Good afternoon,

Here are two additional documents assigned to me.

The Expert Working Group on gTLD Directory Services (EWG) was formed by ICANN to help resolve the nearly decade-long deadlock within the ICANN community on how to replace the current Whois system.  EWG’s mandate is to reexamine and define the purpose of collecting and maintaining gTLD directory services, to consider how to safeguard the data, and to propose a next generation solution that will better serve the needs of the global Internet community.
1)      Purposes defined by the EWG
EWG concluded the current Whois model—giving every user the same anonymous public access to gTLD registration data—should be abandoned.  Instead, EWG recommended a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use.  EWG proposed that permissible purposes include domain name control, domain name research, personal data protection, legal actions, technical issue resolution, regulatory/contract enforcement, domain name purchase/sale, individual Internet use, abuse mitigation, and Internet services provision.
2)      Centralized or Federated Model?
The selection, implementation and use of a specific Whois database structure (i.e., centralized or federated) should be informed by applicable legal principles of “personal data” protection, but no uniform definition of “personal data” exists and there are various disparities between existing regimes.  These differences in data projection regulation raise significant jurisdictional concerns, as well as potential regulatory obstacles on the global collection, processing, and transfer of gTLD registration data that need to be considered when structuring, implementing, and administrating the Whois database replacement platform.
·         Notwithstanding the territorial nature of data privacy laws, many such laws have extraterritorial reach. 
·         The administration of the Whois database may thus implicate the laws of (i) the country where the Whois database platform is located, (ii) the country where the data owner/licensor/controller (controller) is located (i.e., where the registrar, registry, and possibly the Whois database administrator are located to the extent such entities dictate the processing of gTLD registration data), and (iii) the country where the data subjects (e.g., registrants) are located
·         The controlling and most relevant law to consider is the law where the data subject (i.e., registrant) resides, as the ultimate goal of data protection laws is the protection of individual personal data.  Hence, the application of data protection laws will depend greatly on (i) where gTLD registration data will be located, (ii) whether ICANN (or the entity administering the database)  will be viewed as a controller or processor of such data, and hence have direct compliance obligations, (iii) the obligations imposed on registrars/registries under their agreements with ICANN with respect to gTLD registration data, and (iv) the extent to which local data protection laws apply to registrants.
·         The distinction between data controller and data processor is important, as controllers are required to comply with applicable data protection laws, and must impose certain data protection obligations on data processors.  Processors are required to abide by the instructions of controllers.
·         This will influence the data location and transfer considerations for the Whois replacement platform, whether as a centralized or federated model, and whether the Whois replacement database administrator and/or registrars conduct themselves as controllers in connection with gTLD registration data. 
·         The most comprehensive data protection and privacy compliance legal framework remains to be the E.U. Data Protection Directive (E.U. Directive), Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data => baseline for data protection compliance
Data controllers must process personal data in accordance with the following relevant data privacy and protection principles:
Purpose limitation: legitimate purposes only.
Data quality and proportionality: accurate and up to date.
Transparency: notification of data providers
Security and confidentiality: protection measures
Rights of access, rectification, deletion and objection by data subjects
Sensitive data: additional security measures
Direct marketing: “opt-out” must be possible
Data retention: limited time to satisfy the purpose
Accountability: for data collectors
The transfer of personal data from registrars to ICANN or the designated operator under a centralized model, or the sharing of data between registrars under a federated model, will therefore likely require data subject consent.  Data transfers between ICANN or a designated operator and the registrars likely also require that certain contractual obligations be imposed throughout the system.
Choice of accountability and liability of the data controller or the data processor for any data breach or violation of local laws depends on the dependance (or independence) of the processor towards the controller in both models. Sanctions: Regulatory fines, criminal sanctions, and injunctions on data processing.  International transfers of personal data in violation of local data protection laws could also lead to an injunction on data transfers, hampering the effectiveness of the Whois database replacement platform.  The availability of such penalties under local data protection regimes will potentially fuel local registrar/registry opposition to a Whois database replacement platform under either of the proposed models.
Again, in some countries the transfer of personal data from registrars to ICANN or the designated operator under a centralized model, or the sharing of data between registrars under a federated model, likely will require the consent of the data subjects.  Data transfers between ICANN or the designated operator and the registrars likely also require that certain contractual obligations be imposed throughout the system. 
Other issues:
1)      various registrars provide an upgraded fee-paying subscription service that addresses personal data privacy and may which to continue with this source of revenues
2)      considerable secure storage capacity.  Cloud computing may introduce heightened data security concerns and complicate proportionality in processing, international transfer restrictions, and data storage.
Conclusion: While technical, political and other considerations will inform the implementation of the
Whois database replacement platform, both models under consideration raise critical data privacy issues that must be considered. 

privacy-proxy-registration services-study 14sep10-en 
Domain names can be registered using a Whois privacy or proxy service, which helps limit the amount of users’ personal information that is made public via registrar and registry Whois services. The sample of domain names registered under the top 5 gTLDs indicates that about 18% of them used this type of service. Among these, Whois proxy service registrations were the most common.

 
Nathalie Coupet