Hi all,
To Steve’s question about circumstances, it doesn’t really matter why a domain uses a registrar’s P/P service (and at this time I don’t think there’s policy limiting those potential reasons), just that it does or does not.
If the domain does use the registrar’s P/P service, then only the P/P data can be provided in response to an RDRS request. The group yesterday seemed strongly in favour of considering those to be ‘approved’ requests. The response would be to provide the P/P data (which is also available publicly), not redacted data.
If the domain does not use the registrar’s P/P service, then the request goes through the registrar’s review process and the registrar determines which of the requested fields to disclose. For the non-disclosed fields, when the registrar provides the response directly to the requestor they would likely indicate which fields they are not disclosing, but I don’t think we have (or should) defined how exactly they’d do that within their own platform. Within the RDRS, the registrar would indicate which requested fields were disclosed (this is one of the rows in Yuko’s spreadsheet) as part of tracking the outcome of the request.
The requestor’s recourse is not affected in either case: they can complain to ICANN if they believe ICANN Policy was not followed, or to the relevant legal authority if they think the law was not followed.
Hope that helps!
--Sarah Wyld, CIPP/EPolicy & Privacy ManagerPronouns: she/theyswyld@tucows.com
From: Steve Crocker
Sent: April 24, 2023 3:51 PM
To: gnso-epdpp2-smallteam@icann.org
Subject: [GNSO-EPDPP2-SmallTeam] Redaction vs privacy/proxy service
Folks,
Thanks for responding during today's call to my question regarding the difference between a registrar responding with the name of a privacy or proxy service versus the word "redacted." I think there are still outstanding questions to be resolved.
During the discussion an additional question arose in my mind, so here are the questions I'm seeking answers to.
- Under what circumstances may a registrar impose a privacy or proxy service to hide the registration data? Some possible answers:
- It's entirely up to the registrar. Different registrars may have different policies. The registrant has no say. (I doubt this is the case for any registrar, but I'm including it for completeness.)
- A registrar may choose to impose a privacy or proxy service by default, but the registrant is informed and may choose not to have it imposed.
- A registrar may give the registrant the choice of having the registration protected by the registrar's privacy or proxy service.
- Under what circumstances will a registrar respond to a request with "redacted" versus with the name of the privacy or proxy service?
- What recourse does the requester have in each case?
Thanks,
Steve