WHOIS1 Rec #10: Privacy/Proxy Services

Objective

Consistent with ICANN’s mission and Bylaws, Section 4.6(e)(iv), the Review Team will (a) evaluate the extent to which ICANN Org has implemented each prior Directory Service Review recommendation (noting differences if any between recommended and implemented steps), (b) assess to the degree practical the extent to which implementation of each recommendation was effective in addressing the issue identified by the prior RT or generated additional information useful to management and evolution of WHOIS (RDS), and (c) determine if any specific measurable steps should be recommended to enhance results achieved through the prior RT’s recommendations. This includes developing a framework to measure and assess the effectiveness of recommendations, and applying that approach to all areas of WHOIS originally assessed by the prior RT (as applicable).
RT1 Recommendations to be assessed by this subgroup:
Recommendation #10 - Privacy/Proxy Services

Background Documents

WHOIS1 Implementation Briefings on Recommendations 5, 8, 10, 11: PPT, PDF
Answers to RDS-WHOIS2 Questions on Implementation Briefings
WHOIS Review Team (WHOIS1) Final Report (2012) and Action Plan
WHOIS Review Team (WHOIS1) Implementation Reports, including
- Executive Summary of Implementation Report
- Detailed implementation Report
Documents cited in briefing on Recommendation 10 include
Current PPAA draft (20 March)
Additional links specific to Recommendation 10 may be added here

Further background documents may be found on the Review Team's overall Background Materials page.

Leader/Rapporteur: Volker Greimann

Members: Cathrin Bauer-Bulst, Stephanie Perrin, Susan Kawaguchi, Volker Greimann, Dmitry Belyavsky

Mailing-list archives: http://mm.icann.org/pipermail/rds-whois2-privacy-proxy/

Conference calls: see here

Review Team Templates: see here

Subgroup Documents

DOCX

Date	Document (Versions in Red are latest)	File
Subgroup Report
10 Aug 2018	v9	DOCX
02 Aug 2018	v8	DOCX
30 Jul 2018	v7 (incl. FtoF #3 Agreements)	DOCX
22 Jun 2018	v6	DOCX
13 Jun 2018	v5	DOCX
06 Jun 2018	v4	DOCX
23 May 2018	v3	DOCX
10 Apr 2018	v2	DOCX
04 Apr 2018	v1	DOCX
Face-to-Face Mtg #2 Slides - Findings
13 Apr 2018	v2	PPTX
09 Apr 2018	v1	PPTX
	Case Study of P&P Service Abuse (submitted by Lili)
03 Jun 2018	v1	DOCX
Planning Questions
01 Mar 2018	v1	PDF
First Pass Document
08 Feb 2018	v4	DOCX
17 Jan 2018	v3	DOCX
11 Dec 2017	v2	DOCX
06 Dec 2017	v1	DOCX

ICANN Org Briefings/Answers

Written answers provided by Registrar Services staff leading PP IRT (20 March)
Compliance staff input, includes:

20 March written answers to PP IRT related questions
Metrics for P/P Spec in the 2013 RAA

Written implementation briefing (27 March)
Responses from ICANN Compliance and Global Domains Division to Data Accuracy Subgroup Questions

Open Actions/Requests

Item #	Source of Request	Date of Request	Action Item Request	Action Owner	Anticipated Completion Date*	Progress Notes

Completed Actions/Requests

*To be provided once reasonable date is determined by appropriate subject-matter expert

Item #	Source of Request	Date of Request	Action Item Request	Action Owner	Anticipated Completion Date*	Completed Response	Completion Date
19	#37	06 Aug 2018	Apply editorial change "The ICANN Board should recommend to the next review team" to rec 10.2 (also 12.1)	ICANN org			10 Aug 2018
18	FtoF #3	27 Jul 2018	Volker to update subgroup report to reflect decisions reached and proposed recommendation.	Volker			03 Aug 2018
17	#34	16 Jul 2018	Volker to address any concerns raised in a final draft to be sent to the full RT by the end of this week.	Volker			03 Aug 2018
16	#34	16 Jul 2018	Subgroup members to take a last look at the subgroup report and submit comments via email or confirm they agree with the subgroup draft report as is.	Subgroup
15	#3	14 Jun 2018	Volker to propose text for an issue on Abuse noting that PP abuse may occur and that a future review should include examining the impact of PP services on abuse. Consider whether this should lead to a recommendation that this be examined within 2 years after implementation/effective date of the policy - and/or collection of data to enable review.	Volker		Email	21 Jun 2018
14	#3	14 Jun 2018	Volker to reword Issue #2 (impact of GDPR) to clarify comment but make no recommendation	Volker		Email	21 Jun 2018
13	#3	14 Jun 2018	Volker to reword Issue #1 (cost/fees) as a brief comment but not a recommendation, since implementation is underway and it is not yet time to make any recommendation on this	Volker		Email	21 Jun 2018
12	#3	14 Jun 2018	Additional issue related to grandfathering: (a) Volker to draft language regarding accuracy trigger in 2013 RAA for consideration by RT when data accuracy report is discussed (this will not to be addressed in PP report as "grandfathering" does not apply to PP registered domains) (b) Susan to revise Recommendation on grandfathering compliance in the Compliance Subgroup report to broaden it to include all policies and DN registrations	Volker/Susan		Email	21 Jun 2018
11	#3	14 Jun 2018	Volker to provide alternative text for Rec 10 Objective 6 referring to PPSAI PDP recommendation on CATEGORY B QUESTION 2, indicating this objective was taken into consideration in the PDP but it is not appropriate for the RT to comment on sufficiency of this until implementation is complete. The PPSAI PDP recommendation: WG Conclusion: The WG recommends that P/P service customer data be validated and verified in a manner consistent with the requirements outlined in the WHOIS Accuracy Program Specification of the 2013 RAA (as updated from time to time). Moreover, in the cases where a P/P service provider is Affiliated with a registrar and that Affiliated registrar has carried out validation and verification of the P/P customer data, re-verification by the P/P service provider of the same, identical, information should not be required.	Volker		Email	21 Jun 2018
10	#28	11 Jun 2018	ICANN org to prepare and send out doodle for a subgroup meeting (incl. Stephanie) this week, based on Volker's availability.	ICANN org		Email	11 Jun 2018
9	#27	14 May 2018	Susan to liaise with Volker and progress on the subgroup draft report.	Susan		Email	24 May 2018
7	#26	17 Apr 2018	Volker to clarify following issues for RT: Issue #1: Current funding proposals for accreditation program create concerns of ICANN failing the goal of onboarding all providers of such services due to inflation of costs. ICANN Org staff seems to be unable to justify proposed accreditation fees, which may endanger the entire program. Issue #2: Impact of GDPR data redaction requirements on privacy services are yet unknown, but significant impact is expected as personal data becomes hidden by default without	Volker		Email	02 May 2018
8	#26	18 Apr 2018	Dmitry to be added to Rec #10: Privacy/Proxy Services	ICANN org			18 Apr 2018
6	#25	06 Apr 2018	Susan to touch base with Volker on subgroup report	Susan		Email	25 Apr 2018
5	#22	05 Mar 2018	Susan to review list of questions in light of Alan's comments https://mm.icann.org/pipermail/rds-whois2-privacy-proxy/2018-March/000016.html	Susan	/	Email	12 Mar 2018
3	#1	26 Feb 2018	Schedule briefing with ICANN Org staff leading the IRT staff support to learn how team will ramp up to manage PPSAI policy compliance.	ICANN org	20 Mar 2018	Email	20 Mar 2018
4	#1	26 Feb 2018	Request written briefing from ICANN Org if there are complaints that have been filed related to 2013 RAA specs, if so what was the nature of those complaints and steps taken.	Subgroup members	16 Mar 2018	Email	11 Mar 2018
2	#1	26 Feb 2018	Provide first draft of questions for IRT compliance team (by 27 Feb).	Susan	27 Feb 2018	Email	27 Feb 2018
1	#1	26 Feb 2018	Draft answers to planning questions and provide to Volker to review and share with subgroup.	ICANN org	27 Feb 2018	/	27 Feb 2018

Decisions Reached

Source of request	Date	Decision
FtoF #3	27 Jul 2018	R10.x to be added to P/P section: R10.x Reviewing the effectiveness of the implementation of #Rec 10 should be deferred and carried out by the next RDS review team after PPSAI Policy is implemented.
FtoF #3	27 Jul 2018	Issue #5 to be expanded to discuss P/P abuse risk, potential for change in P/P use due to GDPR, a reference to the WHOIS P/P Abuse Study, and also to the CCT RT study on P/P and DDARP recommendation (when available).
FtoF #3	27 Jul 2018	Issue #3 is subject to confirmation after ICANN legal review is completed: The RT is currently not aware of any need to delay the implementation of accreditation program due to GDPR.
FtoF #3	27 Jul 2018	The entire P/P Issues/Problems section should be prefaced with a qualifier that the issues are based on the status of PPSAI policy implementation as of July 2018, and are subject to update as implementation continues.
FtoF #3	27 Jul 2018	No change to subgroup’s conclusion that the recommendation to initiate policy development is “fully implemented” but the conclusion should clearly state that policy implementation remains underway.
#3	14 Jun 2018	The subgroup will follow the RT's agreement to not relegislate PDPs. Can raise concerns but should not make recommendations to modify PDP WG's recommendations prior to implementation.
#3	14 Jun 2018	Grandfathering is not a concept for PP registered domains but should be taken up in the data accuracy and compliance reports
#1	26 Feb 2018	All subgroups members are to review PPSAI and RAA specs on Privacy/Proxy.
#1	26 Feb 2018	Subgroup to review implementation of RT1 recommendation: 2013 RAA specs and PPSAI policies. IRT is underway to policy effective date is unlikely to be this year. Limit subgroup's work to what has been completed and not wait for policy to become effective.
#1	26 Feb 2018	Subgroup to develop questions for IRT Compliance team.
#1	26 Feb 2018	Rapporteur will collate the findings of all members into a single document. All subgroup members to review/contribute to findings.

Content

Space Tools