<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [council] Review of Registrar disclosure of WHOIS data policies
- To: "'Maria Farrell'" <maria.farrell@xxxxxxxxx>, "'Bruce Tonkin'" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
- Subject: RE: [council] Review of Registrar disclosure of WHOIS data policies
- From: "Marilyn Cade" <marilynscade@xxxxxxxxxxx>
- Date: Wed, 8 Jun 2005 12:47:37 -0400
- Cc: <council@xxxxxxxxxxxxxx>
- In-reply-to: <200506081540.j58Feeb3027512@smtp01.icann.org>
- Sender: owner-council@xxxxxxxxxxxxxx
- Thread-index: AcVqhq/0YKWjaxjtTT6WQUFCK1nnVgBtm4JQAAMa/HA=
I think the priority seems right. This allows the TF to digest the work
you've been able to do and see if this is informing us as we hoped it
would[and the Council]. However, I note that you haven't included Jordyn, as
the chair. Did you mean to do that? I think this is work that is needed to
inform the TF, as well as the Council. Bruce?
-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On
Behalf Of Maria Farrell
Sent: Wednesday, June 08, 2005 11:38 AM
To: 'Bruce Tonkin'
Cc: council@xxxxxxxxxxxxxx
Subject: RE: [council] Review of Registrar disclosure of WHOIS data policies
Dear all,
Attached is a spreadsheet presenting privacy notification information on the
top 10 registrars (the top 10 list was compiled by comparing the late 2003
top 10 by Benjamin Edelman and today's top 10 at registrarstats.com). I have
archived the relevant sections and all urls of the privacy and registration
documents for each registrar at;
http://www.furl.net/members/mfarrell10
Regarding the spreadsheet, the column entitled 'Whether the registrar
appears to be compliant with clause 3.7.7 during the registration process'
has been left empty as I do not feel in a position to make this judgement
about registrars.
I am still researching (5) Identify any other method used to inform the
registrant of the WHOIS requirements E.g whether the registrar offers some
form of service to protect the disclosure of personal contact data (e.g
"private registration" services etc). On the whole, registrars don't appear
to use alternative services as a means to inform registrants of Whois,
although several do indeed provide these services. However, I will provide
this information later on.
Column (2) Document for each registrar:"The purposes for which any Personal
Data collected from the applicant are intended" shows that only one
registrar, Melbourne IT, seems to provide an explicit purpose or purposes of
data collection. The rest mostly detail data uses without specifically
stating a purpose for its collection.
I am sending you the top 10 registrars ahead of the 10 randomly chosen ones.
This assignment has proved rather time consuming (about 2 full days, not
including other ongoing tasks) and I am aware that Council and task force
members wish to see progress in the other areas I am tasked with also. I
propose to return to and complete this assignment after I have made progress
on the Council's other request to compile information on the uses of Whois
data. Please let me know if this prioritisation should be changed.
I hope this information is of use to the Council. Please do send me any
input or corrections you may have on the spreadsheet.
Best regards, Maria
-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On
Behalf Of Bruce Tonkin
Sent: Monday, June 06, 2005 12:59 PM
To: Maria Farrell
Cc: council@xxxxxxxxxxxxxx
Subject: [council] Review of Registrar disclosure of WHOIS data policies
Hello Maria,
As discussed on the Council call last week, all registrars are required
to:
BEGIN CLAUSE 3.7.7
3.7.7 Registrar shall require all Registered Name Holders to enter into an
electronic or paper registration agreement with Registrar including at least
the following provisions:
3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and
reliable contact details and promptly correct and update them during the
term of the Registered Name registration, including: the full name, postal
address, e-mail address, voice telephone number, and fax number if available
of the Registered Name Holder; name of authorized person for contact
purposes in the case of an Registered Name Holder that is an organization,
association, or corporation; and the data elements listed in Subsections
3.3.1.2, 3.3.1.7 and 3.3.1.8.
3.7.7.2 A Registered Name Holder's willful provision of inaccurate or
unreliable information, its willful failure promptly to update information
provided to Registrar, or its failure to respond for over fifteen calendar
days to inquiries by Registrar concerning the accuracy of contact details
associated with the Registered Name Holder's registration shall constitute a
material breach of the Registered Name Holder-registrar contract and be a
basis for cancellation of the Registered Name registration.
3.7.7.3 Any Registered Name Holder that intends to license use of a domain
name to a third party is nonetheless the Registered Name Holder of record
and is responsible for providing its own full contact information and for
providing and updating accurate technical and administrative contact
information adequate to facilitate timely resolution of any problems that
arise in connection with the Registered Name. A Registered Name Holder
licensing use of a Registered Name according to this provision shall accept
liability for harm caused by wrongful use of the Registered Name, unless it
promptly discloses the identity of the licensee to a party providing the
Registered Name Holder reasonable evidence of actionable harm.
3.7.7.4 Registrar shall provide notice to each new or renewed Registered
Name Holder stating:
3.7.7.4.1 The purposes for which any Personal Data collected from the
applicant are intended;
3.7.7.4.2 The intended recipients or categories of recipients of the data
(including the Registry Operator and others who will receive the data from
Registry Operator);
3.7.7.4.3 Which data are obligatory and which data, if any, are voluntary;
and
3.7.7.4.4 How the Registered Name Holder or data subject can access and, if
necessary, rectify the data held about them.
3.7.7.5 The Registered Name Holder shall consent to the data processing
referred to in Subsection 3.7.7.4.
3.7.7.6 The Registered Name Holder shall represent that notice has been
provided equivalent to that described in Subsection 3.7.7.4 to any
third-party individuals whose Personal Data are supplied to Registrar by the
Registered Name Holder, and that the Registered Name Holder has obtained
consent equivalent to that referred to in Subsection 3.7.7.5 of any such
third-party individuals.
3.7.7.7 Registrar shall agree that it will not process the Personal Data
collected from the Registered Name Holder in a way incompatible with the
purposes and other limitations about which it has provided notice to the
Registered Name Holder in accordance with Subsection 3.7.7.4 above.
3.7.7.8 Registrar shall agree that it will take reasonable precautions to
protect Personal Data from loss, misuse, unauthorized access or disclosure,
alteration, or destruction.
3.7.7.9 The Registered Name Holder shall represent that, to the best of the
Registered Name Holder's knowledge and belief, neither the registration of
the Registered Name nor the manner in which it is directly or indirectly
used infringes the legal rights of any third party.
3.7.7.10 For the adjudication of disputes concerning or arising from use of
the Registered Name, the Registered Name Holder shall submit, without
prejudice to other potentially applicable jurisdictions, to the jurisdiction
of the courts (1) of the Registered Name Holder's domicile and (2) where
Registrar is located.
3.7.7.11 The Registered Name Holder shall agree that its registration of the
Registered Name shall be subject to suspension, cancellation, or transfer
pursuant to any ICANN adopted specification or policy, or pursuant to any
registrar or registry procedure not inconsistent with an ICANN adopted
specification or policy, (1) to correct mistakes by Registrar or the
Registry Operator in registering the name or (2) for the resolution of
disputes concerning the Registered Name.
3.7.7.12 The Registered Name Holder shall indemnify and hold harmless the
Registry Operator and its directors, officers, employees, and agents from
and against any and all claims, damages, liabilities, costs, and expenses
(including reasonable legal fees and expenses) arising out of or related to
the Registered Name Holder's domain name registration.
END CLAUSE 3.7.7
Please audit the web-based registration process of the top 10 registrars, as
well as another 10 registrars that use web based registration for the
following:
(1) Whether the registrar appears to be compliant with clause 3.7.7 during
the registration process.
(2) Document for each registrar:
"The purposes for which any Personal Data collected from the applicant are
intended"
(3) How each registrar obtains consent to the terms and conditions, options
include:
Full text of the terms and conditions on a registration page, versus terms
and conditions available via a link to a separate webpage.
(4) Whether each registrar also provides information about data usage
through a privacy page
(5) Identify any other method used to inform the registrant of the WHOIS
requirements E.g whether the registrar offers some form of service to
protect the
disclosure of personal contact data (e.g "private registration"
services etc)
A spreadsheet with the five categories above would probably be the easiest
way of collecting the information.
Regards,
Bruce Tonkin
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|