[gnso-dow123] NCUC Proposal

[KathrynKL@xxxxxxx]

NCUC Procedural Proposal for Whois Task Force

After great thought, NCUC submits this procedural proposal.  Our proposal is 
that
the following procedural steps take place with regard to each pending 
substantive proposal (e.g., oPOC and .NAME) upon decision by the Council of the 
Purpose 
of Whois.

1)  Upon determination by Council of the "Purpose of Whois," the TF will 
review each substantive proposal closely and list the personal data collected 
in it for  Whois.  The TF will then closely examine the data fields, 
particularly data 
fields holding personal data, and determine whether the data collected is 
necessary or unnecessary for Whois under the newly-established Purpose. 

2)  If the TF finds that the data being collected under a Proposal exceeds 
the data needed, then the TF will list the data fields and set them aside for 

further evaluation. The Task Force will then further review the data fields 
to 
determine whether they serve a necessary business function aside from Whois.

3)  The TF will make a recommendation regarding each data field it no longer 
considers necessary for the Whois database.  The TF may recommend that the 
data field(s) continue to be collected from registrants for business 
purposes, 
but not included in Whois.  The TF may recommend that the data no longer be 
required by ICANN for collection at all.  

4)  Based on its recommendations to Council, the TF will take the additional 
steps of reviewing the language of the Registrar and Registry Accreditation 
Agreements on these topics and recommending language changes consistent with 
the recommendations in #3. 

5)  The TF will document its findings in a report to Council to accompany 
whatever substantive proposal the TF agrees upon.


Legal Rationale:
-----------------------
In the many countries with comprehensive data protection laws, it is a 
requirement that the "purpose of a database" be clearly defined, and in turn, 

operate as a guide and a limitation on the data collected for that database.  
The 
procedural steps above are consistent with the legal requirements of the 
European data protection laws.  They also follow the direction to ICANN set 
out in 
the Opinion 2/2003 on the Application of the Data Protection Principles to 
the 
Whois Directories of the Article 29 Working Party of the EU Data Protection 
Commissioners:

    "Article 6c of the Directive imposes clear limitations concerning the 
collection and processing of personal data meaning that data should be 
relevant 
and not excessive for the specific purpose. In that light it is essential to 
limit the amount of personal data to be collected and processed."  
http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp76_en.pd
f.