[Rt4-whois] Applicable laws

Omar Kaminski omar at kaminski.adv.br
Wed Aug 17 15:43:25 UTC 2011 

Dear Kathy, Lynn, Bill, all,

And data protection leads to... consumer trust. These very data is the
same required - or to be put or kept in public (or not) in the very
core of Whois, at least under the surface.

Consumer (usually local) and data protection - and even data retention
laws, and which cases could be disclosured specially under proxies
"protection".

Please remember a gTLD registrant or registrar could be hosted and
sold anywhere - for example if one of our ISPs sells gtlds (and of
course they do), they would be mutually responsible by brazilian laws
even for the lack of accuracy.

So I agree with Bill's last email, it's impossible to have all the
laws attended, even not doing anything we could comply to a law.

Should we try to focus on the big picture?

My quick 2 cents.

Omar


2011/8/17 Kathy Kleiman <kathy at kathykleiman.com>:
> Dear Lynn and All,
> I wanted to say how much I appreciate Lynn posting the key regional data
> protection frameworks to the group. I think they are very important, and she
> and I have discussed the need for us to look at them more closely in
> relation to the Whois data. I hope we can do this soon!
>
> Regarding sensitive vs private data, I wanted to add my views as an attorney
> who specializes in the area of data protection and privacy since starting my
> telecommunications practice in 1993. While sensitive data may focus on the
> areas of financial, birth, religion, health, and let's add political
> affiliation and sexual orientation, that's not where the story ends.
>
> Data protection and privacy laws certainly consider home address, home phone
> number, and now cell phone data as "private" or "personal data." Certainly
> telecommunications laws in the US, as one example, regularly protect the
> right of a person to "opt-out" of sharing their home address or home phone
> number in a public directory as a matter of personal privacy.  In fact,
> opt-out in directories was chosen by a majority of Californians when last I
> researched it (and the state protects privacy as part of its state
> constitution) because home addresses and home phone numbers are considered
> very personal information, and worthy of protection.
>
> These are the very elements that have been such an issue of controversy
> within the ICANN arena. Over the last decade, as part of the history of
> Whois within ICANN, at least four Data Protection Commissioners and their
> senior staffs have warned ICANN about the problems of this data, and its
> data protection implications. They are very concerned with the elements now
> collected and published in the Whois. I will gather their letters to ICANN
> and share them, as well as notes of the speeches they have given. I would
> like to request that we ask ICANN Staff to work with us on this important
> matter as well.
>
> Ultimately, I do not think this is a matter for us to decide on (which may
> relieve everyone greatly). As many of you know, I have been thinking about
> this issue a great deal. I will be submitting a recommendation to our Team
> asking that GAC provide ICANN with clear information about relevant
> applicable laws, including data protection laws, and their guidance, based
> on these laws, as to the elements of the Whois now published. I'll
> distribute this before our meeting tomorrow.
>
> All the best,
> Kathy
>
> Since data privacy is an area of specialization for me, I would like to
> offer a couple of
>
> comments on the dialogue about privacy laws.
> Although WHOIS data contains personal data, it does not have any data
> elements that are
> considered to be "sensitive" in nature.  The focus and priority of data
> protection authorities throughout the world is on protection of sensitive
> data such as financial account details, date of birth, religious
> affiliations, medical conditions, etc.
> For global, multi-national organizations who need to develop and maintain
> policies regarding the collection and use of personal data, there are
> multi-lateral privacy frameworks and principles that have been accepted and
> are well established including:
> 1) OECD Guidelines on the Protection of Privacy and Transborder Flows
> 2) UN Guidelines Concerning Computerized Personal Data Files
> 3) EU Directive 95/46/EC on the Protection of Individuals with Regard to the
> Processing of Personsal Data and on the Free Movement of Such Data
> 4) APEC Privacy Framework
> Since ICANN is headquartered in the State of California and the United
> States, I would note that California has an Office of Privacy Protection.
>  At the national level, the U.S. Federal Trade Commission has been accepted
> as the equivalent of a Data Protection Authority.
> Hope these brief comments are helpful.
> Lynn
>
>
>
>
>
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
>
> --
>
>
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
>

More information about the Rt4-whois mailing list