<<<
Chronological Index
>>> <<<
Thread Index
>>>
[gnso-dow123] NCUC Proposal
- To: gnso-dow123@xxxxxxxxxxxxxx
- Subject: [gnso-dow123] NCUC Proposal
- From: KathrynKL@xxxxxxx
- Date: Tue, 14 Feb 2006 09:27:14 EST
NCUC Procedural Proposal for Whois Task Force
After great thought, NCUC submits this procedural proposal. Our proposal is
that
the following procedural steps take place with regard to each pending
substantive proposal (e.g., oPOC and .NAME) upon decision by the Council of the
Purpose
of Whois.
1) Upon determination by Council of the "Purpose of Whois," the TF will
review each substantive proposal closely and list the personal data collected
in it for Whois. The TF will then closely examine the data fields,
particularly data
fields holding personal data, and determine whether the data collected is
necessary or unnecessary for Whois under the newly-established Purpose.
2) If the TF finds that the data being collected under a Proposal exceeds
the data needed, then the TF will list the data fields and set them aside for
further evaluation. The Task Force will then further review the data fields
to
determine whether they serve a necessary business function aside from Whois.
3) The TF will make a recommendation regarding each data field it no longer
considers necessary for the Whois database. The TF may recommend that the
data field(s) continue to be collected from registrants for business
purposes,
but not included in Whois. The TF may recommend that the data no longer be
required by ICANN for collection at all.
4) Based on its recommendations to Council, the TF will take the additional
steps of reviewing the language of the Registrar and Registry Accreditation
Agreements on these topics and recommending language changes consistent with
the recommendations in #3.
5) The TF will document its findings in a report to Council to accompany
whatever substantive proposal the TF agrees upon.
Legal Rationale:
-----------------------
In the many countries with comprehensive data protection laws, it is a
requirement that the "purpose of a database" be clearly defined, and in turn,
operate as a guide and a limitation on the data collected for that database.
The
procedural steps above are consistent with the legal requirements of the
European data protection laws. They also follow the direction to ICANN set
out in
the Opinion 2/2003 on the Application of the Data Protection Principles to
the
Whois Directories of the Article 29 Working Party of the EU Data Protection
Commissioners:
"Article 6c of the Directive imposes clear limitations concerning the
collection and processing of personal data meaning that data should be
relevant
and not excessive for the specific purpose. In that light it is essential to
limit the amount of personal data to be collected and processed."
http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2003/wp76_en.pd
f.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|