To answer the question “Who should have access to gTLD registration data and why?” the PDP should be informed by available inputs dealing with purpose.

The purpose sub-team considered this charter question, starting with key inputs identified in the PDP Issue Report and WG Charter, identified additional key inputs, and summarized them in the following document:

Summary of Key Inputs on Purpose - Final Template PDF

Those key inputs on purpose include:

Available Inputs – Hyperlinked to Sources

WHOIS Task Force Final Report (2003)

WHOIS Task Force Final Report (2007)

WHOIS Policy Review Team Final Report (2012)

2013 RAA's Data Retention Specification Discussion Document (2014)

SAC055, WHOIS: Blind Men and an Elephant (September 2012)

Privacy & Proxy Services Accreditation PDP Final Report (2015) and

GNSO Council Recommendations Report to the Board regarding Adoption of PPSAI PDP

GAC Communiqués (also reached via this link) regarding WHOIS (2007-2015), especially
GAC Principles Regarding gTLD WHOIS Services (2007)

Article 29 WP statement on the data protection impact of the ICANN RAA (2013-2014)
- https://www.icann.org/en/system/files/correspondence/namazi-to-kohnstamm-25mar14-en.pdf
- https://www.icann.org/en/system/files/correspondence/kohnstamm-to-jeffrey-08jan14-en.pdf
- https://www.icann.org/en/system/files/correspondence/jeffrey-to-kohnstamm-20sep13-- en.pdf
https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-chehade-06jun13-en.pdf

Article 29 WP comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS (2012)
- https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf
- https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en

Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts with Privacy Law (2007)
- http://gnso.icann.org/en/correspondence/cerf-to-schaar-24oct07.pdf
- https://www.icann.org/en/system/files/files/cerf-to-schaar-15mar07-en.pdf
- https://www.icann.org/en/correspondence/schaar-to-cerf-12mar07.pdf

Article 29 WP on ICANN’s WHOIS Database Policy (2006)
- https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf
- https://www.icann.org/en/correspondence/lawson-to-cerf-22jun06.pdf
- https://www.icann.org/en/correspondence/parisse-to-icann-22jun06.pdf
- https://www.icann.org/en/system/files/files/fingleton-to-cerf-20jun06-en.pdf

Article 29 WP Opinion on the application of the data protection principles to WHOIS directories
Article 29 WP 76 Opinion 2/2003 

Additional Article 29 WP documents that may be of interest to this PDP WG

-        Article 29 WP 5 Recommendation 2/97 

-        Article 29 WP 33 Opinion 5/2000 

-        Article 29 WP 41 Opinion 4/2001 

-        Article 29 WP 56 Working Document 5/2002

-        Article 29 WP 217 Opinion 4/2014

-        Article 29 WP 203 Opinion 3/2013

-        Article 29 WP 20 Opinion 3/1999

Council of Europe Declaration
Declaration of the Committee of Ministers on ICANN, human rights and the rule of law (3 June 2015)

EDPS Correspondence regarding Registration Data

-        Opinion of the European Data Protection Supervisor: Europe's role in shaping the future of Internet Governance (23 June 2014)

-        ICANN's public consultation on 2013 RAA Data Retention Specification Data Elements and - Legitimate Purposes for Collection and Retention (17 April 2014)

European Commission Website: Obligations of Data Controllers and Definition of Data Controllers

International Working Group on Data Protection in Telecommunications and Media Documents

-        Common Position relating to Reverse Directories (Hong Kong, 15.04.1998)

-        Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet (Crete, 4./5.05.2000)

-        Common Position on Privacy and Data Protection aspects of the Publication of Personal Data contained in publicly available documents on the Internet (Crete, 4./5.05.2000)

-        Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements: Ten Commandments to protect Privacy in the Internet World (Berlin, 13/14.09.2000)

-        Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe (Berlin, 13/14.09.2000)

Relevant National Laws that may apply to gTLDs, including

-        U.S. Anticybersquatting Consumer Protection Act (ACPA), 15 USC §1125

EWG Recommendations for a Next-Generation RDS, especially

-        Section 3, Users and Purposes

-        Annex C, Example Use Cases

-        Annex A, Board Questions

EWG Tutorial Pages 17-20, 37-41and EWG FAQs 9-12, 67

Video FAQ “Is my purpose supported by the RDS?

Statements/Blogs by Perrin and Samuels

Process Framework for a PDP on Next-Generation RDS, especially Page 9, Row 1

Registrar Accreditation Agreement (2013)

WHOIS Uniform Domain Name Dispute Resolution Policy and

Rules for Uniform Domain Name Dispute Resolution Policy

WHOIS New gTLD URS Policy and Rules for URS Policy

WHOIS Expired Domain Deletion Policy

WHOIS Inter-Registrar Transfer Policy

ICANN WHOIS Portal Knowledge Center Q&A: What is WHOIS data used for?

Privacy & Information Security Law Blog: Article 29 Working Party Clarifies Purpose Limitation Principles

U.S. Department of Commerce, National Telecommunications and Information Administration (NTIA)

-        Green Paper: Improvement of Technical Management of Internet Names and Addresses (1998)

-        White Paper: Management of Internet Names and Addresses, Statement of Policy (2012)

U.S. GAO INTERNET MANAGEMENT: Prevalence of False Contact Information for Registered Domain Names (2005)

Anti-Phishing Working Group Advisory on Utilization of Whois Data For Phishing Site Take Down (2008)

See also Public Comments on Issue Report for input to be considered by PDP WG.

  • No labels