely necessary for the performance of the contract between the Registrar and the Registrant (e.g. billing) or for other compatible purposes such as fighting fraud related to domain name registration.”

2. “This data should be retained for no longer than is necessary for these purposes. It would not be acceptable for the data to be retained for longer periods or for other, incompatible purposes, such as law enforcement purposes or to enforce copyright.”

Thanks.

Beth

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160609/24b9a78a/attachment.html>