I reviewed the document at Article
29 WP 76 Opinion 2/2003
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf.
The document addresses the application of data protection principles to WHOIS directories As such it goes into detail about Purpose, Data Accuracy, and Data Elements (see related quotes below under closest associated charter question for each).
In sum, from this document we could draw out the following possible requirements:
1. Need a well-defined purpose;
2. Data collected should be relevant (and not excessive) for defined purpose;
3. Bulk access to WHOIS data for direct marketing should be limited;
4. Data should be accurate; and
5. Data subjects should be provided with unambiguous and informed consent.
Charter questions and relevant/associated quotes from Article
29 WP 76 Opinion 2/2003
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2003/wp76_en.pdf.:
·Users/Purposes: Who should have access to gTLD registration data and why?
1. From the data protection viewpoint it is essential to determine in very clear terms what is the purpose of the Whois and which purpose(s) can be considered as legitimate and compatible to the original purpose.
2. The Working Party wishes to state its support for ... limitation of bulk access for direct marketing issues.
·Data Accuracy: What steps should be taken to improve data accuracy?
1. The Working Party wishes to state its support for the proposals concerning accuracy of the data (which is also one of the principles of the European Data Protection Directive) ...
·Data Elements: What data should be collected, stored, and disclosed?
1. ... data should be relevant and not excessive for the specific purpose.
2. ... the processing of personal data in reverse directories or multi-criteria searching services without unambiguous and informed consent by the individual is unfair and unlawful.
Please let me know if there are any questions.
Thanks,
Fab
Fabricio Vayra
Partner
700
Thirteenth Street, N.W. Suite 600