FW: [council] Regarding data collected and the purpose of collecting data

["Philip Sheppard" <philip.sheppard@xxxxxx>]

Mawaki, you ask some direct questions. Here are my replies.

Q1. If I understand well, are you saying that your proposed definition of the 
purpose for
which the data is collected does not imply that the WHOIS data must remain 
publicly
accessible?
A: Correct. These are separate issues.

Q2. It turns out to be that, whether you like it or not, the objective of this 
policy
development and TF is to address the issue of the WHOIS data being made public, 
as any one
can clearly see from the three points of the ToR recalled by Ross:
a) Figure out if the current data being published is appropriate (whether it 
should be
broadened or narrowed)
b) Figure out if all of this data should be made public.
c) Specify how data that is not being made public can be accessed.

A: YES. This is exactly the issue. Different people are making different 
starting
assumptions. But my assumption is a different sequence to Ross's. 

a) Define the purposes for which we want data.   b) THEN, determine access to 
that data
taking into account privacy needs. (I am absolutely in favour of data privacy - 
my own
included!).

Q3. Do you think the question of determining whether the WHOIS data must be 
publicly
available or not (as your refined proposal remains silent on this, while it was 
the job of
the TF to find out), so do
you think it is a question the GNSO Council should not bother asking?
A: This is a key question for the GNSO.

Q4. Do you think it ICANN's mission to cater for law enforcement, just because 
there might
be unlawful deeds over the Net? 

A: ICANN's earliest and most successful consensus policy is the UDRP. That is 
all about
fairness and consumer protection.We cannot ignore this key issue. If we do 
governments will
rightly condemn us.If we have no interest in this why did we start the PDP? 

Q5. Don't you think the law provides, or can provide, enough itself with the 
means of its
own enforcement, so that it doesn't need ICANN to take on the mission of a 
surrogate for law
enforcement?
A: We are seeking to make the way we are now using WHOIS compliant with law, 
not vice versa.
Under EU data protection laws (and most other such laws) it is illegal to use 
data for any
purpose other than that for which it was originally collected. So if we as 
ICANN say WHOIS
data is only for purposes of connectivity, we are saying it should never be 
used for reasons
of consumer/user protection. At this point we have to rely on the hundreds of 
diverse
Registrar and reseller contracts to get the wording right. I trust Ross's 
organisation. I
trust my own registrar. I don't trust all of them. That is to my mind a lack of 
due
diligence.

Philip