Note I guess this motion should also have a backward reference as well: "This motion arose from clause (3) of the proposed WHOIS motion discussed during the GNSO Council meeting in Marrakech".

I propose the following new motion:

"The GNSO Council notes that, consistent with generally accepted privacy principles, Registrars are required under clause 3.7.7.4 of the Registrar Accreditation Agreement to provide notice to each new or renewed Registered Name Holder stating:

(i) The purposes for which any Personal Data collected from the applicant are intended;

(ii) The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);

(iii) Which data are obligatory and which data, if any, are voluntary; and

(iv) How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them.

To further understand the range of purposes for which data is intended, the GNSO proposes the following steps:

(1) The ICANN staff will review a sample of registrar agreements with Registered Name Holders to identify some of the purposes for which registrars collect Personal Data in the course of registering a domain name for their customers.

(2) The ICANN staff will review a sample of cctld registry or cctld registrar agreements with registrants to identify some of the purposes for which these organisations collect Personal Data from registrants.

(3) The ICANN staff will summarise the current material that has resulted from WHOIS discussions since 2002 that document the current uses of the data that is currently made public through the WHOIS service.

(4) Based on the material produced in steps (1), (2) and (3) above, the Council will undertake a dialogue with the ICANN Advisory Committee's such as the GAC, SSAC and ALAC regarding the purposes for collecting Personal Data, and discuss whether any policy development is required in this area consistent with ICANN's mission and core values.

The dialogue should seek to examine and understand consumer protection, privacy/data protection and law enforcement perspectives."