Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Combined Whois Task Force Preliminary Report -- Public Comment Forum

Last Updated:
Date

Request for Comments
Comments are actively sought on the following report. Comments may be submitted via email to the address gnso-whois-tf-rpt@icann.org. Archives are available at http://forum.icann.org/lists/gnso-whois-tf-rpt.

 

Combined WHOIS Task Force (1, 2, 3) of the GNSO Council

Final task force report on Recommendations for improving notification and consent for the use of contact data in the Whois system

For public comment 23 April 2005 to 12 May 2005

Table of contents

Combined WHOIS Task Force (1, 2, 3) of the GNSO Council
1 Introduction & background
1.1 Text of recommendation
1.2 Summary of Task Force voting on the recommendation
2 Constituency statements
2.1 Commercial and Business User Constituency
2.2 Non-Commercial User Constituency
2.3 Intellectual Property Constituency
2.4 Registrar Constituency
2.5 Registry Constituency
2.6 Internet Service Providers & Connectivity Providers Constituency
3 Public Comment Report
3.1 World Privacy Forum
3.2 Copyright Coalition on Domain Names (CCDN)
3.3 Jisuk Woo
Annex 1 Terms of reference of Task Force 2
Annex 2 Text of Task Force 2 Preliminary Report findings & recommendations
May 2004 findings on notification and consent:
May 2004 recommendations on notification and consent:
Annex 3 Relevant provisions of the Registrar Accreditation Agreement
Footnotes

1 Introduction & background

This document is the Preliminary Task Force Report on Recommendations for improving notification and consent for the use of contact data in the Whois system . It is the compilation of the Constituency Statements, Public Comment Report and other information as applicable into a single document that is subject to a vote by the ICANN Combined Whois Task Force to be held on Tuesday, April 19 2005.

On 30 November 2004, the WHOIS Task Forces 1 and 2 produced Recommendation 1 - Recommendations for improving notification and consent for the use of contact data in the Whois system(1).

Recommendation 1 was presented to the GNSO Council during the GNSO public forum at the ICANN meeting in Capetown in December 2004. The GNSO Secretariat put out a call for constituency statements on 22 December 2005, with a submission deadline of 31 January 2005(2).

1.1 Text of recommendation

Recommendations relating to improving notification and consent for the use of contact data in the whois system:

  1. Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be presented to registrants during the registration process. Linking to an external web page is not sufficient.
  2. Registrars must ensure that these disclosures are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement. Alternatively, registrars may present data access disclosures separate from the registration agreement. The wording of the notice provided by registrars should, to the extent feasible, be uniform.
  3. Registrars must obtain a separate acknowledgement from registrants(3) that they have read and understand these disclosures. This provision does not affect registrars’ existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system.

Vote held on task force conference call and subsequently by email from 19 April 2005 – 22 April 2005.

 

IN FAVOUROPPOSEDABSTAINED
Commercial and Business Users Constituency
(Marilyn Cade, David Fares, Sarah Deutsch)
Registrars Constituency
(Paul Stahura, Ross Rader, Tom Keller)
Jordyn Buchanan (Co-Chair)
Intellectual Property Constituency
(Steve Metalitz, Niklas Lagergren)
Registry Constituency
( David Maher, Ken Stubbs)
 
Non Commercial Users Constituency
(Milton Mueller)
  
Internet Service Providers and Connectivity Providers Constituency
(Tony Harris, Greg Ruth)
  

 

2 Constituency statements

2.1 Commercial and Business User Constituency

The BC membership has reviewed the comments provided and we are submitting these as the provisional comments, while we conclude the validation of our membership. That will be completed shortly. We do not expect changes to these comments, however. Thus, these comments can be taken as the input of the BC.(4)

The BC has several questions about the proposed recommendation which are described below, along with some suggested modifications; however, the BC fully supports the general intent of the draft policy recommendation.

Suggested changes or requests for clarification are noted below, embedded in a copy of the recommendation. Immediately following our suggested changes are further comments and suggestions.

Suggested modifications to the proposed policy:

1. Registrars must ensure that notices regarding availability and possible third-party access to personal data associated with domain name registrations actually be presented to registrants during the registration process in a manner that is easily visible and distinct to the registrant. Linking to an external web page is not sufficient.

2. Registrars must ensure that these notices are set aside from other provisions of the registration agreement if they are presented to registrants together with that agreement.

Alternatively, registrars may present data availability and data access notices separate from the registration agreement, as long as the registration cannot be completed until there is acknowledgement of the notice. The wording of the notice provided by registrars should be uniform and based on guidance included in the consensus policy.

3. Registrars must obtain a separate acknowledgement from registrants that they have read and understand these notices. This provision does not affect registrars' existing obligations to obtain registrant consent to the use of their contact information in the WHOIS system, as a registrant must permit such use before registration can occur.

General input and further comments of the BC

The BC suggests that it is preferable to use the term “notice”, since the use of disclosure makes it sound as though the registrars are making the decision individually regarding the requirement to provide accurate data and to have that data included in the WHOIS database.

In fact, the registrant is required by current policy to provide accurate information and we believe that the purpose is to remind the registrants of their obligations.

Secondly, we recommend the use of uniform and consistent notices. We believe that the Registrars and the registrants are best served by using a uniform and consistent notice. We are concerned that it is possible to provide confusing notices regarding the obligation and wish to prevent that, or to have this viewed as a way to achieve a competitive advantage.

It is the position of the BC that ensuring a fair and level playing field in the areas of policy/contract compliance is best supported by uniform and consistent notices; we also recommend that such notices should be developed with guidance by the Council’s relevant TF, with approval by Council, and drafted by the ICANN staff/legal counsel.

We inserted the additional language to the last sentence in #3 in order to clarify that “consent” should not suggest that this is an option. Acceptance of this policy requirement is required before the registration can continue, as specified by current consensus policy of ICANN.

Impact on BC members: The BC members are negatively impacted by inaccurate registrant data, since they are reliant upon WHOIS data for a number of uses, including policing their domain names, preventing fraud; defending against harmful and confusing uses of their trademark names by competitors, or for other negative purposes. They also heavily use WHOIS data in cooperation with law enforcement when dealing with fraud, and other civil legal issues, or in resolving and dealing with network problems. Thus accurate data is extremely important to the BC membership. The BC also endorses the need for registrants to be factually informed of their obligations. We do not believe that entities, whether individuals or organizations/corporations should be allowed to register domain names without providing full and complete contact data that is kept accurate and up to date.

Implementation: As to the length of time it will take to implement the policy, it appears to us that the policy can be implemented expeditiously, once approved by the TF, and then the Council and sent to the Board for approval. The drafting of a standardized statement to be used for disclosure should be done by the ICANN staff/legal counsel, with the input and agreement of the Council, and should not be an onerous task, since there are many models of notice statements in the commercial and non commercial online world.

As a part of approving the consensus policy, the Council could request from the registrars constituency preliminary advice on how long it might take to enable a uniform posting throughout the registrar community. Understandably, the registrars will want to have this change supported by factual explanations that explain to the registrants in a neutral manner, the need for the change and the purpose of the change. However, it is the position of the BC that ICANN should not exclude those who are impacted by such changes, e.g. users/registrants as represented by the BC, ISPCP, IPC, Non Commercial representatives, At Large, from participating in any consideration about the development of a uniform posting notice, or any discussions about time frames.

Further recommendations to the task force:

 

Extension to renewals: Further, we strongly recommend that this notice be required in any re-registration, or renewal of a registration. It is likely that the TF has taken that for granted in its deliberations, but we note it, in the event it has been overlooked.

Additional and related work of the task force: The TF is also examining “tiered access” at this time, and as a separate work item from the above proposed policy modification. In the view of the BC members, this TF should also be examining the availability of services that meet the needs of any registrant with a legitimate need for non display of data. This should include the availability of “anonymizing services” provided either by the registrar or third parties for a fee, and the soon to be available .post which seems to provide yet another solution for any registrant who needs to remain anonymous.

In any event, the BC notes that its members fully support the gathering of full identifying and contact data, and that all data collected should be accurate, and that mechanisms to support the efficient and effective correction of data should be a priority.

 

Timing of policy changes: However, since TF 3 is also considering a related possible policy change, the BC recommends that other policy changes related to WHOIS based on consensus policy be examined for possible aggregation, if feasible, and practical. We exclude the work on Tiered Access from this given its fledgling nature, but the work of the present TF3 should be considered for possible implementation at the same time as this policy change, should they both be accepted as consensus policy. Thus, if there are a number of changes approved as consensus policy, they all be made at one time, so that the registrars and registrants are not overburdened by multiple changes, introduced at different times.

Better information and educational resources by ICANN: Finally, the BC has from time to time noted that it supports the importance of ICANN itself providing easily available and distributed information about changes in policy.

 

2.2 Non-Commercial User Constituency

Non-commercial domain name users welcome efforts to ensure that domain

name registrants are better informed about the publication of their private contact information via the Whois system. Public, anonymous access to private contact information poses a number of risks to registrants and may violate their rights to privacy. Until this situation is reformed, conspicuous notification is essential.

The text we reviewed contains an error. Under point 3, the sentence "Registrars must obtain a separate acknowledgement from registrars that they have read and understand these disclosures" should read "Registrars must obtain a separate acknowledgement from _registrants_ that they have read and understand these disclosures."

NCUC strongly supports the requirement to set aside the notification and to require a distinct and separate acknowledgement from registrants that they are aware of the exposure of their private information. We observe, however, that for customers registering multiple domain names in the same transaction, only one such acknowledgement should be required. The constituency would like to make sure that the same notification and acknowledgement should take place during renewals.

We strongly support the statement "The wording of the notice provided by registrars should, to the extent feasible, be uniform." Because of the highly competitive nature of the registrar business, registrars have an incentive to downplay or obscure the privacy implications of registering a domain name because they fear it may deter customers from signing up. The specific wording of the notification, therefore, should not be left to the discretion of registrars. We suggest that the wording be developed by staff subject to the approval of the GNSO Council, and translated as literally as possible into different languages by an independent party. This language should then be incorporated into the Registrar Accreditation Agreement.

Method for reaching agreement on NCUC position

NCUC's Chair drafted and circulated via email a constituency statement on its discussion list, soliciting input from its members. A minor addition to the draft, concerning renewals, was suggested and agreed and incorporated into the constituency statement. All comments were supportive except for one, which emphasized the additional burden on registrants of the additional process.

Impact on Constituency

While there is some recognition that the registration process might be slightly more complicated as a result of the proposed change, all member organizations but one considered the benefits of more prominent notification and registrant awareness to outweigh any burden.

 

2.3 Intellectual Property Constituency

This statement responds to the request for constituency input on the Whois Task Force 1/2 recommendations regarding improving notice and consent for the use of contact data in the Whois database. See Call for constituency statements on Whois tf 1/2 recommendations, available at http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00191.html Pursuant to requirements of the GSNO policy development process, outlined by the ICANN bylaws, see Annex A, Sec. 7(d), available at http://www.icann.org/general/archive-bylaws/bylaws-19apr04.htm the IPC came to the following conclusion.

Constituency position

This set of recommendations, see http://gnso.icann.org/issues/whois-privacy/whois-notification-30nov04.pdf, is the first of two that have been put forward by the joint task force. The second set of recommendations, available at http://gnso.icann.org/issues/whois-privacy/whois-tf-conflict-30nov04.pdf, has not yet been formally offered to the GNSO constituencies for comment. The notification and consent recommendations are based on a similar recommendation from the previous Task Force 2, tasked with reviewing issues surrounding the data collected and displayed in the Whois database. At the outset of the work of that earlier Task Force (April 2004), IPC submitted a constituency statement on the purposes of the task force, which stated in relevant part:

Based on the limited data which has been collected so far, IPC believes that the effectiveness of notification to domain name registrants, and the obtaining of their consent as required by the RAA Secs. 3.7.7.4, 3.7.7.5, generally need improvement.

For example, obtaining specific consent on this issue from the registrant during the registration process, separate from obtaining agreement to extensive terms and conditions for the registration in general, should be encouraged. Similarly, some registrars should be more specific and forthright in communicating to registrants about the circumstances under which Whois data is available to third parties.

ICANN should:

" incorporate compliance with the notification and consent requirement as part of its overall plan to improve registrar compliance with the RAA. (See Memorandum of Understanding Amendment II.C.14.d, available at http://www.icann.org/general/amend6-jpamou-17sep03.htm).

" issue an advisory reminding registrars of the importance of compliance with this contractual requirement, even registrars operating primarily in countries in which local law apparently does not require registrant consent to be obtained.

IPC believes that registrars should take the lead in developing best practices, with input from other interested constituencies, that will improve the effectiveness of giving notice to, and obtaining consent from, domain name registrants with regard to uses of registrant contact data. IPC would be glad to participate in such an effort.

IPC Constituency Statement on Whois Task Force 2 (April 13, 2004), available at

http://www.gnso.icann.org./mailing-lists/archives/dow2tf/msg00191.html.

In IPC's view, the current set of recommendations is responsive to the concerns voiced in our earlier constituency statement. Their implementation should help to address the problems identified and to increase the likelihood that registrants are providing fully informed consent.

IPC continues to believe that its two suggestions bulleted in the April 2004 statement should be implemented, but we recognize that these suggestions may fall outside the scope of the current Policy Development Process. In any case, we do not perceive any inconsistency between these suggestions and the recommendation currently under consideration. We also renew our offer to work with interested registrars to help develop best practices in this area.

We find the recommendations ambiguous in some respects and suggest a few drafting changes to clarify these points.

Recommendation 1 states that "[l]inking to an external web page is not sufficient" to provide the required disclosure. It is unclear to us what an "external" (or "internal" for that matter) web page is. Perhaps this sentence could be amended to read: "Linking to a web page is not sufficient."

Recommendation 2 states that disclosures must be "set aside" from other provisions of the registration agreement if the disclosure is presented as part of the agreement. It is unclear what "set aside" means. Furhermore, Recommendation 2 allows as an alternative that disclosures may be presented "separate from the registration agreement." This might be viewed as inconsistent with the requirement in Recommendation 1 that the disclosure be provided "during the registration process." As such, Recommendation 2 could be amended as follows: "Such disclosures must be displayed prominently and conspicuously prior to the agreement being executed by the registrant, regardless of whether they appear as a term of the agreement or separate from the agreement."

IPC also suggests that the recommendations include notice to registrants of the consequences of providing false or inaccurate Whois data during the registration process. The text of such a notice could be similar to what registrars provide registrants pursuant to the Whois Data Reminder Policy. See http://www.icann.org/registrars/wdrp.htm.

We also identify two very minor typographical errors that should be corrected. In the title, the word "of" should appear between "Use" and "Contact." In the first line of Recommendation 3, the second "registrars" should be changed to "registrants."

In general, IPC supports the recommendation put forward by the Task Force, and commends it for its hard work and its success at coming to consensus. We hope that similar consensus can be reached as the Task Force examines other policy issues surrounding the Whois database. IPC believes this recommendation will have a positive effect for Internet stakeholders as a whole, not just registrants. The more clearly the Whois policy is disclosed to registrants, the more effective their stated consent to this policy will be. In addition to giving registrants the information they need to make informed choices, implementation of this policy may very well result in general improvements to the Whois database as a whole.

Methodology for reaching agreement on IPC position

IPC drafted and circulated via email a constituency statement, soliciting input from its members. IPC members suggested edits and additions to the draft which were subsequently incorporated into the finalized constituency statement.

Impact on Constituency

This recommendation will have a positive impact on IPC by potentially enhancing the utility of the Whois database, a vital tool for protecting intellectual property rights in the online environment. IPC does not anticipate any direct financial impact on the constituency as a result of this policy. We think any costs associated with this policy will be minimal; if there are any, those costs will most likely be initially borne by registrars, and ultimately passed onto registrants, including IPC members, many of whom hold registrations for literally thousands of domain names.

Time period necessary to complete implementation

We would not anticipate that an extensive time period would be necessary to implement this policy, as it would apply only to new registrations or renewals and would not require new contracts with existing registrants.

 

2.4 Registrar Constituency

PRELIMINARY SUBMISSION(5)

Whereas, the GNSO Registrar Constituency ("RC") has considered the proposed policy recommendations of Whois Task Force 1/2 in their entirety;

Whereas, the RC believes that the continued stability of the registration process depends on its simplicity, straightforwardness, and transparency;

Whereas, burdening this process with policy and consumer rights education notices diminishes its simplicity, straightforwardness and transparency;

Whereas, the RC believes that prescribing the method of notification from registrants interferes with the simplicity of this process, discourages desirable business innovations, and represents entirely new obligations that would require many registrars to completely re-establish their method of registration;

Whereas, the RC appreciates and understands the concerns of the task force pertaining to Recommendations #2 and #3, but does not agree with the costly and difficult to implement proposal to require the specific highlighting of one provision out of the many important provisions contained within the registration agreement;

Whereas, the requirements in Recommendation #3 already are mandated in the current Registrar Accreditation Agreement in sub-sections 3.7.7.4, 3.7.7.5, and 3.7.7.6; and

Whereas, no data or evidence has been presented that indicate that the requirements of the current RAA are unsuitable or ineffective; and implementing a separate and additional acknowledgement from registrants as proposed would be a costly and cumbersome process that cannot be practically implemented in the current environment.

Therefore, it is resolved that;

[Resolved 1.0]; the Registrar Constituency does not support adopting Recommendation #1 as consensus policy, but would support a recommendation in the following form:

"Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be available to registrants during the registration process;"

[Resolved 2.0]; the Registrar Constituency does not support adopting Recommendation #2 as consensus policy, but encourages registrars to increase such notification to registrants on a voluntary basis; [Resolved 3.0]; the Registrar Constituency does not support adopting Recommendation #3 as a consensus policy, as it believes that the current RAA requirements are sufficient, but encourages registrars to increase such notification to registrants on a voluntary basis;

[Resolved 4.0]; the foregoing positions of the Registrar Constituency be reported to the Whois Task Force 1/2 and be included in any Task Force report; and

[Resolved 4.1]; the Task Force members from the Registrar Constituency represent the foregoing positions at Task Force 1/2.

 

 

2.5 Registry Constituency statement

Pursuant to requirements of the GSNO policy development process, the Registry Constituency (RyC) has concluded:

I. Constituency Position

The RyC supports the Statement of the Registrar Constituency in this proceeding, filed on 31 January 2005, and believes that attempts by ICANN to require specific methods of notification (a) would impose unreasonable burdens on registrars, (b) would in many cases be counter productive in reaching the goal of better informed registrants and (c) may, in some instances, conflict with applicable laws on the subject.

The RyC would support a recommendation by Task Force 1/2 in the following form:

"Registrars must ensure that disclosures regarding availability and third-party access to personal data associated with domain names actually be available to registrants during the registration process."

The RyC supports the Registrar Constituency in encouraging registrars to

increase notification to registrants about availability and access on a voluntary basis;

The RyC reminds the Task Force of the applicable requirements of ICANN procedures on developing consensus policies that must be followed before the Task Force can make a final recommendation.

II. Method for Reaching Agreement on RyC Position

The RyC drafted and circulated via email a constituency statement, soliciting input from its members. RyC members suggested edits and additions to the draft which were subsequently incorporated into the final constituency statement. The statement was adopted by a unanimous vote.

 

III. Impact on Constituency

The recommendation in its present form would not have a significant impact on the RyC, except to the extent that a significant negative impact on registrars would make registry-registrar relationships more difficult, and the increased cost of compliance with a complex and unnecessary policy would make the use of domain names less desirable.

IV. Time Period Necessary to Complete Implementation

We anticipate that the recommendation supported by this statement would not require an extensive time period to implement.

2.6 Internet Service Providers & Connectivity Providers Constituency

TBA

 

3 Public Comment Report

The Public Comment Report considered relevant public comments received from two online sources:

  • Public comments on the terms of reference of task forces 1 and 2, deadline for comments; 28 November 2003
  • Public comments on the Preliminary Task Force Report of Task Force 2 (deadline – 5 July, 2004)

No comments were received regarding the terms of reference of Task Force 1.(6)

Of the five comments received regarding the terms of reference of Task Force 2, none referred specifically to notification and consent.(7)

Of the eighteen substantive responses to the Preliminary Task Force Report of Task Force 2, three dealt specifically with notification and are summarized below in sections 4.1 to 4.3. The text of the findings and recommendations in the preliminary report that commenters responded to are reproduced in Annex 1 at the end of this document.

Comments on the separate issue of notification to users when third parties request their personal data are not included in this report.

3.1 World Privacy Forum

World Privacy Forum is a US-based non-profit organization that does research and consumer education on technology and privacy.

Pam Dixon, Executive Director of the World Privacy Forum, welcomed the finding that registrant disclosures regarding access to WHOIS data should be "set aside from other provisions ....by way of a bigger or bolded font, a highlighted section, simplified language, or otherwise made more conspicuous". (Task Force 2 Preliminary Report, Section 2.1).

However, the recommendations did not go far enough (Sections 1.4, 3.1). As many non-commercial registrants do not know that their personal contact details may be made public, and because of the potential for abuse of this information when published in the WHOIS database, Pam Dixon recommended that registrant notification of WHOIS publication be made in a window separate from and in addition to the regular registration agreement.

Pam Dixon further recommended that registrants click through a separate window containing only the notification language prior to registration. The notification language in the separate window should be brief, clear, in a large font, and highlighted. This would constitute a much more meaningful electronic notification than simply using larger font in a document that registrants typically do not read anyhow.

3.2 Copyright Coalition on Domain Names (CCDN)

CCDN is made up of leading copyright industry trade associations, performance rights organizations and copyright-owning organizations. Its focus is to maintain public access to Whois data and improve its accuracy and reliability as a key enforcement tool against online infringement.

CCDN’s comments, submitted by Steven J. Metalitz and Ryan M. Lehning, supported notification. They noted that under sections 3.7.7.4 and 3.7.7.5 of the Registrar Accreditation Agreement (“RAA”), registrars are required to provide registrants with notice of the information they collect for Whois purposes and obtain consent to publish that data in the publicly accessible Whois database. Many registrars currently provide only lip service to this obligation.

CCDN supported the Task Force’s recommendation to strengthen compliance with these contractual requirements, as well as its recommendation to create best practices with respect to notification and consent, and the recommendation to require ICANN to issue an advisory reminding registrars of the importance of this requirement.


3.3 Jisuk Woo

Jisuk Woo is a member of the Non-Commercial Users Constituency and Assistant Professor at the Department of Communication at Seoul Women’s University in Seoul, Korea.

Jisuk Woo supported the recommendation for more conspicuous notice at the time of registration, but commented that notice is not enough and more work should be done on obtaining registrants’ consent. Particularly regarding sensitive data, registrants should have a right not to give consent. This option may become a realistic tool for protecting registrants only if the registrants fully understand the process and purpose of the data use, its possible consequences, and other options they may have. For this purpose, education and outreach programmes should be devised.

Annex 1 Terms of reference of Task Force 2

Title: Review of data collected and displayed

The purpose of this task force is to determine:

a) What the best way is to inform registrants of what information about themselves is made publicly available when they register a domain name and what options they have to restrict access to that data and receive notification of its use?

b) What changes, if any, should be made in the data elements about registrants that must be collected at the time of registration to achieve an acceptable balance between the interests of those seeking contact-ability, and those seeking privacy protections?

c) Should domain name holders be allowed to remove certain parts of the required contact information from anonymous (public) access, and if so, what data elements can be withdrawn from public access, by which registrants, and what contractual changes (if any) are required to enable this? Should registrars be required to notify domain name holders when the withheld data is released to third parties? If registrants have the ability to withhold data from public anonymous access, will this increase user incentive to keep the contact information they supply current and accurate.

To ensure that the task force remains focused and that its goal is achievable and within a reasonable time frame, it is necessary to be clear on what is out of scope for the task force.

Out-of-scope:

The task force should not examine the mechanisms available for anonymous public access of the data - this is the subject of a separate task force.

The task force should not examine mechanisms for law enforcement access to the data collected. This is generally subject to varying local laws, and may be the subject of a future task force.

The task force should not study new methods or policies for ensuring the accuracy of the required data, as this will be subject of a separate task force.

The task force should not consider issues regarding registrars' ability to use Whois data for their own marketing purposes, or their claims of proprietary rights to customers' personal data.

Annex 2 Text of Task Force 2 Preliminary Report findings & recommendations (8)

May 2004 findings on notification and consent:

(Section 2.1 of the original document)

According to the ICANN Registrar Accreditation Agreement (RAA), Registrars are required to form an agreement with Registered Name Holders containing the following elements.

Section 3.7.7 of the RAA addresses the requirements of the Registrar/Registrant agreement, including the need for accurate and reliable registrant contact information. To the extent the notice to registrants of data elements collected and displayed are not clear or may be overlooked by registrants based on the overall length and complexity of the registration agreement, it is useful to change the format so that better notice is delivered to registrants. The task force finds that disclosures regarding availability and access to Whois data should be set aside from other provisions of a registration agreement by way of bigger or bolded font, a highlighted section, simplified language or otherwise made more conspicuous.

It follows that separate consent to the Whois disclosures is also useful. By obtaining separate consent from registrants, at the time of agreement, to the specific Whois data provisions, it would further draw attention to and facilitate better understanding of the registrar’s Whois disclosure policy.

 

May 2004 recommendations on notification and consent:

(Section 3.1 of the original document)

ICANN should:

a) incorporate compliance with the notification and consent requirement (R.A.A. Secs. 3.7.7.4, 3.7.7.5) as part of its overall plan to improve registrar compliance with the RAA. (See MOU Amendment II.C.14.d).

b) issue an advisory reminding registrars of the importance of compliance with this contractual requirement, even registrars operating primarily in countries in which local law apparently does not require registrant consent to be obtained.

c) encourage development of best practices that will improve the effectiveness of giving notice to, and obtaining consent from, domain name registrants with regard to uses of registrant contact data, such as by requesting that GNSO commence a policy development process (or other procedure) with goal of developing such best practices.

Annex 3 Relevant provisions of the Registrar Accreditation Agreement(9)

3.7.7.4 Registrar shall provide notice to each new or renewed Registered Name Holder stating:

3.7.7.4.1 The purposes for which any Personal Data collected from the applicant are intended;

3.7.7.4.2 The intended recipients or categories of recipients of the data (including the Registry Operator and others who will receive the data from Registry Operator);

3.7.7.4.3 Which data are obligatory and which data, if any, are voluntary; and

3.7.7.4.4 How the Registered Name Holder or data subject can access and, if necessary, rectify the data held about them.

3.7.7.5 The Registered Name Holder shall consent to the data processing referred to in Subsection 3.7.7.4.

 

Footnotes

(1) http://gnso.icann.org/issues/whois-privacy/whois-notification-30nov04.pdf

(2) http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00191.html

(3) This wording corrects that of the recommendation posted on the ICANN website on 20 November 2004 which stated; “Registrars must obtain a separate acknowledgement from registrars…’.

(4) These comments represent the final statement of the Commercial and Business Users Constituency.

(5) The Registrars’ preliminary position was formally adopted by that constituency on 16 February 2005. See http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00246.html

(6) http://gnso.icann.org/issues/whois-privacy/tor.html

(7) http://gnso.icann.org/issues/whois-privacy/tor2.shtml

(8) http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html

(9) http://www.icann.org/registrars/ra-agreement-17may01.htm#3