RE: [council] Version 2: Proposed motion regarding Personal Data that is collected and retained by registrars

["Marilyn Cade" <marilynscade@xxxxxxxxxxx>]

Bruce, I can accept some of the limitations you propose, given that you are
quoting existing agreements, however, I do not agree with the perspective
you convey re understanding the ccTLDs, in entirety. The key point I am
trying to make is that staff could select only European ccTLDs  -- it might
appear to be 'representative' but really isn't. I am quite aware of the
great diversity of the ccTLD community, since I used to represent a MNC that
registered in over 35 ccTLDs, and when I co-chaired the WHOIS TF, we talked
to probably 10-12 different ccTLDs and learned a great deal about their
diversity. The mere difference of civil law versus common law creates a
diversity. And the different models -- strong government involvement, no
government involvement, benevolent government involvement -- and other
models still emerging... all speak to the need to have 'representative ness'
not only geographical, but beyond that... 

So, not willing to give up that criteria.  I know that you are very familiar
with .au, but .au is one among many different models. I think the point is
to create a 'diverse' and representative consultation -- and NOT to restrict
ourselves to only those TLDS that we presently 'know' as individual
councilors. 

The regional TLD organizations are probably the best resources to guide us
on a list of ccTLDs from their region. 

Perhaps that helps to clarify the point I am making. 



As to procedure: can you help all of us understand: 

Is there one motion, or two? Are you proposing to withdraw the original
complex motion and substitute two motions, or only one? 

I confess to reading all the emails and being a little confused myself. 

Via the motions, we are chartering a work program and the motion idea is
useful to do that, since the vote will cement support for said program.

Marilyn 

-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On
Behalf Of Bruce Tonkin
Sent: Wednesday, July 19, 2006 9:46 PM
To: Council GNSO
Subject: RE: [council] Version 2: Proposed motion regarding Personal Data
that is collected and retained by registrars

Hello Marilyn,

With respect to the motion, I think procedurally the proposer and
seconder could withdraw the previous motion tabled in Marrakech (ie me
and Tony Holmes), and then I can call for a seconder for a new motion.
Alternatively we can vote on amending the original motion etc, - but I
think that might get too cumbersome.


Thanks for the suggested changes.  Some comments below.


> 
> 
> See inserts below in CAPS.
> 
> 
> > "The GNSO Council notes that, consistent with generally accepted 
> > privacy principles, Registrars are required under clause 3.7.7.4 of 
> > the Registrar Accreditation Agreement to provide notice to 
> each new or 
> > renewed Registered Name Holder stating:
> >
> > (i) The purposes for which any Personal Data collected from the 
> > applicant are intended;
> >
> > (ii) The intended recipients or categories of recipients of 
> the data 
> > (including the Registry Operator and others who will 
> receive the data 
> > from Registry Operator);
> >
> > (iii) Which data ELEMENTS are obligatory and which data 
> ELEMENTS, if 
> > any,
> are voluntary;
> > and
> >
> > (iv) How the Registered Name Holder or data subject can 
> access and, if 
> > necessary, CORRECT OR rectify the data held about them.
> >


The text above is a direct quote from the current registrar agreement (I
have changed the numbering to avoid confusion) - so I would prefer to
leave that text unchanged.


> > To further understand the range of purposes for which data is 
> > COLLECTED
> AND USED [intended],
> > the GNSO proposes the following steps:


"Used" and "intended to be used" are different concepts.   The focus of
the motion is on the purpose of collecting the data.   Of course any
data that is obtained by a third party (ie not the registrant or
registrar) may be used in different ways.  Part 3 of the motion is
attempting to summarise how the public information is used.




> >
> > (1) The ICANN staff will review a sample of registrar 
> agreements with 
> > Registered Name Holders to identify some of the purposes for which 
> > registrars collect Personal Data in the course of 
> registering a domain 
> > name for their customers.
> >
> > (2) The ICANN staff will review a REPRESENTATIVE sample of ccTLD 
> > registry
> or ccTLD
> > registrar agreements, TAKING INTO ACCOUNT THE ISSUES OF GEOGRAPHICAL
> DIVERSITY AND RULE OF LAW VARIANCES, with registrants to 
> identify some of the purposes
> > for which these organisations collect AND DISPLAY Personal Data from
> registrants.

This motion is focussed on the purpose for collecting data.  I think it
should stay constained to that topic.   I think we have previously
reviewed how ccTLDs display data as part of the WHOIS task force work.


> >
> > (3) The ICANN staff will summarise the current material that has 
> > resulted from WHOIS discussions since 2002 that document 
> the current 
> > uses of the data that is currently made public through the WHOIS 
> > service. [WHAT IS THE TIME FRAME FOR THIS PROJECT?]

A good question.  I would hope no more than 4 weeks, but the staff can
hopefully provide an estimate based on their current work items.



Regards,
Bruce Tonkin