[gnso-rds-pdp-wg] Purpose in accordance with Registry Agreement section 2.18

Stephanie Perrin stephanie.perrin at mail.utoronto.ca
Fri Jun 2 23:34:03 UTC 2017 

Well, I guess I must be confused.  Here are the results of the NORC 
study, please tell me how I should be reading these.  P2, executive summary.

Stephanie

NORC
|
Project Summary Report
WHOIS Registrant I
dentification Study
| 2
Nevertheless, NORC has produced a coded set of data
that is useful for its intended purpose—an
exploratory study of registrant and domain user char
acteristics and the types of domain use activities.
With respect to answering
the issues posed by the GAC:

Percentage of registrants that are natural versus legal persons
: Based on our analysis of the
WHOIS records retrieved from a random sample of
1,600 domains from the top five gTLDs,

39 percent (± 2.4 percent
1
) appear to be registered by legal persons

33 percent (± 2.3 percent) appear to
be registered by natural persons

20 percent (± 2.0 percent) were registered using a privacy or proxy 
service.

We were unable to classify the remaining 8 pe
rcent (± 1.4 percent) using data available
from WHOIS.

On 2017-06-02 16:15, Dotzero wrote:
> The overwhelming majority of domains registered would be considered 
> for commercial purposes. The fact that a small percentage of domains 
> are registered by individuals for personal use should not be the 
> determining factor as to what is appropriate for ICANN to do. In fact, 
> many of what people assert are personal domains have advertising on 
> them and would therefor be considered by almost any jurisdiction to be 
> engaged in a commercial activity. This includes many (most?) parked 
> domains.
>
> Under these circumstances, having disclosure requirement in 
> registry/registrar agreements seems very appropriate and reasonable. 
> Adding in the fact that "private registration" is an option reduces 
> the scope of the issue even further.
>
> This is starting to increasingly look like a case of throwing the baby 
> out with the bath water.
>
> Michael Hammer
>
> On Fri, Jun 2, 2017 at 2:38 PM, Stephanie Perrin 
> <stephanie.perrin at mail.utoronto.ca 
> <mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
>
>     This clause has not been acceptable in the past, even before
>     GDPR.  I think it is worth pointing out that what is in the ICANN
>     agreements has been repeatedly pointed out, notably by the Art 29
>     WG, but certainly by others such as the IWGDPT, as violating DP
>     law. These documents I believe are all in our repository.  So
>     please let us not assume that what has been happening is ok, even
>     if we sign contract after contract with the same offending clauses
>     in them.  Consent in most jurisdictions has to be some variant of
>     "free, enlightened, and informed".  Noone can be compelled to
>     consent to a practice that is disproportionate or fails the
>     necessity test...An ability to withdraw consent has to be
>     available.  I won't go on and on but this clause obviously does
>     not pass this test.
>
>     In my opinion, the longer ICANN tries to stymie the DPAs and
>     ignore necessary changes in privacy policy, the greater the risk
>     they run that a viral campaign will be launched among ordinary
>     users, to appeal to the Courts.  DPAs try to effect change through
>     dialogue.  WHen dialogue fails, individuals have to take cases to
>     Court.  We don't want that.
>
>     Stephanie
>
>
>     On 2017-06-02 08:19, Volker Greimann wrote:
>>     I was just reviewing the changes to the registry agreement again
>>     and I noticed a section that has relevance here as well and that
>>     had not been discussed here.
>>
>>     Apparently the definition of the purpose for personal data
>>     collection as far as ICANN is concerned is the job of the
>>     registry operators:
>>
>>     2.18 Personal Data. Registry Operator shall (i) notify each
>>     ICANN-accredited registrar that is a party to the
>>     Registry-Registrar Agreement for the TLD of the purposes for
>>     which data about any identified or identifiable natural person
>>     (“Personal Data”) submitted to Registry Operator by such
>>     registrar is collected and used under this Agreement or otherwise
>>     and the intended recipients (or categories of recipients) of such
>>     Personal Data, and (ii) require such registrar to obtain the
>>     consent of each registrant in the TLD for such collection and use
>>     of Personal Data. Registry Operator shall take reasonable steps
>>     to protect Personal Data collected from such registrar from loss,
>>     misuse, unauthorized disclosure, alteration or destruction.
>>     Registry Operator shall not use or authorize the use of Personal
>>     Data in a way that is incompatible with the notice provided to
>>     registrars.
>>
>>     This does have some relevance to our current discussion, so I
>>     thought I'd recklessly post it here!
>>
>>
>
>
>     _______________________________________________
>     gnso-rds-pdp-wg mailing list
>     gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>     https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>     <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170602/ccdc783e/attachment.html>

More information about the gnso-rds-pdp-wg mailing list