Hello All, As discussed in my earlier email, and taking into account the email discussions so far, I propose a separate motion to initiate further dialogue with ICANN Advisory Committees such as the GAC, SSAC, and ALAC on the topic of the purposes for which Personal Data is collected from Registrants. I want to make sure that we can relatively quickly have some documentation to support a useful dialogue, without requiring the formation of additional task forces or working groups. We already have large quantities of information on the WHOIS debate that are available via either the DNSO or GNSO websites, along with transcripts of past workshops at ICANN meetings. Up until now, much of the Personal Data that is collected is made available to the general public with almost no access control. This means that the purposes for which the data is collected is almost irrelevant, as members of the public may use the data for all sorts of things. It is virtually impossible to police any "use limitation" of this public data, ie Personal Data should not be disclosed, made available or otherwise used for purposes other than those specified. You can even print out the public data from the WHOIS service and use it as a doorstop. Note also that registrars are in no way constrained in what purposes they collect Personal Data including for marketing purposes, as long as these are part of their agreement with the Registered Name Holder. I propose the following new motion: "The GNSO Council notes that consistent with generally accepted privacy principles, Registrars shall provide notice to each new or renewed Registered Name Holder stating: (i) The purposes for which any Personal Data collected from the applicant are intended; (ii) The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator); (iii) Which data are obligatory and which data, if any, are voluntary; and (iv) How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them. To further understand the range of purposes for which data is intended, the GNSO proposes the following steps: (1) The ICANN staff will review a sample of registrar agreements with Registered Name Holders to identify some of the purposes for which registrars collected Personal Data from registrants. (2) The ICANN staff will review a sample of cctld registry or cctld registrar agreements with registrants to identify some of the purposes for which these organisations collect Personal Data from registrants. (3) The ICANN staff will summarise the current material that has resulted from WHOIS discussions since 2002 that document the current uses of the data that is currently made public through the WHOIS service. (4) Based on the material produced in steps (1), (2) and (3) above, the Council will undertake a dialogue with the ICANN Advisory Committee's such as the GAC, SSAC and ALAC to determine whether any work is required on mandating particular purposes, consistent with ICANN's mission and core values, for which registrars must collect Personal Data from registrants. The dialogue should seek to examine and understand consumer protection, privacy/data protection and law enforcement views, perspectives and concerns."