Hello All, There seem to be some concerns about the work on WHOIS affecting the data that is collected. I am not aware of any efforts in the registrar/registry community to change the data that is collected at the time of registration. As Ross has pointed out, privacy laws in various countries already require us to specify the purpose for which data is being collected (usually in the form of a privacy policy published on the website), as does the registrar accreditation agreement (in the form of the agreement between the registrar and the Registered Name Holder). Thus I recommend that the Council assume the following: (1) There is no change in the data that is collected. This is currently covered in clause 3.4 of the registrar agreement: http://www.icann.org/registrars/ra-agreement-17may01.htm#3 "Retention of Registered Name Holder and Registration Data.". "During the Term of this Agreement, Registrar shall maintain its own electronic database, as updated from time to time, containing data for each active Registered Name sponsored by it within each TLD for which it is accredited. The data for each such registration shall include the elements listed in Subsections 3.3.1.1 through 3.3.1.8; the name and (where available) postal address, e-mail address, voice telephone number, and fax number of the billing contact; and any other Registry Data that Registrar has submitted to the Registry Operator or placed in the Registry Database under Subsection 3.2." (2) There is a policy process around the public publication of some of the data that is collected. This is currently covered in clause 3.3 titled "Public Access to Data on Registered Names" "At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited. The data accessible shall consist of elements that are designated from time to time according to an ICANN adopted specification or policy. " Note the WHOIS policy activity is specifically in relation to the second sentence above. (3) If some data is no longer made public, there are other mechanisms for obtaining the data from the registrar. All registrars that are members of the registrars constituency that I have spoken to cooperate with law enforcement. If there are problems with some registrars - then perhaps this is a matter for the registrar accreditation process. (4) The purpose for collecting data is already defined in the registrar agreement. Regarding the purpose for collecting data - this is already in the registrar agreement, specifically in clauses 3.7.7.3, clause 3.7.7.4 and clause 3.7.7.5. Note there is no mention of the public display of such data in these clauses, nor the purpose for the public display.
From clause 3.7 of the registrar agreement, titled: "Business Dealings, Including with Registered Name Holders."
3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm. 3.7.7.4 Registrar shall provide notice to each new or renewed Registered Name Holder stating: 3.7.7.4.1 The purposes for which any Personal Data collected from the applicant are intended; 3.7.7.4.2 The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator); 3.7.7.4.3 Which data are obligatory and which data, if any, are voluntary; and 3.7.7.4.4 How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them. 3.7.7.5 The Registered Name Holder shall consent to the data processing referred to in Subsection 3.7.7.4." The terms of reference for the WHOIS task force were deliberately drafted to focus on the Public Access to Data on Registered Names Regards, Bruce Tonkin Registrar rep on GNSO Council