Version 2: Proposed motion regarding Personal Data that is collected and retained by registrars
Hello All, I have also improved this motion after input from Dan Halloran, Maria Farrell, Denise Michael, and various members of the GNSO community! Regards, Bruce Tonkin I propose the following new motion: "The GNSO Council notes that, consistent with generally accepted privacy principles, Registrars are required under clause 3.7.7.4 of the Registrar Accreditation Agreement to provide notice to each new or renewed Registered Name Holder stating: (i) The purposes for which any Personal Data collected from the applicant are intended; (ii) The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator); (iii) Which data are obligatory and which data, if any, are voluntary; and (iv) How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them. To further understand the range of purposes for which data is intended, the GNSO proposes the following steps: (1) The ICANN staff will review a sample of registrar agreements with Registered Name Holders to identify some of the purposes for which registrars collect Personal Data in the course of registering a domain name for their customers. (2) The ICANN staff will review a sample of cctld registry or cctld registrar agreements with registrants to identify some of the purposes for which these organisations collect Personal Data from registrants. (3) The ICANN staff will summarise the current material that has resulted from WHOIS discussions since 2002 that document the current uses of the data that is currently made public through the WHOIS service. (4) Based on the material produced in steps (1), (2) and (3) above, the Council will undertake a dialogue with the ICANN Advisory Committee's such as the GAC, SSAC and ALAC regarding the purposes for collecting Personal Data, and discuss whether any policy development is required in this area consistent with ICANN's mission and core values. The dialogue should seek to examine and understand consumer protection, privacy/data protection and law enforcement perspectives."
Dear Council Colleagues, dear Bruce, dear Glen, I have not been able to participate in the recent discussions for technical constraints (computer/network). At present, the heavy rainy season makes it difficult to maintain stable wireless and satellite connection ("rain degradation") I will try to be online on Thursday, but maybe it will not work for me. All the more I would like to ask that the council can discuss again the possibility to create proxy vote facilities. Norbert = Bruce Tonkin wrote:
Hello All,
I have also improved this motion after input from Dan Halloran, Maria Farrell, Denise Michael, and various members of the GNSO community!
Regards, Bruce Tonkin
I propose the following new motion:
"The GNSO Council notes that, consistent with generally accepted privacy principles, Registrars are required under clause 3.7.7.4 of the Registrar Accreditation Agreement to provide notice to each new or renewed Registered Name Holder stating:
(i) The purposes for which any Personal Data collected from the applicant are intended;
(ii) The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);
(iii) Which data are obligatory and which data, if any, are voluntary; and
(iv) How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them.
To further understand the range of purposes for which data is intended, the GNSO proposes the following steps:
(1) The ICANN staff will review a sample of registrar agreements with Registered Name Holders to identify some of the purposes for which registrars collect Personal Data in the course of registering a domain name for their customers.
(2) The ICANN staff will review a sample of cctld registry or cctld registrar agreements with registrants to identify some of the purposes for which these organisations collect Personal Data from registrants.
(3) The ICANN staff will summarise the current material that has resulted from WHOIS discussions since 2002 that document the current uses of the data that is currently made public through the WHOIS service.
(4) Based on the material produced in steps (1), (2) and (3) above, the Council will undertake a dialogue with the ICANN Advisory Committee's such as the GAC, SSAC and ALAC regarding the purposes for collecting Personal Data, and discuss whether any policy development is required in this area consistent with ICANN's mission and core values.
The dialogue should seek to examine and understand consumer protection, privacy/data protection and law enforcement perspectives."
Dear Fellow Councilors The issues of proxy voting, and several other administrative issues, do deserve attention, and could be part of the long awaited, long postponed improvements to the Council, based on the earlier Review. On the motion itself, I am generally supportive, but note that there are at least two ambiguities that I would like to get clarified, IN the motion. My edits are posted below, and are intended to provide clarity. Thanks, Bruce, for engaging Dan and Denise. Their involvement in resolutions/motions should become SOP. Refresh my memory, though, Dan, as the legal advisor. Do we need to withdraw the present motion and have this as a substitute? See inserts below in CAPS.
"The GNSO Council notes that, consistent with generally accepted privacy principles, Registrars are required under clause 3.7.7.4 of the Registrar Accreditation Agreement to provide notice to each new or renewed Registered Name Holder stating:
(i) The purposes for which any Personal Data collected from the applicant are intended;
(ii) The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);
(iii) Which data ELEMENTS are obligatory and which data ELEMENTS, if any, are voluntary; and
(iv) How the Registered Name Holder or data subject can access and, if necessary, CORRECT OR rectify the data held about them.
To further understand the range of purposes for which data is COLLECTED AND USED [intended], the GNSO proposes the following steps:
(1) The ICANN staff will review a sample of registrar agreements with Registered Name Holders to identify some of the purposes for which registrars collect Personal Data in the course of registering a domain name for their customers.
(2) The ICANN staff will review a REPRESENTATIVE sample of ccTLD registry or ccTLD registrar agreements, TAKING INTO ACCOUNT THE ISSUES OF GEOGRAPHICAL DIVERSITY AND RULE OF LAW VARIANCES, with registrants to identify some of the purposes for which these organisations collect AND DISPLAY Personal Data from registrants.
(3) The ICANN staff will summarise the current material that has resulted from WHOIS discussions since 2002 that document the current uses of the data that is currently made public through the WHOIS service. [WHAT IS THE TIME FRAME FOR THIS PROJECT?]
(4) SUPPORTED BY [Based on] the material produced in steps (1), (2) and (3) above, the Council will undertake a dialogue with the ICANN Advisory Committee's such as the GAC, SSAC and ALAC regarding the purposes for collecting Personal Data, and discuss whether any policy development is required in this area consistent with ICANN's mission and core values.
The dialogue should seek to examine and understand consumer protection, privacy/data protection and law enforcement perspectives."
-----Original Message----- From: owner-council@gnso.icann.org [mailto:owner-council@gnso.icann.org] On Behalf Of Norbert Klein Sent: Wednesday, July 19, 2006 6:19 AM To: Bruce Tonkin Cc: Council GNSO Subject: Re: [council] Version 2: Proposed motion regarding Personal Data that is collected and retained by registrars Dear Council Colleagues, dear Bruce, dear Glen, I have not been able to participate in the recent discussions for technical constraints (computer/network). At present, the heavy rainy season makes it difficult to maintain stable wireless and satellite connection ("rain degradation") I will try to be online on Thursday, but maybe it will not work for me. All the more I would like to ask that the council can discuss again the possibility to create proxy vote facilities. Norbert = Bruce Tonkin wrote:
Hello All,
I have also improved this motion after input from Dan Halloran, Maria Farrell, Denise Michael, and various members of the GNSO community!
Regards, Bruce Tonkin
I propose the following new motion:
"The GNSO Council notes that, consistent with generally accepted privacy principles, Registrars are required under clause 3.7.7.4 of the Registrar Accreditation Agreement to provide notice to each new or renewed Registered Name Holder stating:
(i) The purposes for which any Personal Data collected from the applicant are intended;
(ii) The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);
(iii) Which data are obligatory and which data, if any, are voluntary; and
(iv) How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them.
To further understand the range of purposes for which data is intended, the GNSO proposes the following steps:
(1) The ICANN staff will review a sample of registrar agreements with Registered Name Holders to identify some of the purposes for which registrars collect Personal Data in the course of registering a domain name for their customers.
(2) The ICANN staff will review a sample of cctld registry or cctld registrar agreements with registrants to identify some of the purposes for which these organisations collect Personal Data from registrants.
(3) The ICANN staff will summarise the current material that has resulted from WHOIS discussions since 2002 that document the current uses of the data that is currently made public through the WHOIS service.
(4) Based on the material produced in steps (1), (2) and (3) above, the Council will undertake a dialogue with the ICANN Advisory Committee's such as the GAC, SSAC and ALAC regarding the purposes for collecting Personal Data, and discuss whether any policy development is required in this area consistent with ICANN's mission and core values.
The dialogue should seek to examine and understand consumer protection, privacy/data protection and law enforcement perspectives."
participants (3)
-
Bruce Tonkin -
Marilyn Cade -
Norbert Klein