[IAG-WHOIS conflicts] Discussion paper for 1 April 2015 meeting

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Wed May 6 04:36:37 UTC 2015 

I am a bit confused Raymond.  While the commissioners are indeed more 
upset about the 2013 agreement than the earlier ones, they have noted 
their views (that WHOIS requirements violated data protection laws), for 
years.  Here is just a short list:


Article 29 Working Group

·2003 issued opinion on WHOIS (2/2003)

·2006 wrote to Chairman (Vint Cerf) with concerns about ongoing WHOIS 
review and failure to identify purpose of data collection

·2013 wrote to Chairman (Crocker) & CEO withconcerns about the 2013 RAA: 
all European registrars would require a “waiver” according to the ICANN 
Conflicts with law procedure

·2014 wrote to ICANN’s General Counsel re concerns about the 2013 
Registrar’s Accreditation Agreement, and reaffirming its own authority 
to represent the 26 members of the group in a common position

·2014 Peter Hustinx, then European Data Protection Supervisor wrote to 
the Chairman (Crocker) and CEO (Chehade) to inform them that the data 
retention directive had been declared unconstitutional by the European 
Court of Justice, and that ICANN’s data retention requirements were not 
lawful.

International Working Group on Data Protection in Telecommunications

·2000 published a common position on WHOIS

·2003 IWGPT wrote to ICANN with concerns about the Interim Report Of The 
Names Council's WHOIS Task Force Of October 14, 2002

·2005 IWGPT wrote to the International Working Group on Internet 
Governance (IWGIG) to let them know that the two groups exist and are 
interested in Internet privacy issues and further cooperation

International Conference of Data Commissioners

·2009 resolution to consider sending a representative with observer 
status to ICANN

I can of course dig up the references to all of these.
The fact that there has been no enforcement action is not due to a lack 
of an understanding of the issue, nor that it does not violate law.  It 
is most likely due to a reluctance to make their national registrars 
suffer for ICANN's policy, in my view.  It is unlikely that this 
situation will endure forever.


Kind regards,
Stephanie Perrin
On 2015-05-05 21:53, arbitrator wrote:
> My recommendation is not to change to the procedure.  If it works there is no need to fix it.
> Best,
> Raymond
>
>   arbitrator <arbitrator at raymondho.com> wrote:
>
>> When comparing the Icann standard registry agreement with the EU privacy data protection regulations, for instance,  it is obvious to me that the contractual provisions have no conflict with these regulations. That might explain why no one had invoked the procedure in all these years. I invite  my colleagues to consider the issues in the context of the case before us. Sorry for missing the upcoming call.
>>
>> Best,
>> Raymond
>>
>>
>>
>>
>>
>> Raymond HO <arbitrator at raymondho.com> wrote:
>>
>>> Thanks, Steven.
>>>
>>>
>>>
>>> I respectfully invite you to consider the goals for the procedure as highlighted in resolution 20051128-05 below:
>>>
>>> “20051128-05
>>>
>>>   The GNSO votes in favour of the following consensus policy recommendation from the WHOIS task force CONSENSUS POLICY RECOMMENDATION
>>>
>>>   In order to facilitate reconciliation of any conflicts between local/national mandatory privacy laws or regulations and applicable provisions of the ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service, ICANN should:
>>>
>>>     Develop and publicly document a procedure for dealing with the situation in which a registrar or registry can credibly demonstrate that it is legally prevented by local/national privacy laws or regulations from fully complying with applicable provisions of its ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service.
>>>
>>>   Create goals for the procedure which include:
>>>
>>>     Ensuring that ICANN staff is informed of a conflict at the earliest appropriate juncture;
>>>
>>>     Resolving the conflict, if possible, in a manner conducive to ICANN's Mission, applicable Core Values and the stability and uniformity of the Whois system;
>>>
>>>     Providing a mechanism for the recognition, if appropriate, in circumstances where the conflict cannot be otherwise resolved, of an exception to contractual obligations to those registries/registrars to which the specific conflict applies with regard to collection, display and distribution of personally identifiable data via the gTLD WHOIS service; and
>>>
>>>     Preserving sufficient flexibility for ICANN staff to respond to particular factual situations as they arise.
>>>
>>>   As regards the applicable contractual provisions regarding the collection, display and distribution of personal data via the gTLD WHOIS service, I think it might be helpful to review the standard Registry Agreement https://www.icann.org/resources/pages/registries/registries-agreements-en, in particular, clause 2.18 and Specification 4 reproduced below:
>>>
>>>
>>>
>>>   2.18            Personal Data.  Registry Operator shall (i) notify each ICANN-accredited registrar that is a party to the
> _______________________________________________
> Whois-iag-volunteers mailing list
> Whois-iag-volunteers at icann.org
> https://mm.icann.org/mailman/listinfo/whois-iag-volunteers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/whois-iag-volunteers/attachments/20150505/2b4c8417/attachment-0001.html>

More information about the Whois-iag-volunteers mailing list