FINAL VERSION SUBMITTED (IF RATIFIED)
The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote.
FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC
The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.
11 November 2018
Introduction
It has been six years since the original WHOIS Final Report Report Recommendations were made which means that many of them have already been implemented (as acknolwedged by the working group) or overtaken by implemenation of the following (as acknowledged in this Report).
- Development and adoption by ICANN of RDAP, replacing the WHOIS protocol
- Changes to the RAA in 2013, including new requirements on Whois Accuracy
- Compliance area adoption of enhanced monitoring of accuracy requirements anad tools
- Most significantly, ICANN's urgent steps through the work of the EPDP and Unified Access Model to address issues on the collection, access and use of personal information by the RAA/Registry agreements as raised by the GDPR.
The recommendation on outreach is also premature until EPDP and Access Model requirements are settled.
Generally, the ALAC should continue to support the need for accuracy of the personal data collected, and that the accuracy of data continue to be a priority of Compliance.
As this Report notes, while ICANN believes all of the 16 recommendations in the WHOIS Final Report have been fully implemented, this working Group finds that only 8 of the Report's recommendations have been fully implemented - as noted below.
The Report sets out the Working Group's Objectives. Apart from its primary task of review of the recommendations of the 2012 WHOIS Final Report (Objective One) other objective include Anything New (Objective 2), Law Enforcement Needs (Objective 3), Consumer Trust (Objective 4) Safeguarding Registrant Data (Objective 5), and ICANN Contractual Compliance Action, Structure and Processes (Objective 6)
Objective One: Suggested Responses to the original recommendations (and whether they have been implemented) are proposed as follows:
- Strategic Priority (Rec 1) (Partially Implemented)
The Report makes three recommendations for the Board to establish a Board subcommittee and monitor legislative and policy developments on RDS from a legislative and policy perspective
Suggested ALAC Response: Revise and defer the recommendation. The Board is already engaged in the development of new policies to address the GDPR. Once there is established policy on the collection, use and access to personal daa under a revised RAA/Registry agreements, clearly there should be Board oversight of relevant legislative and policy developments that further impact on RDA.
- Single Whois Policy (Rec 2) (Fully Implemented)
There has been a single portal with links to elements of Whois. The Recommendation is for revision and updating to documentation
Suggested ALAC response: Accept ( only when ICANN policies on registrant data are finalised)
- Outreach(Rec 3) (Implemented but not to communities outside ICANN)
Recommendation to identify and target groups outside of ICANN for information on RDA
Suggested response: Accept in principle, but only when ICANN policies on registrant data finalised
- Compliance (Rec 4) (Significant Improvement, partially implemented)
Recommendation for Board to proactively monitor and enforce RDS data accuracy requirements – detailed in recommendations
Suggested ALAC response: Support recommendation
- Data Accuracy (Rec 5 – 9) (Rec 5 Fully implemented, Recs 6-7 partially implemented, Rec 9 not implemented)
Recommendations for methodology to determine underlying causes and action to be taken to address accuracy
Suggested ALAC response: strongly support recommendations
- Privacy/Proxy Services (Rec 10) (PDP completed recommendation assessment of effectiveness)
Recommendation for monitoring of effectiveness of the PPSAI
Suggested ALAC response: support recommendation
- Common Interface (Rec 11) (Fully implemented)
Recommendation for common interface on all publicly available RDS output with suggestions on metrics for tracking and evaluation of effectiveness
Suggested ALAC response: delay implementation until finalisation of EPDP and Unified Access Model
- Internatonalized Domain Names (Rec 12 – 14) (Fully implemented)
No recommndation - review of effectiveness to be deferred until the program is fully implemented
Suggested ALAC Response: Agree on recommendation to delay
- Plan and Annual Reports (Rec 15 – 16) (Partially implemented)
Recommendation for regular gathering of data to allow assessment of effectiveness of RDS
Suggested ALAC Response: Accept recommendation
Objecive Two: Anything New
(no new recommendations at this time)
Objective Three: Law Enforcement Needs
Recommendations for regular surveys/studies to assess the effectiveness of RDS policies on meeting the needs of law enforcement agencies and other users working with law enforcement agencies
Ssugggested ALAC Response: Srongly support
Objective Four: Consumer Trust
no recommendations at this time
Objective Five Safeguarding Registrant Data
Recommendation calling for a review to ensure all ICANN contracts with contracted parties include strong uniform requirements for the protection of registrant data
Suggested ALAC Response: Support recommendation
Objective Six: ICANN Contractual Compliance Action, Structure and Processes
recommendations to address issues of the inaccuracy of data and the use of special tools to detect inaccuracies of data
Suggested ALAC Response: Support recommendations
ICANN Bylaws
Recommendation to amend the Bylaw 4(6)(e) on 'safeguarding registrant data' and replace with a more generic requirement for RDS review teams to assess RDS policies and practices
Suggested ALAC Response: Support recommendation
DRAFT SUBMITTED FOR DISCUSSION
The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).
Holly Raiche - First Draft for Comment
Notes for Response to WHOIS Review2 Draft Report
(Note: I have still not developed a response to the additional recommendations made by this draft report, although some of them should also be deferred until there is clarity on a new RDS policy on the collection, retention and access of data).
Introduction
It has been six years since the Report and Recommendations were made – thus making the recommendations either no longer necessary or meaning recommendations should be updated, including the following (some of which have been acknowledged in the draft report
- Development and adoption by ICANN of RDAP, replacing the WHOIS protocol
- Changes to the RAA in 2013, including new requirements on Whois Accuracy
- Compliance area adoption of enhanced monitoring of accuracy requirements
- Most significantly, ICANN push through the EPDP and Unified Access Model to address GDPR
In particular, the urgent focus on the development of revised policies to address compliance impacts on the 2012 recommendations in two specific areas including
- Focus on the ICANN GNSO and Board on the development of revised policies mean
recommendations for a stronger Board focus on WHOIS policy are inappropriate at this time, given the Board’s new focus on the GDPR and development of new RDS policies
- Given the uncertainty on what personal data will be collected, retained and access and who will have access on that data in what circumstances, it is premature to strengthen WHOIS requirements on data collection and access before the EPDP and Uniform Access Model are adopted and there is clarity on what data is collected, what data is publicly available and in what circumstances. As well, the recommendation on outreach is also premature until there is finality on the EpDP and Access Model requirements
Nevertheless, the ALAC should continue to support the need for accuracy of the personal data collected, and that the accuracy of data continue to be a priority of Compliance.
Suggested Responses to the 12 Original recommendations(and whether they have been implemented) are proposed as follows:
- Strategic Priority (Rec 1) Partially Implemented
The Report makes 3 recommendations for the Board to establish a Board subcommittee and monitor legislative and policy developments on RDS from a legislative and policy perspective
Suggested Response: Defer the recommendation (or delete) The Board is already engaged in the development of new policy to address the GDPR
- Single Whois Policy (Rec 2) (Fully Implemented)
There has been a single portal with links to elements of Whois. The Recommendation is for revision and updating to documentation
Suggested response: Accept in principle, but only when ICANN policies on registrant data is finalised
- Outreach(Rec 3) (Done but not to communities outside ICANN)
Recommendation to identify and target groups outside of ICANN for information on RDA
Suggested response: Accept in principle, but only when ICANN policies on registrant data finalised
- Compliance (Rec 4) (Significant Improvement, partially implemented)
Recommendation for Board to proactively monitor and enforce RDS data accuracy requirements – detailed in recommendations
Suggested response: Support recommendation
- Data Accuracy (Rec 5 – 9) (Partially or fully implemented – but not necessarily clear of improvement in contactability)
Recommendation for methodology to determine underlying cause and action to be taken
Suggested response: support recommendation
- Privacy/Proxy Services (Rec 10) (PDP completed recommendation assessment of effectiveness)
Recommendation for monitoring of effectiveness of the PPSAI – which becomes operational on 31Dec 2019
Suggested response: support recommendation
- Common Interface (Rec 11) (Fully implemented)
Recommendation for common interface on all publicly available RDS output with suggestions on metrics
Suggested response: delay implementation until finalisation of EPDP and Unified Access Model
- IDNs (Rec 12 – 14) (Fully implemented)
- Recommendation - to defer implementation, and review occur after RDAP is implemented
Suggested Response: Agree on recommendation to delay
- Plan and Annual Reports (Rec 15 – 16) (Partially implemented)
- Recommendation for regular gathering of data to allow assessment of effectiveness of RDS
Suggested Response: Accept recommendation