WHOIS Privacy Issue table

Last Updated: 01 September 2009

Top 5 Issues in ranking order: 10, 12, 5, 6, 14

Issue Business Users gTLD Registries Internet Service Providers Non-Commercial Users Registrars Intellectual Property Interests TOTAL
1. Should the elements of data that registrars are required to collect at the time of registration of a domain name be revised? (See Registrar Accreditation Agreement (RAA) � 3.2.)       1     1
2. Should registrars be prohibited by ICANN from collecting additional items of data?              
3. Should all registrants, or certain classes of registrants (see Issue 18 below), be afforded the option of not providing some or all elements that registrars are required to collect and, if so, which elements?   1   1     2
4. Should the current mechanism for pseudonymous registration be changed or supplemented with one or more alternative mechanisms? (See RAA � 3.7.7.3.) Should steps be taken to encourage broader availability of this mechanism?              
5. Are the current requirements that registrars make disclosures to, and obtain consent by, registrants concerning the uses of collected data adequate and appropriate? (See RAA �� 3.7.7.4 to 3.7.7.6.) 1 1   1   1 4
6. Are the procedures currently followed by registrars adequate to promote accurate, complete, and up-to-date data, as required by both privacy and accountability principles? (See RAA �� 3.7.7.1, 3.7.7.2, and 3.7.8, as well as the GNSO�s Whois recommendations on accuracy adopted by the ICANN Board on 27 March 2003.) 1   1     1 3
7. What should be the consequences when a registrant provides inaccurate or incomplete data, or fails to correct inaccurate or incomplete data? (See RAA �� 3.7.7.1, 3.7.7.2, and 3.7.8.) Are safeguards needed to prevent abusive reports of inaccuracies? Should certain classes of registrants (see Issue 18 below) be permitted to provide inaccurate or incomplete data?     1       1
8. Are the current requirements that registrars handle personal data according to the notices given at the time of registration, and in a manner that avoids loss, misuse, unauthorized access or disclosure, alteration, or destruction, adequate and appropriate? (See RAA �� 3.7.7.7 and 3.7.7.8.)              
9. Are the current requirements for handling of registrar data by registry operators adequate and appropriate?         1   1
10. Are the current means of query-based access appropriate? Should both web-based access and port-43 access be required? (RAA � 3.3.1.) 1 1 1   1 1 5
11. What are the purposes for providing public query-based access? Are the elements currently required to be disclosed in public query-based access adequate and appropriate? (RAA � 3.3.1.)         1   1
12. What measures, if any, should registrars and registry operators be permitted to take to limit data mining of Whois servers? 1 1 1   1 1 5
13. Should access to data be differentiated based on the party receiving access, or based on the use to which the data will be put? If so, how should differentiated access be implemented and how should the cost of differentiation be funded?     1 1     2
14. Should the current requirement that registrars provide bulk Whois access for non-marketing uses be further limited or eliminated? (RAA � 3.3.6, as well as the GNSO�s Whois recommendations on accuracy adopted by the ICANN Board on 27 March 2003.)   1     1 1 3
15. Which uses of Whois data by members of the public should be permitted (e.g., resolving technical problems, sourcing spam, identifying online merchants, law enforcement activities, identifying online infringers for enforcement of intellectual property rights, etc.)? Which uses should be prohibited?              
16. How should restrictions on permissible uses by members of the public be enforced? (RAA �� 3.3.6.3 to 3.3.6.5.)              
17. To what extent is Whois data actually used to the harm of registrants (e.g., identity theft, spam, stalking, and other harassment)?              
18. Should certain types of registrants (e.g., those using domains for political and similar activities) be exempt from the usual requirements to provide data, or to have it available in Whois? How should the eligibility of particular registrants for these exemptions be determined? Are measures required to address the possibility of abuses in the classification procedure?       1     1
19. Should registrars have the option, independent of their customers, to protect the confidentiality of Whois data based on registrars� proprietary rights to that data? Are the current provisions permitting registrars to claim proprietary rights in personal data about their customers appropriate? (RAA � 3.5.)              
20. Should there be ICANN requirements limiting registrars' ability to sell or use Whois data, or other data collected about customers, for commercial purposes? 1           1
TOTAL 5 5 5 5 5 5 30

Top 5 Issues in ranking order: 10, 12, 5, 6, 14

1. Highest ranking (5) each


Issues 10 to 14 - Data Disclosure appear to be the most important for 4 constituencies:

Registrars, gTLD Registries, Intellectual Property (IP) and Internet Service and Connectivity Providers (ISP)


10. Are the current means of query-based access appropriate? Should both web-based access and port-43 access be required? (RAA � 3.3.1.)

12. What measures, if any, should registrars and registry operators be permitted to take to limit data mining of Whois servers?



2. Second ranking (4)

Issue 5 - Data Collection appears to be most important for 4 constituencies:

gTLD Registries, Intellectual Property (IP) Commercial and Business Users (BC) and Non Commercial Users constituencies

5. Are the current requirements that registrars make disclosures to, and obtain consent by, registrants concerning the uses of collected data adequate and appropriate? (See RAA �� 3.7.7.4 to 3.7.7.6.



3. Third ranking (3)

Issue 6 - Data Quality appears to be important for 3 constituencies:

Intellectual Property (IP), Internet Service and Connectivity Providers (ISP) and Commercial and Business Users (BC)

6. Are the procedures currently followed by registrars adequate to promote accurate, complete, and up-to-date data, as required by both privacy and accountability principles? (See RAA �� 3.7.7.1, 3.7.7.2, and 3.7.8, as well as the GNSO�s Whois recommendations on accuracy adopted by the ICANN Board on 27 March 2003.)



Issue 14 - Data disclosure appears to be important for 3 constituencies:

Registrars, gTLD Registries, Intellectual Property (IP)

14. Should the current requirement that registrars provide bulk Whois access for non-marketing uses be further limited or eliminated? (RAA � 3.3.6, as well as the GNSO�s Whois recommendations on accuracy adopted by the ICANN Board on 27 March 2003.)

4. Fourth ranking (2)

Issue 3 - Data Collection appears to be important for 2 constituencies
gTLD Registries and Non Commercial Users (NCUC)
3. Should all registrants, or certain classes of registrants (see Issue 18 below), be afforded the option of not providing some or all elements that registrars are required to collect and, if so, which elements?

Issue 13 - Data Disclosure appears to be important for 2 constituencies

Internet Service and Connectivity Providers (ISP) and Non Commercial Users (NCUC)



13. Should access to data be differentiated based on the party receiving access, or based on the use to which the data will be put? If so, how should differentiated access be implemented and how should the cost of differentiation be funded?

Fifth ranking (1)

Issue 1 data Collection
Non Commercial Users (NCUC)

1. Should the elements of data that registrars are required to collect at the time of registration of a domain name be revised? (See Registrar Accreditation Agreement (RAA) � 3.2.)





Issue 18 - Classification of Registrants

Non Commercial Users (NCUC)

18. Should certain types of registrants (e.g., those using domains for political and similar activities) be exempt from the usual requirements to provide data, or to have it available in Whois? How should the eligibility of particular registrants for these exemptions be determined? Are measures required to address the possibility of abuses in the classification procedure?





Issue 7 - Data Quality
Internet Service and Connectivity Providers (ISP)

7. What should be the consequences when a registrant provides inaccurate or incomplete data, or fails to correct inaccurate or incomplete data? (See RAA �� 3.7.7.1, 3.7.7.2, and 3.7.8.) Are safeguards needed to prevent abusive reports of inaccuracies? Should certain classes of registrants (see Issue 18 below) be permitted to provide inaccurate or incomplete data?

Issue 11 - Data Disclosure

Registrars

11. What are the purposes for providing public query-based access? Are the elements currently required to be disclosed in public query-based access adequate and appropriate? (RAA � 3.3.1.)





Issue 20 - Commercial confidentiality and rights in Data

Commercial and Business Users (BC)

20. Should there be ICANN requirements limiting registrars' ability to sell or use Whois data, or other data collected about customers, for commercial purposes?

SUMMARY NOTE:



Registrars rate DATA DISCLOSURE as top priorities. Registrars who responded unanimously cited 10, 12 and 14 (in descending order of popularity, tied for number 1)

The Commercial and Business Users Constituency (BC) rate ACCURACY and ACCESS as top priorities.

The BC supports a fact based approach which addresses the current gTLD WHOIS.

The BC recommends a single PDP.

The BC strongly recommends that the ASO and the Security and Stability Advisory Council consult during the PDP process itself.

The BC also supports further informational workshops at ICANN meetings.

NCUC focuses on DATA COLLECTION.

Collection is most important to ordinary noncommercial and individual users. Issues of how the data are accessed or used are secondary, because if sensitive data is not there, data access won't do any harm.



Intellectual Property Constituency (IPC) believes that the improved compliance with the terms of the current RAA (and other relevant agreements) is of critical importance.



We recognize that this goal may not involve policy development and therefore may fall outside the scope of this group's terms of reference.

(2) Among the other issues listed in the Issues Report, there was considerable interest in some aspects of Issue #7 as well as those listed above as our priorities.

(3) While we support the exercise of identifying priorities among the issues listed in the Issues Report as a good starting point, it is our understanding that the Steering Group is not limited in its work to the specific issues identified in the Issues Report, nor to the specific way they are described there, in developing proposed terms of reference for any task force(s) that may be deemed appropriate.