[council] Regarding data collected and the purpose of collecting data

Bruce Tonkin Bruce.Tonkin at melbourneit.com.au
Tue Apr 11 06:30:44 UTC 2006


Hello All,

There seem to be some concerns about the work on WHOIS affecting the
data that is collected.

I am not aware of any efforts in the registrar/registry community to
change the data that is collected at the time of registration.  As Ross
has pointed out, privacy laws in various countries already require us to
specify the purpose for which data is being collected (usually in the
form of a privacy policy published on the website), as does the
registrar accreditation agreement (in the form of the  agreement between
the registrar and the Registered Name Holder). 
 
Thus I recommend that the Council assume the following:

(1) There is no change in the data that is collected.

This is currently covered in clause 3.4 of the registrar agreement:
http://www.icann.org/registrars/ra-agreement-17may01.htm#3

"Retention of Registered Name Holder and Registration Data.".

"During the Term of this Agreement, Registrar shall maintain its own
electronic database, as updated from time to time, containing data for
each active Registered Name sponsored by it within each TLD for which it
is accredited. The data for each such registration shall include the
elements listed in Subsections 3.3.1.1 through 3.3.1.8; the name and
(where available) postal address, e-mail address, voice telephone
number, and fax number of the billing contact; and any other Registry
Data that Registrar has submitted to the Registry Operator or placed in
the Registry Database under Subsection 3.2."


(2) There is a policy process around the public publication of some of
the data that is collected.
This is currently covered in clause 3.3 titled 
"Public Access to Data on Registered Names"

"At its expense, Registrar shall provide an interactive web page and a
port 43 Whois service providing free public query-based access to
up-to-date (i.e., updated at least daily) data concerning all active
Registered Names sponsored by Registrar for each TLD in which it is
accredited. The data accessible shall consist of elements that are
designated from time to time according to an ICANN adopted specification
or policy. "

Note the WHOIS policy activity is specifically in relation to the second
sentence above.


(3) If some data is no longer made public, there are other mechanisms
for obtaining the data from the registrar.  All registrars that are
members of the registrars constituency that I have spoken to cooperate
with law enforcement.  If there are problems with some registrars - then
perhaps this is a matter for the registrar accreditation process.


(4) The purpose for collecting data is already defined in the registrar
agreement.


Regarding the purpose for collecting data - this is already in the
registrar agreement, specifically in clauses 3.7.7.3, clause 3.7.7.4 and
clause 3.7.7.5.   Note there is no mention of the public display of such
data in these clauses, nor the purpose for the public display.

>From clause 3.7 of the registrar agreement, titled:
"Business Dealings, Including with Registered Name Holders."

3.7.7.3 Any Registered Name Holder that intends to license use of a
domain name to a third party is nonetheless the Registered Name Holder
of record and is responsible for providing its own full contact
information and for providing and updating accurate technical and
administrative contact information adequate to facilitate timely
resolution of any problems that arise in connection with the Registered
Name. A Registered Name Holder licensing use of a Registered Name
according to this provision shall accept liability for harm caused by
wrongful use of the Registered Name, unless it promptly discloses the
identity of the licensee to a party providing the Registered Name Holder
reasonable evidence of actionable harm.

3.7.7.4 Registrar shall provide notice to each new or renewed Registered
Name Holder stating:

3.7.7.4.1 The purposes for which any Personal Data collected from the
applicant are intended;

3.7.7.4.2 The intended recipients or categories of recipients of the
data (including the Registry Operator and others who will receive the
data from Registry Operator);

3.7.7.4.3 Which data are obligatory and which data, if any, are
voluntary; and

3.7.7.4.4 How the Registered Name Holder or data subject can access and,
if necessary, rectify the data held about them.

3.7.7.5 The Registered Name Holder shall consent to the data processing
referred to in Subsection 3.7.7.4."


The terms of reference for the WHOIS task force were deliberately
drafted to focus on the Public Access to Data on Registered Names


Regards,
Bruce Tonkin
Registrar rep on GNSO Council




More information about the council mailing list