To answer the question “Who should have access to gTLD registration data and why?” the PDP should be informed by available inputs dealing with purpose.
The purpose sub-team considered this charter question, starting with key inputs identified in the PDP Issue Report and WG Charter, identified additional key inputs, and summarized them in the following document:
Summary of Key Inputs on Purpose - Final Template PDF
Those key inputs on purpose include:
Available Inputs – Hyperlinked to Sources |
WHOIS Task Force Final Report (2003) |
WHOIS Task Force Final Report (2007) |
WHOIS Policy Review Team Final Report (2012) |
2013 RAA's Data Retention Specification Discussion Document (2014) |
SAC055, WHOIS: Blind Men and an Elephant (September 2012) |
Privacy & Proxy Services Accreditation PDP Final Report (2015) and GNSO Council Recommendations Report to the Board regarding Adoption of PPSAI PDP |
GAC Communiqués (also reached via this link) regarding WHOIS (2007-2015), especially
GAC Principles Regarding gTLD WHOIS Services (2007) |
Article 29 WP statement on the data protection impact of the ICANN RAA (2013-2014)
- https://www.icann.org/en/system/files/correspondence/namazi-to-kohnstamm-25mar14-en.pdf
- https://www.icann.org/en/system/files/correspondence/kohnstamm-to-jeffrey-08jan14-en.pdf
- https://www.icann.org/en/system/files/correspondence/jeffrey-to-kohnstamm-20sep13-- en.pdf
https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-chehade-06jun13-en.pdf |
Article 29 WP comments on the data protection impact of the revision of the ICANN RAA concerning accuracy and data retention of WHOIS (2012)
- https://www.icann.org/en/system/files/correspondence/kohnstamm-to-crocker-atallah-26sep12-en.pdf
- https://www.icann.org/en/news/correspondence/chehade-to-kohnstamm-09oct12-en |
Article 29 WP on ICANN Procedure for Handling WHOIS Conflicts with Privacy Law (2007)
- http://gnso.icann.org/en/correspondence/cerf-to-schaar-24oct07.pdf
- https://www.icann.org/en/system/files/files/cerf-to-schaar-15mar07-en.pdf
- https://www.icann.org/en/correspondence/schaar-to-cerf-12mar07.pdf |
Article 29 WP on ICANN’s WHOIS Database Policy (2006)
- https://www.icann.org/en/system/files/files/schaar-to-cerf-22jun06-en.pdf
- https://www.icann.org/en/correspondence/lawson-to-cerf-22jun06.pdf
- https://www.icann.org/en/correspondence/parisse-to-icann-22jun06.pdf
- https://www.icann.org/en/system/files/files/fingleton-to-cerf-20jun06-en.pdf |
Article 29 WP Opinion on the application of the data protection principles to WHOIS directories
Article 29 WP 76 Opinion 2/2003 |
Additional Article 29 WP documents that may be of interest to this PDP WG |
- Article 29 WP 5 Recommendation 2/97 |
- Article 29 WP 33 Opinion 5/2000 |
- Article 29 WP 41 Opinion 4/2001 |
- Article 29 WP 56 Working Document 5/2002 |
- Article 29 WP 217 Opinion 4/2014 |
- Article 29 WP 203 Opinion 3/2013 |
- Article 29 WP 20 Opinion 3/1999 |
Council of Europe Declaration
Declaration of the Committee of Ministers on ICANN, human rights and the rule of law (3 June 2015) |
EDPS Correspondence regarding Registration Data |
- Opinion of the European Data Protection Supervisor: Europe's role in shaping the future of Internet Governance (23 June 2014) |
- ICANN's public consultation on 2013 RAA Data Retention Specification Data Elements and - Legitimate Purposes for Collection and Retention (17 April 2014) |
European Commission Website: Obligations of Data Controllers and Definition of Data Controllers |
International Working Group on Data Protection in Telecommunications and Media Documents |
- Common Position relating to Reverse Directories (Hong Kong, 15.04.1998) |
- Common Position on Privacy and Data Protection aspects of the Registration of Domain Names on the Internet (Crete, 4./5.05.2000) |
- Common Position on Privacy and Data Protection aspects of the Publication of Personal Data contained in publicly available documents on the Internet (Crete, 4./5.05.2000) |
- Common Position on Incorporation of telecommunications-specific principles in multilateral privacy agreements: Ten Commandments to protect Privacy in the Internet World (Berlin, 13/14.09.2000) |
- Common Position on data protection aspects in the Draft Convention on cyber-crime of the Council of Europe (Berlin, 13/14.09.2000) |
Relevant National Laws that may apply to gTLDs, including - U.S. Anticybersquatting Consumer Protection Act (ACPA), 15 USC §1125 |
EWG Recommendations for a Next-Generation RDS, especially - Section 3, Users and Purposes - Annex C, Example Use Cases - Annex A, Board Questions |
EWG Tutorial Pages 17-20, 37-41and EWG FAQs 9-12, 67 |
Video FAQ “Is my purpose supported by the RDS?” |
Statements/Blogs by Perrin and Samuels |
Process Framework for a PDP on Next-Generation RDS, especially Page 9, Row 1 |
Registrar Accreditation Agreement (2013) |
WHOIS Uniform Domain Name Dispute Resolution Policy and Rules for Uniform Domain Name Dispute Resolution Policy |
WHOIS New gTLD URS Policy and Rules for URS Policy |
WHOIS Expired Domain Deletion Policy |
WHOIS Inter-Registrar Transfer Policy |
ICANN WHOIS Portal Knowledge Center Q&A: What is WHOIS data used for? |
Privacy & Information Security Law Blog: Article 29 Working Party Clarifies Purpose Limitation Principles |
U.S. Department of Commerce, National Telecommunications and Information Administration (NTIA) - Green Paper: Improvement of Technical Management of Internet Names and Addresses (1998) - White Paper: Management of Internet Names and Addresses, Statement of Policy (2012) |
U.S. GAO INTERNET MANAGEMENT: Prevalence of False Contact Information for Registered Domain Names (2005) |
Anti-Phishing Working Group Advisory on Utilization of Whois Data For Phishing Site Take Down (2008) |
See also Public Comments on Issue Report for input to be considered by PDP WG.