[IAG-WHOIS conflicts] Discussion paper for 1 April 2015 meeting

Raymond HO arbitrator at raymondho.com
Wed May 6 01:50:38 UTC 2015 

Thanks, Steven.



I respectfully invite you to consider the goals for the procedure as highlighted in resolution 20051128-05 below:

“20051128-05

  The GNSO votes in favour of the following consensus policy recommendation from the WHOIS task force CONSENSUS POLICY RECOMMENDATION

  In order to facilitate reconciliation of any conflicts between local/national mandatory privacy laws or regulations and applicable provisions of the ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service, ICANN should:

    Develop and publicly document a procedure for dealing with the situation in which a registrar or registry can credibly demonstrate that it is legally prevented by local/national privacy laws or regulations from fully complying with applicable provisions of its ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service.

  Create goals for the procedure which include:

    Ensuring that ICANN staff is informed of a conflict at the earliest appropriate juncture;

    Resolving the conflict, if possible, in a manner conducive to ICANN's Mission, applicable Core Values and the stability and uniformity of the Whois system;

    Providing a mechanism for the recognition, if appropriate, in circumstances where the conflict cannot be otherwise resolved, of an exception to contractual obligations to those registries/registrars to which the specific conflict applies with regard to collection, display and distribution of personally identifiable data via the gTLD WHOIS service; and

    Preserving sufficient flexibility for ICANN staff to respond to particular factual situations as they arise.

  As regards the applicable contractual provisions regarding the collection, display and distribution of personal data via the gTLD WHOIS service, I think it might be helpful to review the standard Registry Agreement https://www.icann.org/resources/pages/registries/registries-agreements-en, in particular, clause 2.18 and Specification 4 reproduced below:



  2.18            Personal Data.  Registry Operator shall (i) notify each ICANN-accredited registrar that is a party to the registry-registrar agreement for the TLD of the purposes for which data about any identified or identifiable natural person (“Personal Data”) submitted to Registry Operator by such registrar is collected and used under this Agreement or otherwise and the intended recipients (or categories of recipients) of such Personal Data, and (ii) require such registrar to obtain the consent of each registrant in the TLD for such collection and use of Personal Data.  Registry Operator shall take reasonable steps to protect Personal Data collected from such registrar from loss, misuse, unauthorized disclosure, alteration or destruction.  Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars. 

  SPECIFICATION 4

  REGISTRATION DATA PUBLICATION SERVICES

  1.               Registration Data Directory Services.  Until ICANN requires a different protocol, Registry Operator will operate a WHOIS service available via port 43 in accordance with RFC 3912, and a web-based Directory Service at <whois.nic.TLD> providing free public query-based access to at least the following elements in the following format.  ICANN reserves the right to specify alternative formats and protocols, and upon such specification, the Registry Operator will implement such alternative specification as soon as reasonably practicable.



  Regards,

  Raymond




  From: Metalitz, Steven 

Sent: Wednesday, May 06, 2015 8:08 AM
To: 'Jamie Hedlund' ; whois-iag-volunteers at icann.org 
Subject: Re: [IAG-WHOIS conflicts] Discussion paper for 1 April 2015 meeting

Jamie and IAG-WHOIS colleagues, 

 

In response to Jamie’s paper, and the limited discussion we were able to have about it on last month’s call, please see attached some ideas for an alternative trigger mechanism aimed at meeting the “credible demonstration of legal prevention” threshold set by the ICANN consensus policy on this topic.  

 

I look forward to discussing this on tomorrow’s call, which I will endeavor to attend as much as I can, although it conflicts directly with another obligation on my calendar.  

 

Steve Metalitz

 

   

 

From: Jamie Hedlund [mailto:jamie.hedlund at icann.org] 
Sent: Tuesday, March 31, 2015 5:17 PM
To: Metalitz, Steven; whois-iag-volunteers at icann.org
Subject: Re: Discussion paper for 1 April 2015 meeting

 

Steve,

 

Thanks for pointing out the overlap. You are absolutely correct on all points. The discussion paper tries to tee up for discussion whether a package of verification elements that did not include notice of a process against an operator could meet the "credible demonstration of legal prevention" threshold. That package might include advice from the relevant GAC member, opinion from the ICANN GC, evidence of enforcement or intent to enforce the conflicting national privacy law, public comment and/or something else. Hope that makes sense.

 

Look forward to tomorrow’s call. Thanks.

 

Best,

Jamie  

 

Jamie Hedlund

VP, Strategic Programs

Global Domains Division

ICANN

+1.202.374.3969 (m)

+1.202.570.7125 (d)

jamie.hedlund at icann.org

 

From: <Metalitz>, Steven Metalitz <met at msk.com>
Date: Tuesday, March 31, 2015 at 5:02 PM
To: Jamie Hedlund <jamie.hedlund at icann.org>, "whois-iag-volunteers at icann.org" <whois-iag-volunteers at icann.org>
Subject: RE: Discussion paper for 1 April 2015 meeting

 

Thanks for this discussion paper, Jamie, it should be helpful in framing our discussion tomorrow. 

 

As one aspect of the discussion tomorrow we should take a look at the existing procedure, as there may be some overlap with what you are proposing.  For example, see section 2.1.2 of the current procedure: 

 

2.1.2 Pursuant to advice from ICANN's Governmental Advisory Committee, ICANN will request advice from the relevant national government on the authority of the request for derogation from the ICANN WHOIS requirements.

 

Of course, the touchstone remains “credible demonstration of legal prevention,” which is the standard adopted by the community and articulated in the policy, which the procedure that we have been asked to review is intended to implement.  

 

Steve Metalitz    

 

From: whois-iag-volunteers-bounces at icann.org [mailto:whois-iag-volunteers-bounces at icann.org] On Behalf Of Jamie Hedlund
Sent: Monday, March 30, 2015 1:27 PM
To: whois-iag-volunteers at icann.org
Subject: [IAG-WHOIS conflicts] Discussion paper for 1 April 2015 meeting

 

All,

 

Attached please find a short paper for the upcoming call. It is intended to spur discussion on whether the trigger could be modified so long as adequate verification requirements were in place. The paper follows on from contributions to the discussions to date. This is the only proposed agenda item. Based on how the call goes, we can spend the last 10 minutes or so discussing next steps.  If anyone would like to add anything to the agenda please let me know. Thanks.

 

Best,

Jamie

 

Jamie Hedlund

VP, Strategic Programs

Global Domains Division

ICANN

+1.202.374.3969 (m)

+1.202.570.7125 (d)

jamie.hedlund at icann.org



--------------------------------------------------------------------------------
_______________________________________________
Whois-iag-volunteers mailing list
Whois-iag-volunteers at icann.org
https://mm.icann.org/mailman/listinfo/whois-iag-volunteers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/whois-iag-volunteers/attachments/20150506/02d9bfe6/attachment-0001.html>

More information about the Whois-iag-volunteers mailing list