Dear all,

Attached is a revised spreadsheet presenting privacy notification information on the Top 10 randomly registrars. I have archived the relevant sections and all urls of the privacy and registration documents for each registrar at;

http://www.furl.net/members/mfarrell10 , and click on the topic entitled 'Top 10 registrars - whois policies'.

This spreadsheet analyses the registrars' compliance with section 3.7.7.7 of the R.A.A., quoting the relevant part of their registration agreements or privacy policies for each sub-section 3.7.7.4.1 - 3.7.7.4.4.

I've also included some bullet points of analysis, essentially some features I observed in compiling the data.  These are purely interpretive on my part and you may of course draw your own conclusions from the data.

Overall, the data gathered indicates significantly greater uniformity amongst privacy notification and information among the top 10 registrars than in the rest of the market. 

• Between the Top 10 and the randomly chosen registrars, notification procedures are more or less uniform (i.e. virtually all notify the registrant using a link and tick box on the payment page).
• However, information provision about privacy varies significantly.  Most of the Top 10 registrars provide a separate privacy page that is accessed either directly from the home page or via a link from the customer registration agreement. Of the randomly chosen 10, only 3 provide a separate privacy page; one of the three is a New Zealand company affiliated to a top 10 registrar, the other two are UK companies. The sample is too small to draw any firm conclusions, but it may indicate that both size/visibility and also the jurisdiction/cultural tradition are two important factors regarding dedicated privacy pages.   
• Few registrars explicitly reference the purposes for which data are collected, but most describe the uses to which it is put.
• While most agreements hit all the main relevant points of the R.A.A., they do so by organising the terms and concepts in very different ways.  The majority of registrars in both groups appeared to be observing the R.A.A. in their provision of information on stated uses of personal data.
• The randomly chosen registrars seem less likely than the top 10 to explicitly state the requirement to publish personal data in Whois and/or to mention ICANN in this context.