ICANN Policy / Contract vs Local Law

[Michele Neylon - Blacknight <michele@xxxxxxxxxxxxxx>]

Dear Sir / Madam

We thank ICANN for opening up this topic to public comment. 
I am submitting these comments on behalf of Blacknight Internet Solutions Ltd, 
IANA 1448.

As a registrar based in Ireland, which is part of the European Union, we find 
the current policies and contractual obligations that ICANN imposes on 
registrars and registries to be highly problematic.
We also find that ICANN's attempts to date at addressing these shortcomings 
creates an unnecessary burden on registrars and registries who simply wish to 
comply with their national laws.

In fact ICANN's inability to address these issues in a functional and timely 
fashion has led some registrars, including ourselves, to lose thousands of Euro 
in sales due to ICANN's insistence on the 2013 RAA in order for registrars to 
offer new TLDs.

The paper prepared by ICANN staff contains a number of specific questions which 
we will address in our comments.

Current Whois Procedure:

1.1 Is it impractical for ICANN to require that a contracted party already has 
litigation or a  government proceeding initiated against it prior to being able 
to invoke the Whois  Procedure? How can the triggering event be meaningfully 
defined? 

It's completely illogical that a contracted party must face litigation before 
they can use a process. We would have loved to use a procedure or process to 
get exemptions, but expecting us to already be litigating before we can do so 
is, for lack of a better word, nuts.


1.2 Alternatively, does that suggest the Whois Procedure has not been invoked 
because of an absence of enforcement action? 

1.3 Are there any components of the triggering event/notification portion of 
the RAA's Data Retention Waiver process that should be considered as optimal 
for incorporation into a modified Whois Procedure? 
That assumes that the RAA retention waiver process is functional. Based on our 
experiences with it we have found it to be anything but functional. 
Any procedure should be:
- simple and straightforward
- quick
- easy to access

Registrars and other contracted parties are not making frivolous requests when 
they ask ICANN to "permit them" to comply with the law. That ICANN, a 
California Corporation, feels that it has ANY standing with respect to 
companies obligations under their respective national laws is incredibly hard 
to understand. 

1.4 Should parties be permitted to invoke the Whois Procedure before 
contracting with ICANN as a registrar or registry? 

Yes . 

1.5 Would reaching different solutions with different registries with respect 
to exemption or modification of Whois requirements in light of different laws 
in various jurisdictions raise questions of fair and equal treatment?

No. A registry or a registrar cannot be expected to operate against their local 
legislation. 




5.1 What impacts would an exemption or modification have on the contract, and 
on others in the same jurisdiction? 
They should all be treated the same in a jurisdiction.

Also, ICANN needs to revise its contracts to take into account data privacy 
concerns. This has been raised more than once, but ICANN to date has not been 
able to address the problems. The letters from various data privacy / 
protection groups, civil society and others have outlined issues with the ICANN 
policies and contracts, yet ICANN has chosen not to heed them.

5.2 Is the exemption or modification termed to the length of the agreement? Or 
is it indefinite as long as the contracted party is located in the jurisdiction 
in question, or so long as the applicable law requiring the objection is in 
force? 

Indefinite as long as the law is in place

5.3 Should an exemption or modification based on the same laws and facts then 
be granted to other affected contracted parties in the same jurisdiction 
without invoking the Whois Procedure?

YES. The current process is illogical and forces registrars to go through 
needless effort and expense. If ANY registrar in Germany, for example, is 
granted a waiver based on German law, then ALL registrars based in Germany 
should receive the same treatment. Expecting each registrar to go through a 
lengthy, confusing and expensive process to "prove a negative" is not logical 
and does not reflect well on ICANN.


We hope that ICANN is going to start taking data privacy legislation seriously 
in its interactions with contracted parties.
As a first step ICANN should have its own data privacy officer.
ICANN is a data controller, as its contracts govern registrars and registries 
handling of personal data,  yet it does not have a data privacy officer.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
http://www.blacknight.co/
http://blog.blacknight.com/
http://www.technology.ie
Intl. +353 (0) 59  9183072
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845