[Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL]

Kathy Kleiman kathy at kathykleiman.com
Wed Aug 17 14:01:57 UTC 2011 

There was also a situation with .NAME in which they negotiated a 
different Whois policy. I think it may have been upfront, as part of the 
contract, but I seem to recall discussions about ICANN's procedure for 
handling Whois conflicts with privacy law as part of the overall discussion.

(Background: .NAME, which focused on personal email addresses based on 
last names, was based in the EU, and I believe in a Scandanavian 
country, and they consulted with their data protection commissioner from 
the start.)

Best,
Kathy

> Dear Peter and all,
>
> Please note that there is one occasion where the procedure for 
> handling WHOIS conflicts with privacy law has been applied in 
> practice, relating to .TEL, see 
> http://www.icann.org/en/announcements/announcement-2-19oct07.htm 
> (announcement of Telnic's proposed change and opening of a public 
> comment period) and 
> http://www.icann.org/en/minutes/minutes-18dec07.htm (the Board minutes 
> with the decision on the matter).
>
> In this case, the procedure is invoked as a "draft Procedure", since 
> the .TEL matter was addressed before the procedure was formally in 
> force , see http://www.icann.org/en/processes/icann-procedure-17jan08.htm.
>
> Denise may have additional information to supply when the sun rises in 
> California-- I just wanted to provide this piece well before our call 
> today.
>
> Very best regards
>
> Olof
>
> *From:*rt4-whois-bounces at icann.org 
> [mailto:rt4-whois-bounces at icann.org] *On Behalf Of *Nettlefold, Peter
> *Sent:* Wednesday, August 17, 2011 9:39 AM
> *To:* rt4-whois at icann.org
> *Cc:* Kathy Kleiman
> *Subject:* [Rt4-whois] FW: Applicable laws [SEC=UNOFFICIAL]
>
> Hi all,
>
> Thanks to Lynn and Kathy for continuing our discussions on these 
> important issues.
>
> These were key issues I struggled with in drafting the 
> accessibility/privacy part of the gaps chapter, which I circulated 
> yesterday for comment.
>
> After reading the public submissions to our discussion paper, it seems 
> clear that some people are worried about the privacy implications of 
> WHOIS. It was raised by many respondents to our paper, and 
> acknowledged as a valid concern by many others.
>
> However, I don't see a compelling case for us to catalogue all 
> potential applicable privacy or data protection laws as a way to take 
> this forward. In practice, I think this would be very difficult, and 
> arguably of limited use. Even if every GAC member provided details of 
> every potentially applicable law, this would not cover every country, 
> and would only cover contributing countries at a set point in time. 
> Further, what would we do with this data? How would we reconcile the 
> inevitable differences?
>
> Arguably, any conflict with national law (whether it relates to 
> 'sensitive' information, or other personal information) is intended to 
> be addressed by ICANN's consensus procedure. The consensus procedure 
> was developed by the ICANN community to deal with specific conflicts 
> with national law. Whether and how it has been used may therefore 
> provide us some guidance about any actual conflicts and how they've 
> been handled. I see that Denise has undertaken to get back to us 
> shortly with an answer to this - thanks Denise! The answer to this may 
> provide useful insights into whether that particular procedure is 
> effective or needs modification to deal with specific legal 
> situations, and it could also clarify the potential extent of existing 
> legal conflicts.
>
> For the procedure to be effective, there is no need to catalogue 
> applicable laws in advance. Personally, I can't see any way to replace 
> this (or a similar) case-by-case procedure with a more prescriptive 
> universal mechanism based on a survey of applicable laws, nor any way 
> to anticipate all potential legal conflicts in advance.
>
> There is then the additional question of whether we're only interested 
> in situations where there is a conflict with a national law?If so, 
> then we need to consider whether there needs to be any additional 
> protections beyond the existing procedure.
>
> On balance, my position is that we should consider some way to 
> acknowledge the privacy concerns of individuals, including those that 
> may not be addressed by ICANN's existing consensus procedures and 
> policies. The problem is how to do this without facilitating the 
> unregulated and widely abused privacy/proxy situation that we now have.
>
> This is what I tried to address in the draft gaps chapter. The 
> proposed recommendations at the end of that chapter are intended to 
> provide a framework for a balanced, open and accountable privacy 
> regime, while acknowledging that much of the detail (such as what data 
> could be 'protected' or 'limited', and standardised processes for 
> release of that data when needed) would rightly be developed through 
> existing ICANN community (and cross community) processes.
>
> I look forward to further discussion on this as we move forward.
>
> Cheers,
>
> Peter
>
> *From:*rt4-whois-bounces at icann.org 
> <mailto:rt4-whois-bounces at icann.org> 
> [mailto:rt4-whois-bounces at icann.org] 
> <mailto:[mailto:rt4-whois-bounces at icann.org]> *On Behalf Of *Kathy Kleiman
> *Sent:* Wednesday, 17 August 2011 2:30 PM
> *To:* rt4-whois at icann.org <mailto:rt4-whois at icann.org>; 
> lynn at goodsecurityconsulting.com <mailto:lynn at goodsecurityconsulting.com>
> *Subject:* Re: [Rt4-whois] Applicable laws
>
> Dear Lynn and All,
> I wanted to say how much I appreciate Lynn posting the key regional 
> data protection frameworks to the group. I think they are very 
> important, and she and I have discussed the need for us to look at 
> them more closely in relation to the Whois data. I hope we can do this 
> soon!
>
> Regarding sensitive vs private data, I wanted to add my views as an 
> attorney who specializes in the area of data protection and privacy 
> since starting my telecommunications practice in 1993. While sensitive 
> data may focus on the areas of financial, birth, religion, health, and 
> let's add political affiliation and sexual orientation, that's not 
> where the story ends.
>
> Data protection and privacy laws certainly consider home address, home 
> phone number, and now cell phone data as "private" or "personal data." 
> Certainly telecommunications laws in the US, as one example, regularly 
> protect the right of a person to "opt-out" of sharing their home 
> address or home phone number in a public directory as a matter of 
> personal privacy.  In fact, opt-out in directories was chosen by a 
> majority of Californians when last I researched it (and the state 
> protects privacy as part of its state constitution) because home 
> addresses and home phone numbers are considered very personal 
> information, and worthy of protection.
>
> These are the very elements that have been such an issue of 
> controversy within the ICANN arena. Over the last decade, as part of 
> the history of Whois within ICANN, at least four Data Protection 
> Commissioners and their senior staffs have warned ICANN about the 
> problems of this data, and its data protection implications. They are 
> very concerned with the elements now collected and published in the 
> Whois. I will gather their letters to ICANN and share them, as well as 
> notes of the speeches they have given. I would like to request that we 
> ask ICANN Staff to work with us on this important matter as well.
>
> Ultimately, I do not think this is a matter for us to decide on (which 
> may relieve everyone greatly). As many of you know, I have been 
> thinking about this issue a great deal. I will be submitting a 
> recommendation to our Team asking that GAC provide ICANN with clear 
> information about relevant applicable laws, including data protection 
> laws, and their guidance, based on these laws, as to the elements of 
> the Whois now published. I'll distribute this before our meeting tomorrow.
>
> All the best,
> Kathy
>
> Since data privacy is an area of specialization for me, I would like 
> to offer a couple of
>
> comments on the dialogue about privacy laws.
>
> Although WHOIS data contains personal data, it does not have any data 
> elements that are
>
> considered to be "sensitive" in nature.  The focus and priority of 
> data protection authorities throughout the world is on protection of 
> sensitive data such as financial account details, date of birth, 
> religious affiliations, medical conditions, etc.
>
> For global, multi-national organizations who need to develop and 
> maintain policies regarding the collection and use of personal data, 
> there are multi-lateral privacy frameworks and principles that have 
> been accepted and are well established including:
>
> 1) OECD Guidelines on the Protection of Privacy and Transborder Flows
>
> 2) UN Guidelines Concerning Computerized Personal Data Files
>
> 3) EU Directive 95/46/EC on the Protection of Individuals with Regard 
> to the Processing of Personsal Data and on the Free Movement of Such Data
>
> 4) APEC Privacy Framework
>
> Since ICANN is headquartered in the State of California and the United 
> States, I would note that California has an Office of Privacy 
> Protection.  At the national level, the U.S. Federal Trade Commission 
> has been accepted as the equivalent of a Data Protection Authority.
>
> Hope these brief comments are helpful.
>
> Lynn
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org  <mailto:Rt4-whois at icann.org>
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
> -- 
>   
>   
>
>
> *-------------------------------------------------------------------------------*
>
> The information transmitted is for the use of the intended recipient 
> only and may contain confidential and/or legally privileged material. 
> Any review, re-transmission, disclosure, dissemination or other use 
> of, or taking of any action in reliance upon, this information by 
> persons or entities other than the intended recipient is prohibited 
> and may result in severe penalties.
>
> If you have received this e-mail in error please notify the Security 
> Advisor of the Department of Broadband, Communications and the Digital 
> Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and 
> delete all copies of this transmission together with any attachments.
>
> Please consider the environment before printing this email.
>
>
> *-------------------------------------------------------------------------------*
>
>
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois


-- 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110817/f0d3fde5/attachment.html

More information about the Rt4-whois mailing list