GNSO Council Report to the ICANN Board

Last Updated: 9 September 2009
Date: 
18 January 2006

GNSO Council Report to the ICANN Board
18 January, 2006

Policy recommendation and advice on a procedure for handling conflicts between a registrar/registry's legal obligations under privacy laws and their contractual obligations to ICANN

This is the GNSO Council report to the ICANN Board as specified in the ICANN Bylaws, Annex A, section 11. The lettered items below follow the report sequence set out in the Bylaws.

a. A clear statement of any Supermajority Vote recommendation of the Council:

At its meeting on 28 November, 2005, the GNSO Council voted in favour of the following consensus policy recommendation of the WHOIS task force. There were 26 votes in favour and one abstention (Avri Doria abstained, saying the recommendation does not sufficiently protect privacy.).

A Supermajority Vote was reached recommending the following:

CONSENSUS POLICY RECOMMENDATION

"In order to facilitate reconciliation of any conflicts between local/national mandatory privacy laws or regulations and applicable provisions of the ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service, ICANN should:

  1. Develop and publicly document a procedure for dealing with the situation in which a registrar or registry can credibly demonstrate that it is legally prevented by local/national privacy laws or regulations from fully complying with applicable provisions of its ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service.

  2. Create goals for the procedure which include:

    1. Ensuring that ICANN staff is informed of a conflict at the earliest appropriate juncture;

    2. Resolving the conflict, if possible, in a manner conducive to ICANN's Mission, applicable Core Values and the stability and uniformity of the Whois system;

    3. Providing a mechanism for the recognition, if appropriate, in circumstances where the conflict cannot be otherwise resolved, of an exception to contractual obligations to those registries/registrars to which the specific conflict applies with regard to collection, display and distribution of personally identifiable data via the gTLD WHOIS service; and

    4. Preserving sufficient flexibility for ICANN staff to respond to particular factual situations as they arise.

The GNSO recommends the ICANN staff consider the advice given in the task force report as to a recommended procedure."

The GNSO Council's WHOIS Task Force also produced Well-developed advice on a procedure for handling WHOIS conflicts with privacy law. The task force encouraged ICANN staff to use the principles in this advice as a starting point for developing the procedure called for in the Consensus Policy Recommendation. (The text of the advice directly follows that of the consensus policy recommendation in the final report submitted to the GNSO Council, and attached as Annex 2 to this Board Report.)

b. If a Supermajority Vote was not reached, a clear statement of all positions held by Council members.

As a Supermajority vote on this recommendation was reached, it is not necessary to include a statement of positions held by all Council members.

c. An analysis of how the issue would affect each constituency, including any financial impact on the constituency;

(i) Commercial and Business Users Constituency (BC)

The BC did not include in its constituency statement an explicit analysis of the effect on the constituency. The BC did note that transparency of processes was beneficial. The issue does not appear to have a direct financial impact on the BC.

(ii) Non-Commercial Users Constituency (NCUC)

The NCUC did not include in its constituency statement an explicit analysis of the effect on the constituency. The issue does not appear to have a direct financial impact on the NCUC.

(iii) Intellectual Property Constituency (IPC)

In its constituency statement the IPC said "a sound policy in this area would benefit the constituency, whose members rely upon public access to Whois data to manage their domain name portfolios, enforce their rights against copyright and trademark infringers, and combat cybersquatting, among other purposes. The lack of a policy in this area could ultimately reduce this access to Whois data, make access less uniform and predictable, reduce transparency and accountability, and encourage infringers and other violators to utilize particular registrars or registries in order to evade detection or enforcement efforts. This would have an adverse financial impact on constituency members."

(iv) Registrar Constituency (RrC)

The RrC did not include in its constituency statement an explicit analysis of the effect on the constituency. The issue does have a direct material effect on the RrC as it concerns a potential conflict of registrars' contractual requirements with their national or local privacy laws. The procedure to be developed would provide a mechanism for dealing with future conflicts of this type. It is not anticipated that this procedure would have an adverse financial impact on registrars.

(v) gTLD Registries Constituency (RyC)

In its constituency statement the RyC said the recommendation "would assist the members of the RyC in fulfilling their legal obligations in their respective jurisdictions. It should be noted, however, that the Policy/Advice Recommendation 2 does not purport to provide complete assurance that potential conflicts can be avoided or resolved."

(vi) Internet Service Providers and Connectivity Providers Constituency (ISPCP)

The ISPCP did not include in its constituency statement an explicit analysis of the effect on the constituency. The issue does not appear to have a direct financial impact on the ISPCP.

The recommendation is expected to have a positive impact overall. While there has not yet been a reported instance of an enforcement action in relation to a conflict of the RAA WHOIS obligations and national law, the existence of a procedure for dealing with such a conflict will provide clarity and reassurance for registries and registrars. The other constituencies also supported the recommendation.

d. Analysis of the period of time that would likely be necessary to implement the policy

If this recommendation is adopted by the ICANN Board as a consensus policy, its implementation will not require staffing changes, nor will it affect the overall budget. Staff resources will be required to develop a procedure as recommended by the GNSO Council and its task force. The time of the GNSO Council will also be needed to ensure the procedure is in accordance with the Council's wishes.

Staff anticipates that the implementation work — i.e. the development of a procedure implementing the recommendation - will be completed within two months of a Board resolution to adopt this recommendation.

e. The advice of any outside advisors relied upon

No outside advisors were relied upon in the development of this policy recommendation.

f. The Final Report submitted to the Council

The Final task force report on a policy recommendation and advice on a procedure for handling conflicts between a registrar/registry's legal obligations under privacy laws and their contractual obligations to ICANN is available at http://gnso.icann.org/issues/tf-final-rpt-25oct05.htm .



g. A copy of the minutes of the Council deliberation on the policy issue

The minutes of the relevant GNSO Council meeting are included in this report in Annex 1.

Annex 1 — excerpt from the minutes of the GNSO Council deliberation and vote on this issue.

GNSO Council Meeting Minutes, 28 November 2005

List of attendees:
Philip Sheppard - Commercial & Business Users C.
Marilyn Cade - Commercial & Business Users C.
Grant Forsyth - Commercial & Business Users C - remote participation
Greg Ruth - ISCPC - absent - apologies - proxy to Tony Holmes
Antonio Harris - ISCPC - proxy to Tony Holmes (joined meeting after roll call)
Tony Holmes - ISCPC
Thomas Keller- Registrars
Ross Rader - Registrars (joined meeting after roll call)
Bruce Tonkin — Registrars, GNSO Council Chair
Ken Stubbs - gTLD registries
Philip Colebrook - gTLD registries - remote participation
Cary Karp - gTLD registries
Lucy Nichols - Intellectual Property Interests C - absent - apologies - proxy to Niklas Lagergren
Niklas Lagergren - Intellectual Property Interests C
Kiyoshi Tsuru - Intellectual Property Interests C. - absent - apologies - proxy to Niklas Lagergren
Robin Gross - Non Commercial Users C.- remote participation
Norbert Klein - Non Commercial Users C.
Alick Wilson - Nominating Committee appointee - remote participation
Maureen Cubberley - Nominating Committee appointee
Avri Doria - Nominating Committee appointee

17 Council Members

ICANN Staff
Olof Nordling - Manager, Policy Development Coordination
Maria Farrell - ICANN GNSO Policy Support Officer
Liz Williams - Senior Policy Counselor
Tina Dam - Chief gTLD Registry Liaison
Diane Schroeder - General Manager, Conferences, Administration & Finance
Glen de Saint Géry - GNSO Secretariat


GNSO Council Liaisons
Suzanne Sene - GAC Liaison - absent - apologies
Bret Fausett - acting ALAC Liaison - absent - apologies

Michael Palage - ICANN Board member - absent - apologies
Quorum present at 9: 12 PST.

Two MP3 recordings of the second part of the meeting (not very clear)
http://gnso-audio.icann.org/GNSO-Council20051122.mp3
http://gnso-audio.icann.org/GNSO2-20051122;MP3.mp3

Item 7: WHOIS: Final task force report on a policy recommendation and advice on a procedure for handling conflicts between a registrar/registry's legal obligations under privacy laws and their contractual obligations to ICANN

- vote on final recommendation as completed by the WHOIS task force on
19 Oct
Bruce Tonkin noted that the "advice" as set forth was not consensus policy.
Niklas Lagergren stated that the task force Final Report was supported unanimously by the WHOIS task force.
Ross Rader, a member of the task force raised a procedural question that after the task force had already voted on the final report, it should be made precise that reference was to the gTLD WHOIS service and did not refer to the protocol, the RIR WHOIS service or the country code WHOIS service.

Tom Keller seconded by Niklas Lagergren proposed that:

The GNSO votes in favour of the following consensus policy recommendation from the WHOIS task force
CONSENSUS POLICY RECOMMENDATION

"In order to facilitate reconciliation of any conflicts between local/national mandatory privacy laws or regulations and applicable provisions of the ICANN contract regarding the collection, display and distribution of personal data via the gTLD Whois service, ICANN should:

  1. Develop and publicly document a procedure for dealing with the situation in which a registrar or registry can credibly demonstrate that it is legally prevented by local/national privacy laws or regulations from fully complying with applicable provisions of its ICANN contract regarding the collection, display and distribution of personal data via the gTLD WHOIS service.

  2. Create goals for the procedure which include:

    1. Ensuring that ICANN staff is informed of a conflict at the earliest appropriate juncture;

    2. Resolving the conflict, if possible, in a manner conducive to ICANN's Mission, applicable Core Values and the stability and uniformity of the Whois system;

    3. Providing a mechanism for the recognition, if appropriate, in circumstances where the conflict cannot be otherwise resolved, of an exception to contractual obligations to those registries/registrars to which the specific conflict applies with regard to collection, display and distribution of personally identifiable data via the gTLD WHOIS service; and

    4. Preserving sufficient flexibility for ICANN staff to respond to particular factual situations as they arise.

The GNSO recommends the ICANN staff consider the advice given in the task force report as to a recommended procedure."

Bruce Tonkin called for formal roll call vote.

The motion carried.
26 Votes in support

Abstention by Avri Doria (appointed to the Council by the Nominating Committee). Reason: Does not believe goes far enough in protecting privacy.

10 January 2006

Author: ICANN — Maria Farrell Version 1.1