Subject: | |
From: | |
Reply To: | Andrew A. Adams |
Date: | Tue, 16 Jul 2013 09:52:25 +0900 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Milton wrote:
> Is there any way that EPIC or other privacy organizations with
> litigation experience can advise us on or European colleagues on how
> to sue ICANN to show that it does have legal effect?
There is no way really to premptively bring this to a court. If ICANN does
not regard the Art 29 WP as a suitable authority, then it may also not
recognise the individual regulators as competent authorities. In its current
form, i.e. the data protection directive, it is up to individual member
states to set up appropriate legislation in each country to implement the
directive. (As a side-note the proposed new regulation is much simpler in
that regulations pretty much get direct effect in member states.) We'd have
to know what ICANN would regard as sufficient legal authority. Perhaps they
would regard individual rulings by each regulator as having sufficient effect
(since this appears to have been a unanimous decision by the ART29WP which
includes representatives of all the regulators as well as some other
advisors, that actually should be feasible). However, ICANN could just as
easily then turn around and say that this is still not sufficient, in which
case we'd have to wait for:
An EU-based registrar to comply with thick whois, and make the information
available as per the ICANN rules;
someone subject to that registry to make a complaint to the regulator in
their country; OR for the relevant DPA to intervene on their own recognisance
to order the registrar to stop such activity;
the registrar to appeal to the relevant tribunal or court;
the relevant tribunal or court to rule that the data protection authority is
correct;
further appeals up the chain to the member state top court, and for them to
refer the matter to the ECJ (European Court of Justice) for an EU-level
opinion binding on all EU jurisdictions.
THat would take, on conservative estimates, about five years to complete. In
the meantime all registrars in EU member states would be caught between the
rock of ICANN rules and the hard place of their own regulators'
interpretations of EU rules.
Plus, in the meantime, the new EU DP Regulations will probably become EU law
this year or next. Luckily for us, this wouldn't then have any further delay
in transposition into member states laws.
We need to know whether ICANN would regard individual statements from
relevant DPAs in the various EU member states would be regarded as
sufficient, or whether they would push registrars into the ridiculous
position of having to ignore the advice of their DP authority (which opens
them to significant fines in many cases) or ICANN's rules (which runs the
risk of them beign suspended by their registry IIRC).
--
Professor Andrew A Adams [log in to unmask]
Professor at Graduate School of Business Administration, and
Deputy Director of the Centre for Business Information Ethics
Meiji University, Tokyo, Japan http://www.a-cubed.info/
|
|
|