Dear all, thank you so much for all the work. This final document has my support as either an NCUC or an NCSG position document. Nicolas NCUC, NCSG On 31/07/2014 2:27 PM, Stephanie Perrin wrote: > Ok folks, I think we have a draft (5) which is now ready for final > approval. I have taken Kathy's last draft, done a final edit > (unfortunately I cannot restrain my editing, each time I go through > the draft, as I find things I forgot to note the last time. So there > are a few changes.) In deference to Avri's strong objection to the > mention of multistakeholderism as being subservient to adherance to > law, I did an edit of that sentence. > It is unfortunate that Michele used the example of German law (as the > lander each have their own laws and Commissioners, and I am quite > unsure whose jurisdiction this issue would fall under) however I left > it in. I also tried to clarify the paragraph where we discuss > consultation on decisions regarding exemption. I hope it is now clear > and reflects all members views on the matter. > Rafik, I would recommend that when you digitally sign the clean copy > you save it as NCSG comments on the WHOIS conflicts consultation, as > the current title is messy (assuming we can now get concensus on > moving forward and filing this tomorrow). > Kind regards, > Stephanie > On 2014-07-31, 11:09, Kathy Kleiman wrote: >> Hi Stephanie, >> Tx for adding Avri's comments. I've reviewed all of the changes, and >> also added one more to this most recent version. _Newest version >> (NCSGEdits3) attached. _ >> **Due tomorrow** >> Best, >> Kathy >> : >>> I also agreed with Avri and inserted a few of her changes, Kathy did >>> not get those edits....we need to make sure we have a final copy >>> that Rafik can sign, which reflects all the agreed changes. Do you >>> want me to have another edit one last time, to make sure that Joy's >>> comments (which were on an earlier draft) and Avri's are all in there? >>> cheers stephanie >>> On 2014-07-31, 9:22, Amr Elsadr wrote: >>>> Hi all, >>>> >>>> On Jul 30, 2014, at 2:57 PM, Avri Doria <[log in to unmask]> wrote: >>>> >>>>> hi, >>>>> >>>>> Reviewed the document. >>>>> >>>>> Made a change so it could be a NCSG document. >>>> Thanks. >>>> >>>>> There are parts I am uncomfortable with, some of which I deleted and >>>>> some of which I left and still am uncomfortable with. >>>>> >>>>> I do not think we should ever dismiss the Multistakeholder model. >>>>> I do >>>>> not wish to find ourselves in the situation of being quoted for >>>>> having >>>>> suggested that there are times when the model should be >>>>> superseded. That >>>>> would be a gold mine for some. I deleted those references. >>>> Fully agree. Although I don’t feel that was the intent, it could >>>> certainly be perceived that way. No need to bring it up. >>>> >>>>> I am also uncomfortable with saying there are things that don't need >>>>> public comment on. To just have to take the legal staff view on >>>>> things >>>>> is dangerous. What if they say the law does not require something >>>>> when >>>>> someone knows better. Better to have a null review. I have not, >>>>> however, removed these as they were an entire section. I would like >>>>> to see that section reworded or removed before approving the >>>>> documents. >>>> IMHO, I don’t see the need for a public comment period on every >>>> time this policy might be used. If a new set of policies and >>>> processes are adopted for handling WHOIS conflicts with privacy >>>> laws, then they should be clear enough during implementation to not >>>> require public comment, right? Isn’t this the case with all >>>> policies? For instance, is there a public comment period every time >>>> a new registrar signs a contract with ICANN? Or will there be a >>>> public comment period when implementation of the “thick” WHOIS >>>> policy kicks in? >>>> >>>> Another thought is that a public comment period will also lengthen >>>> the period during which a registrar will potentially be at risk for >>>> non-compliance with local laws. Unless there is an important reason >>>> why there should be a public comment for each of the resolution >>>> scenarios, then I suggest we support Kathy’s recommendation to not >>>> have any. >>>> >>>> Thanks. >>>> >>>> Amr >>>> >>>>> I also removed a bunch of weasel words like 'respectfully' >>>>> >>>>> avri >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 30-Jul-14 14:28, Avri Doria wrote: >>>>>> Hi, >>>>>> >>>>>> Started reviewing them, actually Stephanie's comments. They are >>>>>> written >>>>>> from an NCUC perspective and need to be approved by them, not us. >>>>>> >>>>>> avri >>>>>> >>>>>> >>>>>> On 30-Jul-14 11:36, Rafik Dammak wrote: >>>>>>> Hi everyone, >>>>>>> >>>>>>> Kathy sent a draft comment to the whois conflict with local >>>>>>> laws. we >>>>>>> have a tight schedule and we should act quickly. >>>>>>> we are responding during the reply period which means the last >>>>>>> chance >>>>>>> for us to do so. >>>>>>> @Maria can you please follow-up with this request? >>>>>>> >>>>>>> Best, >>>>>>> >>>>>>> Rafik >>>>>>> >>>>>>> >>>>>>> >>>>>>> ---------- Forwarded message ---------- >>>>>>> From: *Kathy Kleiman* <[log in to unmask] >>>>>>> <mailto:[log in to unmask]>> >>>>>>> Date: 2014-07-30 2:44 GMT+09:00 >>>>>>> Subject: Draft Comments for Whois Proceeding >>>>>>> To: Rafik Dammak <[log in to unmask] >>>>>>> <mailto:[log in to unmask]>>, [log in to unmask] >>>>>>> <mailto:[log in to unmask]> >>>>>>> >>>>>>> >>>>>>> To Rafik, NCSG Executive Committee and NCSG Membership, >>>>>>> >>>>>>> There is an important, but very quiet comment proceeding that >>>>>>> has been >>>>>>> taking place this summer. It is the /Review of the ICANN >>>>>>> Procedure for >>>>>>> Handling WHOIS Conflicts with Privacy Law///at >>>>>>> /https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> Stephanie put out a call for comments, and not seeing any, I >>>>>>> drafted >>>>>>> these. It has been dismayeding ever since ICANN adopted its >>>>>>> Consensus >>>>>>> Procedure for Handling WHOIS Conflicts with Privacy law -- >>>>>>> because it >>>>>>> basically requires that Registrars and Registries have to be >>>>>>> sued or >>>>>>> receive an official notice of violation before they can ask >>>>>>> ICANN for a >>>>>>> waiver of the Whois requirements. That always seemed very >>>>>>> unfair- that >>>>>>> you have to be exposed to allegation of illegal activity in >>>>>>> order to >>>>>>> protect yourself or your Registrants under your national data >>>>>>> protection >>>>>>> and privacy laws. >>>>>>> >>>>>>> In the more recent Data Retention Specification, of the 2013 >>>>>>> RAA, ICANN >>>>>>> Staff and Lawyers saw this problem and corrected it -- now >>>>>>> Registrars >>>>>>> can be much more pro-active in showing ICANN that a certain >>>>>>> clause in >>>>>>> their contract (e.g., extended data retention) is a clear >>>>>>> violation of >>>>>>> their national law (e.g., more limited data retention). >>>>>>> >>>>>>> So to this important comment proceeding, I drafted these >>>>>>> comments for us >>>>>>> to submit. As Reply Comments (during the Reply Period), we are >>>>>>> asked to >>>>>>> respond to other commenters. That's easy as the European >>>>>>> Commission and >>>>>>> Registrar Blacknight submitted useful comments. >>>>>>> >>>>>>> Rafik, can we edit, finalize and submit by the deadline on Friday? >>>>>>> Comments below and attached. If you have edits, in the interest >>>>>>> of time, >>>>>>> kindly suggest alternate language. Tx!! >>>>>>> >>>>>>> Best, >>>>>>> Kathy >>>>>>> -------------------------------------------------------------------------------------------------------- >>>>>>> >>>>>>> >>>>>>> DRAFT NCSG Response to the Questions of the >>>>>>> >>>>>>> /Review of the ICANN Procedure for Handling WHOIS Conflicts with >>>>>>> Privacy >>>>>>> Law// >>>>>>> https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/ >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Introduction* >>>>>>> >>>>>>> The Noncommercial Stakeholders Group represents noncommercial >>>>>>> organizations in their work in the policy and proceedings of >>>>>>> ICANN and >>>>>>> the GNSO. We respectfully submit as an opening premise that >>>>>>> every legal >>>>>>> business has the right and obligation to operate within the >>>>>>> bounds and >>>>>>> limits of its national laws and regulations. No legal business >>>>>>> establishes itself to violate the law; and to do so is an >>>>>>> invitation to >>>>>>> civil and criminal penalties. ICANN Registries and Registrars >>>>>>> are no >>>>>>> different – they want and need to abide by their laws. >>>>>>> >>>>>>> Thus, it is timely for ICANN to raise the questions of this >>>>>>> proceeding, >>>>>>> /Review of the ICANN Procedure for Handling WHOIS Conflicts with >>>>>>> Privacy >>>>>>> Law/(albeit at a busy time for the Community and at the height of >>>>>>> summer; we expect to see more interest in this time towards the >>>>>>> Fall). >>>>>>> We submit these comments in response to the issues raises and the >>>>>>> questions asked. >>>>>>> >>>>>>> *Background* >>>>>>> >>>>>>> The /ICANN Procedure for Handling Whois Conflicts with Privacy >>>>>>> Law /was >>>>>>> adopted in 2006 after years of debate on Whois issues. This >>>>>>> Consensus >>>>>>> Procedure was the first step of recognition that data protection >>>>>>> laws >>>>>>> and privacy law DO apply to the personal and sensitive data being >>>>>>> collected by Registries and Registrars for the Whois database. >>>>>>> >>>>>>> But for those of us in the Noncommercial Users Constituency (now >>>>>>> part of >>>>>>> the Noncommercial Stakeholders Group/NCSG) who helped debate, >>>>>>> draft and >>>>>>> adopt this Consensus Procedure in the mid-2000s, we were always >>>>>>> shocked >>>>>>> that the ICANN Community did not do more. At the time, multiple >>>>>>> Whois >>>>>>> Task Forces were at work with multiple proposals which include >>>>>>> important >>>>>>> and pro-active suggestions to allow Registrars and Registries to >>>>>>> come >>>>>>> into compliance with their national data protection and privacy >>>>>>> laws. >>>>>>> >>>>>>> At the time, we never expected this Consensus Procedure to be an >>>>>>> end >>>>>>> itself – but the first step of many steps. It was an “end” for >>>>>>> too long, >>>>>>> so we are glad the discussion is reopened and once again we seek to >>>>>>> allow Registrars and Registries to be in full compliance with their >>>>>>> national data protection and privacy laws – from the moment they >>>>>>> enter >>>>>>> into their contracts with ICANN. >>>>>>> >>>>>>> *II. Data Protection and Privacy Laws – A Quick Overview of the >>>>>>> Principles that Protect the Personal and Sensitive Data of >>>>>>> Individuals >>>>>>> and Organizations/Small Businesses * >>>>>>> >>>>>>> ** >>>>>>> >>>>>>> /*[Stephanie, Tamir or Others with Expertise in Canadian and >>>>>>> European >>>>>>> Data Protection Laws may choose to add something here]. */ >>>>>>> >>>>>>> III/*. */Questions asked of the Community in this Proceeding >>>>>>> >>>>>>> The ICANN Review Paper raised a number of excellent questions. In >>>>>>> keeping with the requirements of a Reply Period, these NCSG >>>>>>> comments >>>>>>> will address both our comments and those comments we particularly >>>>>>> support in this proceeding. >>>>>>> >>>>>>> 1. >>>>>>> >>>>>>> Is it impractical for ICANN to require that a contracted >>>>>>> party >>>>>>> already has litigation or a government proceeding initiated >>>>>>> against it prior to being able to invoke the Whois >>>>>>> Procedure? >>>>>>> >>>>>>> 1.1 Response: Yes, it is completely impractical (and >>>>>>> ill-advised) to >>>>>>> force a company to violate a national law as a condition of >>>>>>> complying >>>>>>> with that national law. Every lawyer advises businesses to >>>>>>> comply with >>>>>>> the laws and regulations of their field. To do otherwise is to face >>>>>>> fines, penalties, loss of the business, even jail for officers and >>>>>>> directors. Legal business strives to be law-abiding; no officer or >>>>>>> director wants to go to jail for her company's violations. It is >>>>>>> the >>>>>>> essence of an attorney's advice to his/her clients to fully >>>>>>> comply with >>>>>>> the laws and operate clearly within the clear boundaries and >>>>>>> limits of >>>>>>> laws and regulations, both national, by province or state and >>>>>>> local. >>>>>>> >>>>>>> In these Reply Comments, we support and encourage ICANN to adopt >>>>>>> policies consistent with the initial comments submitted by the >>>>>>> European >>>>>>> Commission: >>>>>>> >>>>>>> o >>>>>>> >>>>>>> that the Whois Procedure be changed from requiring specific >>>>>>> prosecutorial action instead to allowing “demonstrating >>>>>>> evidence >>>>>>> of a potential conflict widely and e.g. accepting >>>>>>> information on >>>>>>> the legislation imposing requirements that the contractual >>>>>>> requirements would breach as sufficient evidence.” (European >>>>>>> Commission comments) >>>>>>> >>>>>>> We also agree with Blacknight: >>>>>>> >>>>>>> o >>>>>>> >>>>>>> “It's completely illogical for ICANN to require that a >>>>>>> contracting party already has litigation before they can >>>>>>> use a >>>>>>> process. We would have loved to use a procedure or >>>>>>> process to >>>>>>> get exemptions, but expecting us to already be litigating >>>>>>> before >>>>>>> we can do so is, for lack of a better word, nuts.” >>>>>>> (Blacknight >>>>>>> comments in this proceeding). >>>>>>> >>>>>>> >>>>>>> 1.1a How can the triggering event be meaningfully defined? >>>>>>> >>>>>>> 1.1 a Response: This is an important question. Rephrased, we >>>>>>> might ask >>>>>>> together – what must a Registry or Registrar show ICANN in >>>>>>> support of >>>>>>> its claim that certain provisions involving Whois data violate >>>>>>> provisions of national data protection and privacy laws? >>>>>>> >>>>>>> NCSG respectfully submits that there are at least four “triggering >>>>>>> events” that ICANN should recognize: >>>>>>> >>>>>>> o >>>>>>> >>>>>>> Evidence from a national Data Protection Commissioner or >>>>>>> his/her >>>>>>> office (or from a internationally recognized body of >>>>>>> national >>>>>>> Data Protection Commissioners in a certain region of the >>>>>>> world, >>>>>>> including the Article 29 Working Party that analyzes the >>>>>>> national data protection and privacy laws) that ICANN's >>>>>>> contractual obligations for Registry and/or Registrar >>>>>>> contracts >>>>>>> violate the data protection laws of their country or >>>>>>> their group >>>>>>> of countries; >>>>>>> >>>>>>> o >>>>>>> >>>>>>> Evidence of legal and/or jurisdictional conflict arising >>>>>>> from >>>>>>> analysis performed by ICANN's legal department or by >>>>>>> national >>>>>>> legal experts hired by ICANN to evaluate the Whois >>>>>>> requirements >>>>>>> of the ICANN contracts for compliance and conflicts with >>>>>>> national data protection laws and cross-border transfer >>>>>>> limits) >>>>>>> (similar to the process we understand was undertaken for the >>>>>>> data retention issue); >>>>>>> >>>>>>> >>>>>>> o >>>>>>> >>>>>>> Receipt of a written legal opinion from a nationally >>>>>>> recognized >>>>>>> law firm in the applicable jurisdiction that states that the >>>>>>> collection, retention and/or transfer of certain Whois data >>>>>>> elements as required by Registrar or Registry Agreements is >>>>>>> “reasonably likely to violate the applicable law” of the >>>>>>> Registry or Registrar (per the process allowed in RAA Data >>>>>>> Retention Specification); or >>>>>>> >>>>>>> >>>>>>> o >>>>>>> >>>>>>> An official opinion of any other governmental body of >>>>>>> competent >>>>>>> jurisdiction providing that compliance with the data >>>>>>> protection >>>>>>> requirements of the Registry/Registrar contracts violates >>>>>>> applicable national law (although such pro-active >>>>>>> opinions may >>>>>>> not be the practice of the Data Protection Commissioner's >>>>>>> office). >>>>>>> >>>>>>> The above list draws from the comments of the European >>>>>>> Commission, Data >>>>>>> Retention Specification of the 2013 Registrar Accreditation >>>>>>> Agreement, >>>>>>> and sound compliance and business practices for the ICANN General >>>>>>> Counsel's office. >>>>>>> >>>>>>> We further agree with Blacknight that the requirements for >>>>>>> triggering >>>>>>> any review and consideration by ICANN be: simple and >>>>>>> straightforward, >>>>>>> quick and easy to access. >>>>>>> >>>>>>> >>>>>>> 1.3 Are there any components of the triggering >>>>>>> event/notification >>>>>>> portion of the RAA's Data Retention waiver process that should be >>>>>>> considered as optional for incorporation into a modified Whois >>>>>>> Procedure? >>>>>>> >>>>>>> >>>>>>> 1.3 Response: Absolutely, the full list in 1.1a above, together >>>>>>> with >>>>>>> other constructive contributions in the Comments and Reply >>>>>>> Comments of >>>>>>> this proceeding, should be strongly considered for incorporation >>>>>>> into a >>>>>>> modified Whois Procedure, or simply written into the contracts >>>>>>> of the >>>>>>> Registries and Registrars contractual language, or a new Annex or >>>>>>> Specification. >>>>>>> >>>>>>> We respectfully submit that the obligation of Registries and >>>>>>> Registrars >>>>>>> to comply with their national laws is not a matter of >>>>>>> multistakeholder >>>>>>> decision making, but a matter of law and compliance. In this >>>>>>> case, we >>>>>>> wholeheartedly embrace the concept of building a process >>>>>>> together that >>>>>>> will allow exceptions for data protection and privacy laws to be >>>>>>> adopted >>>>>>> quickly and easily. >>>>>>> >>>>>>> >>>>>>> 1.4 Should parties be permitted to invoke the Whois Procedure >>>>>>> before >>>>>>> contracting with ICANN as a registrar or registry? >>>>>>> >>>>>>> >>>>>>> 1.4 Response: Of course, Registries and Registrars should be >>>>>>> allowed to >>>>>>> invoke the Whois Procedure, or other appropriate annexes and >>>>>>> specifications that may be added into Registry and Registrar >>>>>>> contracts >>>>>>> with ICANN. As discussed above, the right of a legal company to >>>>>>> enter >>>>>>> into a legal contracts is the most basic of expectations under law. >>>>>>> >>>>>>> >>>>>>> 2.1 Are there other relevant parties who should be included >>>>>>> in this >>>>>>> step? >>>>>>> >>>>>>> >>>>>>> 2.1 Response: We agree with the EC that ICANN should be working as >>>>>>> closely with National Data Protection Authorities as they will >>>>>>> allow. In >>>>>>> light of the overflow of work into these national commissions, >>>>>>> and the >>>>>>> availability of national experts at law firms, ICANN should also >>>>>>> turn to >>>>>>> the advice of private experts, such as well-respected law firms who >>>>>>> specialize in national data protection laws. The law firm's >>>>>>> opinions on >>>>>>> these matters would help to guide ICANN's knowledge and >>>>>>> evaluation of >>>>>>> this important issue. >>>>>>> >>>>>>> >>>>>>> 3.1 How is an agreement reached and published? >>>>>>> >>>>>>> 3.1 Response. As discussed above, compliance with national law >>>>>>> may not >>>>>>> be the best matter for negotiation within a multistakeholder >>>>>>> process. It >>>>>>> really should not be a chose for others to make whether you >>>>>>> comply with >>>>>>> your national data protection and privacy laws. That said, the >>>>>>> process >>>>>>> of refining the Consensus Procedure, and adopting new policies and >>>>>>> procedures, or simply putting new contract provisions, annexes or >>>>>>> specifications into the Registry and Registrar contracts SHOULD be >>>>>>> subject to community discussion, notification and review. But >>>>>>> once the >>>>>>> new process is adopted, we think the new changes, variations, >>>>>>> modifications or exceptions of Individual Registries and >>>>>>> Registrars need >>>>>>> go through a public review and process. The results, however, >>>>>>> Should be >>>>>>> published for Community notification and review. >>>>>>> >>>>>>> >>>>>>> We note that in conducting the discussion with the Community on the >>>>>>> overall or general procedure, policy or contractual changes, ICANN >>>>>>> should be assertive in its outreach to the Data Protection >>>>>>> Commissioners. Individual and through their organizations, they >>>>>>> have >>>>>>> offered to help ICANN evaluate this issue numerous times. The Whois >>>>>>> Review Team noted the inability of many external bodies to >>>>>>> monitor ICANN >>>>>>> regularly, but the need for outreach to them by ICANN staff >>>>>>> nonetheless: >>>>>>> >>>>>>> >>>>>>> *Recommendation 3: Outreach* >>>>>>> >>>>>>> *ICANN should ensure that WHOIS policy issues are accompanied by >>>>>>> cross-community* >>>>>>> >>>>>>> *outreach, including outreach to the communities outside of >>>>>>> ICANN with a >>>>>>> specific* >>>>>>> >>>>>>> *interest in the issues, and an ongoing program for consumer >>>>>>> awareness.* >>>>>>> >>>>>>> This is a critical policy item for such outreach and input. >>>>>>> >>>>>>> >>>>>>> 3.2 If there is an agreed outcome among the relevant parties, >>>>>>> should >>>>>>> the Board be involved in this procedure? >>>>>>> >>>>>>> >>>>>>> 3.2 Response: Clearly, the changing of the procedure, or the >>>>>>> adoption of >>>>>>> a new policy or new contractual language for Registries and >>>>>>> Registrars, >>>>>>> Board oversight and review should be involved. But once the new >>>>>>> procedure, policy or contractual language is in place, then >>>>>>> subsequent >>>>>>> individual changes, variations, modifications or exceptions >>>>>>> should be >>>>>>> handled through the process and ICANN Staff – as the Data Retention >>>>>>> Process is handled today. >>>>>>> >>>>>>> >>>>>>> 4.1 Would it be fruitful to incorporate public comment in >>>>>>> each of >>>>>>> the resolution scenarios? >>>>>>> >>>>>>> 4.1 Response: We think this question means whether there should be >>>>>>> public input on each and every exception? We respectfully submit >>>>>>> that >>>>>>> the answer is No. Once the new policy, procedure or contractual >>>>>>> language >>>>>>> is adopted, then the process should kick in and the >>>>>>> Registrar/Registry >>>>>>> should be allowed to apply for the waiver, modification or revision >>>>>>> consistent with its data protection and privacy laws. Of course, >>>>>>> once >>>>>>> the waiver or modification is granted, the decision should be >>>>>>> matter of >>>>>>> public record so that other Registries and Registrars in the >>>>>>> jurisdiction know and so that the ICANN Community as a whole can >>>>>>> monitor >>>>>>> this process' implementation and compliance. >>>>>>> >>>>>>> Step Five: Public notice >>>>>>> >>>>>>> >>>>>>> 5.2 Is the exemption or modification termed to the length of the >>>>>>> agreement? Or is it indefinite as long as the contracted party is >>>>>>> located in the jurisdiction in question, or so long as the >>>>>>> applicable >>>>>>> law is in force. >>>>>>> >>>>>>> 5.2 Response: We agree with the European Commission in its >>>>>>> response, >>>>>>> “/By logic the exemption or modification shall be in place as >>>>>>> long as >>>>>>> the party is subject to the jurisdiction in conflict with ICANN >>>>>>> rules. >>>>>>> If the applicable law was to change, or the contacted party >>>>>>> moved to a >>>>>>> different jurisdiction, the conditions should be reviewed to >>>>>>> assess if >>>>>>> the exemption is still justified.” But provided it is the same >>>>>>> parties, >>>>>>> operating under the same laws, the modification or change should >>>>>>> continue through the duration of the relationship between the >>>>>>> Registry/Registrar and ICANN. / >>>>>>> >>>>>>> >>>>>>> 5.3 Should an exemption or modification based on the same >>>>>>> laws and >>>>>>> facts then be granted to other affected contracted parties in >>>>>>> the same >>>>>>> jurisdiction without invoking the Whois Procedure >>>>>>> >>>>>>> 5.3 Response. The European Commission in its comments wrote, and we >>>>>>> strongly agree: /“the same exception should apply to others in >>>>>>> the same >>>>>>> jurisdiction who can demonstrate that they are in the same >>>>>>> situation.” >>>>>>> /Further, Blacknight wrote and we support: /“if ANY registrar in >>>>>>> Germany, for example, is granted a waiver based on German law, >>>>>>> than ALL >>>>>>> registrars based in Germany should receive the same treatment.” >>>>>>> /Once a >>>>>>> national data protection or privacy law is interpreted as >>>>>>> requiring and >>>>>>> exemption or modification, it should be available to all >>>>>>> Registries/Registrars in that country. >>>>>>> >>>>>>> Further, we recommend that ICANN should be required to notify >>>>>>> each gTLD >>>>>>> Registry and Registrar in the same jurisdiction as that of the >>>>>>> decision >>>>>>> so they will have notice of the change. >>>>>>> >>>>>>> We thank ICANN staff for holding this comment period. >>>>>>> >>>>>>> Respectfully submitted, >>>>>>> >>>>>>> NCSG >>>>>>> >>>>>>> >>>>>>> DRAFT >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> PC-NCSG mailing list >>>>>>> [log in to unmask] >>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg >>>>>>> >>>>>> _______________________________________________ >>>>>> PC-NCSG mailing list >>>>>> [log in to unmask] >>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg >>>>>> >>>>>> >>>>> <NSCG DRAFT Comments for Review of WHOIS Consensus >>>>> Proceduresp+ad.doc>_______________________________________________ >>>>> PC-NCSG mailing list >>>>> [log in to unmask] >>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg >>>> >>>> _______________________________________________ >>>> PC-NCSG mailing list >>>> [log in to unmask] >>>> http://mailman.ipjustice.org/listinfo/pc-ncsg >> >