Hi All, My second task was to review the Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts with Privacy Law. This input is interesting as it provides thoughtful context for some debates that I believe will follow after we finish the work of our small teams. After reviewing the fundamental document <https://www.icann.org/en/system/files/files/schaar-to-cerf-12mar07-en.pdf> of this input, I extracted some relevant excerpts that are directly related to the users/purposes questions that we identified in the mind map from March 22, 2016. I highlighted some parts for improved readability and I also concisely summarized the relevant paragraphs with brief titles. The excerpts are given as follows: *Differentiating between legal and natural persons* *"In particular, the Article 29 WP emphasizes once more the need to differentiate between legal and natural persons registering domain names. In the first case, the publication of certain information about the company or organisation (such as their identification and their physical address) is often a requirement by law in the framework of the commercial or professional activities they perform. The Article 29 WP's primary concern relates to private domain holders that use domains solely in a non-commercial context. Nevertheless, a privacy issue is at stake also for instance in a workplace with people (employees) named in the context of commercial domains." (page 2)* *Limiting bulk access for direct marketing* *"The Working Party also reaffirms its support for earlier proposals concerning accuracy of the data (which is also one of the principles of the Data Protection Directive) published in WHOIS directories and limitation of bulk access for direct marketing issues. It recalls that bulk use of WHOIS data for direct marketing is by no means in line with the purpose for which the directories were set up and are being maintained." (page 2)* *Distinction between publicly accessible and publicly inaccessible data* *"Introducing a distinction between publicly accessible and publicly inaccessible data, e.g. for internal purposes of registrars for billing, etc., which is typical in many national legal systems might tackle many of the problems outlined above." (page 2)* *Definition of WHOIS purpose adopted by the GNSO Whois Task Force* *"The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver." (page 2)* Note: This is a definition adopted in the GNSO Whois Task Force Preliminary Task Force Report on Whois Services of 22 November 2006. *The trade-off triangle: Technical operation of the Internet network v.s. legal responsibilities v.s. data protection and privacy rights* *"The Article 29 WP acknowledges the legitimacy of the purpose of the making available of some personal data through the WHOIS services, when this publication is necessary for the technical functioning of the Internet network as set out in the purpose definition. This publicity is necessary in order to put the person running a Website in a position to face the legal and technical responsibilities which are inherent to the running of such a site. However, in its current form the database does not take account of the data protection and privacy rights of those identifiable persons who are named as the contacts for domain names and organizations."* Personal note: This is not something that should be discussed now, but I have the impression that the centroid of this triangle is ensuring "trust" in the online environment. I hope this summary is helpful and I wish you have a great weekend! Best regards, Maryan