All,
The Council of Europe has also responded to NCUC's privacy letter
(attached) and stated that it shares our concerns about ICANN's
compliance with privacy rights.
Best,
Robin
Begin forwarded message:
> From: KWASNY Sophie <[log in to unmask]>
> Date: October 11, 2012 5:42:39 AM PDT
> To: "[log in to unmask]" <[log in to unmask]>
> Cc: THACI Elvana <[log in to unmask]>
> Subject: RE: Urgent Request from Non-Commercial Users Constituency
> for Council of Europe to review ICANN contract for privacy compliance
> Dear Mr Gross,
>
> Please find attached a letter of the Chair of the Consultative
> Committee of Convention 108 for your attention.
>
> Should you need any complementary information, please do not
> hesitate to contact me.
>
> Best regards,
> Sophie Kwasny
> Data Protection Unit
> Human Rights and Rule of Law (DG I)
> CONSEIL DE L'EUROPE - COUNCIL OF EUROPE
> tel : + 33(0) 3 90 21 43 39
>
> www.coe.int/dataprotection
>
> From: Robin Gross [mailto:[log in to unmask]]
> Sent: Sunday 22 July 2012 22:20
> To: THACI Elvana
> Cc: David Cake ([log in to unmask]) ([log in to unmask]);
> Wolfgang Kleinwächter
> Subject: Urgent Request from Non-Commercial Users Constituency for
> Council of Europe to review ICANN contract for privacy compliance
>
> Dear Thaci Elvana:
>
> I am writing to you as a matter of urgency concerning online
> privacy. I represent the Non-Commercial Users Constituency of ICANN
> and have concerns regarding ICANN’s the current consultation
> relating to contracts with Registrars. A short letter from your
> office would help greatly to balance the negotiation discussion. I
> ask you to send correspondence to the ICANN Board Chair and CEO.
>
> As you will be aware, the international management of Internet
> naming and addressing is conducted by ICANN, the Internet
> Corporation for Assigned Names and Numbers. As part of ICANN’s
> work, contractual arrangements are entered into with private
> corporations to offer particular Internet domain names to the
> public. These private corporations (“Registrars”) in turn
> undertake to manage the personal details of their customers
> (“Registrants”) in accordance with the requirements of their
> contract with ICANN.
>
> Registrars collect and hold personal information about registrants
> and have obligations to uphold privacy-related principles for the
> collection, use, storage and disposal of this registration data. It
> is my belief that ICANN requirements within the contracts with
> Registrars must uphold and not violate international human rights
> standards on privacy, in particular collection, access to, and use
> of such data. Incursions on privacy are permissible, only when
> restricted to exceptional circumstances, such as access by law
> enforcement bodies pursuant to a judicial process and in any event
> subject to rules relating to access to data across national borders.
>
> The aggregated database of registrants’ contact information is
> called the WHOIS database, and is currently required to be
> published to unauthenticated requesters. In my view, information
> within this database must only be collected for the purpose for
> which is needed, and sensitive information must be made available
> only to those with demonstrated need. There is no clearly
> established need for the collection of, for instance, telephone
> numbers for the purposes of registering a domain name, although
> Registrars and others may find this convenient. A blanket
> requirement to provide telephone numbers would, therefore, seem to
> be an unreasonable intrusion into the privacy rights of
> registrants. Similarly, physical addresses and secondary identity
> verification documents are not required for the operation of the
> domain name system, and in my view should not be permitted or
> required in the contracts ICANN has with Registrars.
>
> I am sure you will understand that with the creation of a data-rich
> database, concerns regarding the proper and secure storage and
> compliant arrangements for the disposal of registration data when
> it is no longer required become more important and potentially
> privacy-intrusive. In my view, the current requirements in the new
> draft contracts with Registrars are likely to infringe national
> privacy laws and have impact on citizens within your jurisdiction.
>
> For example, WHOIS contact details need only be an email address of
> a technical officer who is empowered by the registrant to fix
> technical issues with a domain name address or pass on
> communications. There is no technical need for identity
> verification, let alone regular or annual verification, beyond the
> existing requirements. In many jurisdictions where freedom of
> expression is tenuous, the greater the degree of anonymity or
> pseudonymity, the greater the freedom of expression. This is even
> more acute when the database is stored in a foreign country and
> subject to different national laws regarding privacy and access by
> public officials to private databases. It is important, therefore,
> to ensure that national laws relating to privacy are respected.
>
> The Article 29 Working Party has previously considered WHOIS, and
> raised concerns as far back as 2003, saying that “it is necessary
> to look for less intrusive methods that would still serve the
> purpose of the Whois directories without having all data directly
> available on-line to everybody.” http://ec.europa.eu/justice/
> policies/privacy/docs/wpdocs/2003/wp76_en.pdf Unfortunately,
> ICANN’s draft contract goes in the opposite direction,
> exacerbating the privacy harms.
>
> The draft contracts are open for comment – see http://
> www.icann.org/en/news/announcements/announcement-7-04jun12-en.htm -
> and I would request your organisation review and consider the
> privacy impacts of these new contracts – in particular the summary
> of the negotiating team’s responses to law enforcement
> submissions. On behalf of the Non-Commercial User Constituency, I
> recommend that your organisation respond to the ICANN consultative
> process to ensure that privacy considerations and respect for
> national privacy laws remains a strong feature of ICANN’s
> contractual arrangements. Your comments would be very helpful in
> giving balanced background to the negotiations.
>
> I recommend that you send comments directly to Dr. Steve Crocker,
> Chair of the ICANN Board, and Akram Atallah, interim CEO, via email
> to the Director of Board Support, [log in to unmask]
> Comments by the end of July would be most helpful, but any
> information you can add would be welcome.
>
> Please feel free to contact me [log in to unmask] if the NCUC
> can provide further information or background.
>
> Very truly yours,
>
> David Cake, Chair, Non-Commercial Users Constituency
>
> Robin Gross, Chair, Non-Commercial Stakeholders Group
>
> More info on ICANN RAA contract negotiations:
> https://community.icann.org/display/RAA/Negotiations+Between
> +ICANN+and+Registrars+to+Amend+the+Registrar+Accreditation+Agreement
> _______________________________________________
> Robin D. Gross, IP Justice Executive Director
> Web: www.ipjustice.org
> Email: [log in to unmask]
> Phone: +1 415.553.6261
>

IP JUSTICE
Robin Gross, Executive Director
1192 Haight Street, San Francisco, CA 94117 USA
p: +1-415-553-6261 f: +1-415-462-6451
w: http://www.ipjustice.org e: [log in to unmask]
|