Re: [registrars] RE: Call for Constituency statements on Whois tf 1/2 recommendations
- To: Tim Ruiz <tim@xxxxxxxxxxx>
- Subject: Re: [registrars] RE: Call for Constituency statements on Whois tf 1/2 recommendations
- From: "Marcus Faure" <faure@xxxxxxxxxxx>
- Date: Wed, 19 Jan 2005 20:29:52 +0100 (CET)
- Cc: Bruce Tonkin <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>, registrars@xxxxxxxx, ross@xxxxxxxxxx
- In-reply-to: <email@example.com> from Tim Ruiz at "Jan 19, 2005 07:15:54 am"
- Sender: owner-registrars@xxxxxxxxxxxxxx
CORE endorses this motion.
> I take your comments as a friendly amendment. The motion so amended
> follows below.
> MEMBERS PLEASE NOTE: There are two endorsements to this motion, it needs
> three more endorsements for a total of five. Bruce, with your friendly
> amendment now included, does it have your endorsement?
> The Registrar Constituency position is that these recommendations are
> over-reaching, unrealistic and inappropriate.
> RE: 1. Registrars must ensure that disclosures regarding availability
> and third-party access to personal data associated with domain names
> actually be presented to registrants during the registration process.
> Linking to an external web page is not sufficient.
> It is inappropriate to view the registration exercise as a policy
> education process. It is a registration process and should be as
> simple, straightforward and unburdened as possible for registrants to
> conclude. The current trend to "cram" all sorts of notices, and
> prescribe the method of notification, into the registration process
> interferes with the potential simplicity of this process.
> Furthermore, presenting anything to the registrant during the
> registration process is an entirely new obligation that would require
> many registrars to completely re-establish their method of registration.
> For wholesale registrars, this represents a highly onerous burden.
> Lastly, this recommendation is highly unclear. What is a disclossure
> regarding availability? Availability of what? This should be defined.
> This recommendation would be acceptable in the following form (with the
> potential to include a reference to "availability" if
> agreeable clarification is forthcoming);
> 1. Registrars must ensure that disclosures regarding availability and
> third-party access to personal data associated with domain names
> actually be AVAILABLE to registrants during the registration process.
> RE: 2. Registrars must ensure that these disclosures are set aside from
> other provisions of the registration agreement if they are presented to
> registrants together with that agreement. Alternatively, registrars may
> present data access disclosures separate from the registration
> agreement. The wording of the notice provided by registrars should, to
> the extent feasible, be uniform.
> Prescribing the form and scope of my legal agreeements with my
> registrants is inappropriate and without precedent under current
> agreements. This entire clause should be removed from the
> RE: 3. Registrars must obtain a separate acknowledgement from registrars
> that they have read and understand these disclosures. This provision
> does not affect registrars' existing obligations to obtain registrant
> consent to the use of their contact information in the WHOIS system.
> Presumably, this was intended to read "acknowledgement from Registrants
> that...", nonetheless requiring separate acknowledgement is an
> unworkable condition that cannot be practically implemented in the
> current environment. Today, a Registrar is required to bind a
> Registrant to a series of obligations. It is a well known fact that
> customers do not read point-of-sale agreements. This is especially true
> of click-wrap agreements. Ascertaining whether or not a Registrant has
> read and understands those obligations is beyond the scope of existing
> registration processes.
> It is really only appropriate to obtain a Registrants agreement that
> their data will be included in the Whois and make this a condition of
> registration in a fashion similar to the other terms a Registrant must
> agree to prior to undertaking a registration.
> Since this is already required in the current RAA in sub-sections
> 184.108.40.206, 220.127.116.11, and 18.104.22.168, this recommendation should be removed
> from the Task Force recommendations.
> -------- Original Message --------
> Subject: RE: [registrars] RE: Call for Constituency statements on Whois
> tf 1/2 recommendations
> From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
> Date: Sun, January 09, 2005 8:58 pm
> To: "Tim Ruiz" <tim@xxxxxxxxxxx>, ross@xxxxxxxxxx
> Cc: registrars@xxxxxxxx
> Hello All,
> The original titles of WHOIS TF1/2 were:
> "Restricting access to WHOIS data for marketing purposes"
> "Review of data collected and displayed"
> The recommendation relating to the display of a term of service doesn't
> actually address either of the two problems.
> Under the current arrangements, it is a term of service for obtaining a
> domain name for the data to be collected and displayed. It is one of
> many terms of service.
> I thought obtaining a registrant's consent may be helpful for some
> registrars to meet their local laws with respect to privacy, but I have
> been recently informed that where the consent is compulsory to acquire
> the service - it is not really consent.
> Many registrars seek explicit consent from registrants to receive other
> marketing information. This is optional and is not a term of service.
> It makes sense to offer this choice explicitly.
> It doesn't make sense that linking to an external web page should not be
> sufficient for the WHOIS requirements, when it is sufficient for all
> other terms of service.
> It is standard industry practice to present privacy policies in a
> separate webpage.
> I would prefer the recommendation to be reworded as:
> "Registrars must ensure that disclosures regarding availability and
> third-party access to personal
> data associated with domain names actually be AVAILABLE to registrants
> during the registration
> In summary I see no point in seeking explicit consent to a term of the
> registration agreement, until consent is actually an option. Hopefully
> with tiered access, a user could consent to be in the public data, with
> the default being that the data is protected via some sort of access
> Bruce Tonkin