ICANN/GNSO GNSO Email List Archives

dow1-2tf


<<< Chronological Index >>>    <<< Thread Index >>>

[dow1-2tf] Moving forward on "conspicuous notice"?

  • To: dow1-2tf@xxxxxxxxxxxxxx
  • Subject: [dow1-2tf] Moving forward on "conspicuous notice"?
  • From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
  • Date: Tue, 28 Sep 2004 14:47:19 +0200
  • Mail-followup-to: dow1-2tf@xxxxxxxxxxxxxx
  • Sender: owner-dow1-2tf@xxxxxxxxxxxxxx
  • User-agent: Mutt/1.5.6i

I'm somewhat concerned that there has been (almost) no follow-up
discussion on Tuesday's call so far.  On the call, some suggested
that we should look at legal approaches to "conspicuous notice" to
figure out the right balance between burden to processing parties
and forcing registrants to take notice.

BUT: "Conspicuous notice" of data processing in the form of, say,
all-caps or boldface parts of the registration agreement may be
considered enough in some contexts in some jurisdictions.  In other
jurisdictions, you may encounter requirements such as explicit,
deliberate, and free consent to well-specified purposes, maybe even
in writing.  The point here is that the burden on the processing
party may be balanced against data subjects' awareness and free
consent in significantly different ways.


At this point, and with the major work item of tiered access still
before us, I'd suggest this group pragmatically (and on-list!) look
at ways to increase registrant awareness above the current levels,
recognizing that we are certainly not going to fix WHOIS' privacy
problems in dealing with the "conspicuous notice" milestone.  


Here's a possible set of recommendations, to get things started;
these are mostly based on TF2's findings, except for the success
metric part.


        Objective: Increase registrant awareness of WHOIS.

        Success Metric: Significant increase of registrant awareness
        of WHOIS, as measured by sampling registrants prior to and
        12 months after implementation.

        Recommendation:

        1. Registrars must ensure that disclosures regarding
        availability and third-party access to personal data
        associated with domain names actually be presented to
        registrants during the registration process.  Linking to an
        external web page is not sufficient.

        2. Registrars must ensure that these disclosures are set
        aside from other provisions of the registration agreement if
        they are presented to registrants together with that
        agreement.  Alternatively, registrars may present data
        access disclosures separate from the registration agreement.

        3. Registrars must obtain a separate acknowledgement from
        registrants that they have read and understood these
        disclosures.


Regards,
-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.



<<< Chronological Index >>>    <<< Thread Index >>>