[council] Version 2: Proposed motion regarding Personal Data that is collected and retained by registrars

Bruce Tonkin Bruce.Tonkin at melbourneit.com.au
Wed Jul 19 09:47:36 UTC 2006

Hello All,

I have also improved this motion after input from Dan Halloran, Maria
Farrell, Denise Michael, and various members of the GNSO community!

Bruce Tonkin

I propose the following new motion:

"The GNSO Council notes that, consistent with generally accepted privacy
principles, Registrars are required under clause of the
Registrar Accreditation Agreement to provide notice to each new or
renewed Registered Name Holder stating:

(i) The purposes for which any Personal Data collected from the
applicant are intended;

(ii) The intended recipients or categories of recipients of the data
(including the Registry Operator and others who will receive the data
from Registry Operator);

(iii) Which data are obligatory and which data, if any, are voluntary;

(iv) How the Registered Name Holder or data subject can access and, if
necessary, rectify the data held about them.

To further understand the range of purposes for which data is intended,
the GNSO proposes the following steps:

(1) The ICANN staff will review a sample of registrar agreements with
Registered Name Holders to identify some of the purposes for which
registrars collect Personal Data in the course of registering a domain
name for their customers.

(2) The ICANN staff will review a sample of cctld registry or cctld
registrar agreements with registrants to identify some of the purposes
for which these organisations collect Personal Data from registrants.

(3) The ICANN staff will summarise the current material that has
resulted from WHOIS discussions since 2002 that document the current
uses of the data that is currently made public through the WHOIS

(4) Based on the material produced in steps (1), (2) and (3) above, the
Council will undertake a dialogue with the ICANN Advisory Committee's
such as the GAC, SSAC and ALAC regarding the purposes for collecting
Personal Data, and discuss whether any policy development is required in
this area consistent with ICANN's mission and core values.

The dialogue should seek to examine and understand consumer protection,
privacy/data protection and law enforcement perspectives."

More information about the council mailing list