[[--Translated text (es -> en)--]] Subject: Fwd: ICANN News Alert - Advisory Concerning Register Obligations to Provide Data to ICANN Pursuant to Section 3.4.3 of the 2013 RAA From: apisanty@gmail.com Colleagues, just got this note from ICANN. Informed about procedures by which the "registrars" (registrars) Domain Name must provide related generic domain names data whose registration have been processed, as well as exceptions and limitations Possible adjustments in these cases. Since our organizations have an explicit responsibility defending the interests of users, and this information relates "to necessario "personal data of registrants, consider interest LACRALO criteria is formed on these exchanges information and possibly prepare an information document oriented users in the region.In case of being in disagreement, proceed to form a consensus view and communicate it to the various levels of ICANN through which it is possible to propose changes to a policy like this. Surely some of you. Will be better aware of the discussions and negotiations, complex and contentious moments, which have led to this document. All this will feed the interest of the discussion. Sincerely, Alejandro Pisanty ---------- Forwarded message ---------- From: ICANN At-Large Staff <staff@atlarge.icann.org> Date: Fri, June 5, 2015 at 6:42 PM Subject: [ALAC-Announce] ICANN News Alert - Advisory Concerning Register Obligations to Provide Data to ICANN Pursuant to Section 3.4.3 of the 2013 RAA To: "alac-announce@atlarge-lists.icann.org" < alac-announce@atlarge-lists.icann.org> [Image: ICANN] <http://www.icann.org/> News Alert https://www.icann.org/news/announcement-2015-06-05-en ------------------------------ Advisory Concerning Register Obligations to Provide Data Pursuant to ICANN to Section 3.4.3 of the 2013 RAA 5 June 2015 Section 3.4.3 of the 2013 Registrar Accreditation Agreement (the "2013 RAA ") requires registrars to Provide Certain data, information, and records to ICANN upon request and Incorporates a procedure by Which ICANN and registrars can agree to limitations, protections, or alternative solutions in the event to register Believes Such That the provision of data to ICANN would violate applicable law or legal proceedings. Several registrars Have Requested clarification from ICANN Regarding the 2013 RAA's procedure for discussing and agreeing on Appropriate limitations, protections, or alternative solutions for production of data, information, records or Requested by ICANN. In particularly, registrars unavailable Told That ICANN meaningful discussions of Potentially Relevant legal issues That requires ICANN Identify (I) the purposes for ICANN Which is Requesting Such data, information, or records; (Ii) how ICANN Intends to use Such data, information, or records; and (Iii) Which duration for ICANN Intends to Retain Such data, information, or records.1 < https://www.icann.org/news/announcement-2015-06-05-en#foot1> The following advisory outlines the Relevant Provisions of the 2013 RAA and That Explains the steps ICANN will take upon a registrar's request if ICANN seeks access to data, information, or records pursuant to Section 3.4.3 of the 2013 RAA. Relevant Provisions of the 2013 RAA Section 3.4.3 of the 2013 RAA provides: 3.4.3 During the Term of esta Agreement and for two (2) years thereafter, Shall make the record data, information and records specified in esta Section 3.4 available for inspection and copying by ICANN upon reasonable notice.In Addition, upon reasonable notice and request from ICANN, Register Shall Such deliver copies of data, information and records to ICANN limited in respect to transactions or Circumstances That May be the subject of a compliance-related inquiry; provided, however, That Such Shall obligation not apply to requests for copies of the Register's Entire database or transaction history. Such copies are to be provided at Registrar's expense. In responding to ICANN's request for delivery of electronic data, information and records, submit Such Register May information in a format reasonably acceptable and convenient to Register to ICANN so as to minimize disruption to the Registrar's business. In the Register Believes That event the provision of any such data, information or records to ICANN would violate applicable law or any legal proceedings, ICANN and Registrar agree to discuss in good faith Whether Appropriate limitations, protections, or alternative solutions can be Identified to Such allow the production of data, information or records in complete or redacted form, as Appropriate.ICANN Shall not disclose the content of Such data, information or records except as required by applicable EXPRESSLY law, any legal proceeding or Specification or Policy. Procedure for Data To Be Made Available to ICANN 1. If, pursuant to Section 3.4.3, Provides notice to ICANN to register Requiring that (1) data, information, or records be made available to ICANN for inspection or copying; or (2) That data, information or records be delivered to ICANN, the record May request, in writing (with email Deemed sufficient), ICANN That Provide a written description to Specifying a reasonable extent: (a) the data, information, and records That are the subject of the request; and (b) the purpose, treats including identification of the envisaged transfers to third parties and the purpose of Such transfer, Which Maintains That ICANN for access to or a copy of the data, information, and records is Necessary (the "Access Description Purpose"). 2.ICANN will, upon the written request of the record, Provide the With the Access Purpose record Description in writing (with email Deemed sufficient). With respect to the purpose, ICANN is limited to one or more of the purposes Described in the draft document "Description of 2013 RAA Specification Data Retention data elements and Potentially legitimate purposes for collection / retention "that was posted on 21 March 2014 (the "Description") as it May be modified by ICANN from time to time. Any future Changes to the Description must be in Line with the law and regulations applicable to the registrars, Including but not limited to rules on the processing of data for purposes Which are not incompatible With the legitimate purpose for Which the Data Were Collected originally. ICANN will work in good faith to Agree with the Registrar on Appropriate levels of data protection, if applicable, and, Respecting Necessary to any Safeguards Achieve th purpose (eg, Standard Contractual Clauses, If appropriate). 3.If an Access Description Purpose is to register and Requested by provided by ICANN, ICANN will not process or use the data, information, and records for any purpose other than Those Stated in the Access Purpose Description. This does not exclude from issuing a further ICANN Access Purpose Description, Referring to one or more purposes listed in the Description, if another purpose Becomes Relevant Such With respect to data, information, and records and is in Line with the law and regulations applicable to the registrars, Including but not limited to rules on the processing of data for purposes Which are not incompatible With the legitimate purpose for Which the Data Were Collected originally.Ace provided in Section 3.4.3 of the 2013 RAA, ICANN will not disclose the Such content of data, information, or records to a third party except as EXPRESSLY required by applicable law; any legal proceeding; or Or Policy Specification (as defined in the 2013 RAA) in Line with the law and regulations applicable to the registrars, Including but not limited to rules on the processing of data for purposes Which are not incompatible With the legitimate purpose for Which the Data Were Collected originally; and, to the extent applicable, in Line with any "onward transfer requirements "Safeguards to Which ICANN has stipulated to Ensure Appropriate levels of data protection on part of ICANN (eg, Standard Contractual Clauses, If appropriate).If ICANN is required to disclose the content of the data, information or records in Accordance With The PRECEDING sentence, it will notify the register Immediately Involved in writing (with email Deemed sufficient) of the grounds for the order or requirement, the party to Whom the data must be Disclosed and the Stated purpose of the disclosure, as well as the legal Means available to Oppose Such disclosure, if and to the extent Stated in the order or requirement, UNLESS and to the extent EXPRESSLY Such notification is prohibited by law or court order. 4. ICANN will delete the data, information, and records if and When They are no longer required for the purpose (s) Stated in the Access Purpose Description (s), subject to adherence to any retention requirements mandated by law, if any. If a record Believes That the provision of any such data, information, or records to ICANN would violate applicable law or any legal proceedings, any ensuing good faith discussions Between ICANN and the record will take into consideration the purposes September forth in the Access Purpose Description provided by ICANN. Those in good faith discussions, ICANN would take into account, without limitation any legal opinion Submitted by the Nationally Recognized record from a law firm in the applicable jurisdiction and, in particular the rulings or guidance provided by a EU national or governmental body of competent jurisdiction Including Authorities Relevant data protection, as well as the requirement of Section 3.7.2 2013 RAA That record Shall abide by applicable laws and governmental regulations. If good faith discussions are ongoing Between ICANN and the registration as Indicated above, ICANN would refrain from Commencing a compliance procedure against the record for breach of Section 3.4.3 of the 2013 RAA for a reasonable period of time with the goal of Allowing the good faith Facilitate discussions to a resolution. ------------------------------ 1 < https://www.icann.org/news/announcement-2015-06-05-en#note1>In With ICANN discussions, Most registrars Have Acknowledged That legitimate purposes exist for the retention of the data elements specified in Articles 1.1 and 1.2 of the Data Retention Specification (the "Specification") of 2013 RAA, but some registrars Have called for clarification of the 2013 RAA's process for ICANN's request for data from a register to Ensure a consistent use of the data, Which is not addressed by the waiver process Described in the Specification. _______________________________________________ [[--Original text (es) http://mm.icann.org/transbot_archive/190f5af099.html --]]