I am a bit confused Raymond.  While the commissioners are indeed more upset about the 2013 agreement than the earlier ones, they have noted their views (that WHOIS requirements violated data protection laws), for years.  Here is just a short list:


Article 29 Working Group

·      2003 issued opinion on WHOIS (2/2003)

·      2006 wrote to Chairman (Vint Cerf) with concerns about ongoing WHOIS review and failure to identify purpose of data collection

·      2013 wrote to Chairman (Crocker) & CEO with  concerns about the 2013 RAA: all European registrars would require a “waiver” according to the ICANN Conflicts with law procedure

·      2014 wrote to ICANN’s General Counsel re concerns about the 2013 Registrar’s Accreditation Agreement, and reaffirming its own authority to represent the 26 members of the group in a common position

·      2014 Peter Hustinx, then European Data Protection Supervisor wrote to the Chairman (Crocker) and CEO (Chehade) to inform them that the data retention directive had been declared unconstitutional by the European Court of Justice, and that ICANN’s data retention requirements were not lawful.

International Working Group on Data Protection in Telecommunications

·      2000 published a common position on WHOIS

·      2003 IWGPT wrote to ICANN with concerns about the Interim Report Of The Names Council's WHOIS Task Force Of October 14, 2002

·      2005 IWGPT wrote to the International Working Group on Internet Governance (IWGIG) to let them know that the two groups exist and are interested in Internet privacy issues and further cooperation

International Conference of Data Commissioners

·      2009 resolution to consider sending a representative with observer status to ICANN

I can of course dig up the references to all of these.
The fact that there has been no enforcement action is not due to a lack of an understanding of the issue, nor that it does not violate law.  It is most likely due to a reluctance to make their national registrars suffer for ICANN's policy, in my view.  It is unlikely that this situation will endure forever.


Kind regards,
Stephanie Perrin
On 2015-05-05 21:53, arbitrator wrote:
My recommendation is not to change to the procedure.  If it works there is no need to fix it.
Best, 
Raymond

 arbitrator <arbitrator@raymondho.com> wrote:


When comparing the Icann standard registry agreement with the EU privacy data protection regulations, for instance,  it is obvious to me that the contractual provisions have no conflict with these regulations. That might explain why no one had invoked the procedure in all these years. I invite  my colleagues to consider the issues in the context of the case before us. Sorry for missing the upcoming call.

Best, 
Raymond





Raymond HO <arbitrator@raymondho.com> wrote:


Thanks, Steven.



I respectfully invite you to consider the goals for the procedure as highlighted in resolution 20051128-05 below:

“20051128-05

 The GNSO votes in favour of the following consensus policy recommendation from the WHOIS task force CONSENSUS POLICY RECOMMENDATION

 In order to facilitate reconciliation of any conflicts between local/national mandatory privacy laws or regulations and applicable provisions of the ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service, ICANN should:

   Develop and publicly document a procedure for dealing with the situation in which a registrar or registry can credibly demonstrate that it is legally prevented by local/national privacy laws or regulations from fully complying with applicable provisions of its ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service.

 Create goals for the procedure which include:

   Ensuring that ICANN staff is informed of a conflict at the earliest appropriate juncture;

   Resolving the conflict, if possible, in a manner conducive to ICANN's Mission, applicable Core Values and the stability and uniformity of the Whois system;

   Providing a mechanism for the recognition, if appropriate, in circumstances where the conflict cannot be otherwise resolved, of an exception to contractual obligations to those registries/registrars to which the specific conflict applies with regard to collection, display and distribution of personally identifiable data via the gTLD WHOIS service; and

   Preserving sufficient flexibility for ICANN staff to respond to particular factual situations as they arise.

 As regards the applicable contractual provisions regarding the collection, display and distribution of personal data via the gTLD WHOIS service, I think it might be helpful to review the standard Registry Agreement https://www.icann.org/resources/pages/registries/registries-agreements-en, in particular, clause 2.18 and Specification 4 reproduced below:



 2.18            Personal Data.  Registry Operator shall (i) notify each ICANN-accredited registrar that is a party to the 

_______________________________________________
Whois-iag-volunteers mailing list
Whois-iag-volunteers@icann.org
https://mm.icann.org/mailman/listinfo/whois-iag-volunteers