<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-reg-sgc] Commercial vs. Non-commercial
- To: "Milton Mueller" <Mueller@xxxxxxx>
- Subject: Re: [gnso-reg-sgc] Commercial vs. Non-commercial
- From: "Bertrand de La Chapelle" <bdelachapelle@xxxxxxxxx>
- Date: Thu, 31 May 2007 13:10:24 +0200
Dear all,
(Been in Geneva for almost two weeks in various WSIS meetings and trying to
catch up.)
On the commercial-non-commercial distinction, given the difficulty to define
precise boundaries, the challenge is to avoid falling once again in the "all
or nothing" debate. So I'll venture a tentative approach below.
As Milton mentions, internet presence is multi-functional and people status
can vary from completely non-commercial to completely commercial. I
understand there is more or less agreement that :
- legal entities pose no problem (privacy protection is not
applicable, and companies in any case can have contacts such as
administrator@xxxxxxxxxxxx))
- privacy of individuals with absolutely non-commercial activities
must be protected
- individuals conducting mainly commercial activities should probably
not enjoy the same benefits.
Now, the interesting part is the middle zone and the questions of
enforceability and simplicity are key. So, may I suggest the following
approach :
- the key distinction would indeed be legal entity vs individual
- in order to benefit from a protection of their personal information,
individual registrants would self-declare as individuals and indicate they
do not intend to "primarily" conduct a commercial activity under this domain
name (the word primarily or an equivalent is key here)
- "manifest conduct of a primarily commercial activity" on the domain
name would be recognized as a valid justification for any third party to
request access to the full data;
- recognition of such a "manifest conduct of a primarily commercial
activity" would be done by accredited entities (to be determined) and would
trigger full requalification of the record and therefore full exposure of
the contact data.
Criteria for evaluating the commercial nature of the activity could include
elements like the ones listed by Lynn and Christopher. But the key
modification would be the notion of "primary activity".
Agreement on this approach would allow progressing to the next step : the
definition of the relevant accredited entities, their procedures and
potential appeal process. National bodies (including privacy commissioners
where they exist) and courts could probably be integrated to provide a
distributed and still interoperable system.
This proposed procedure adresses basically a subgroup c issue in order to
try to bridge differences regarding the commercial-non-commercial nature of
the registrant. It does not address the issue of requests to access private
data on the basis of any wrongdoing by the domain name holder.
Still, the question of the accredited entities could of course be discussed
in connection with the work of sub-group b (if some entities have full right
of access) and even sub-group a if people believe this should be a
responsibility of the OPoC).
Hope this helps. This is of course just a proposal and comments are welcome.
Best
Bertrand
P.S. : This is not a formal proposal by the french government in a
negotiation, but an attempt to help identify common points that seemed to
emerge from the discussion. So I must warn in advance that this is just
exploratory work to try and define the best global public interest. We are
all exploring the new multi-stakeholder format of such combined working
groups and no one should underestimate the difficulty to articulate this
fast-paced online discussion format with the slower and more structured
decision-making processes within governments. Thanks for your patience and
understanding :-)
On 5/23/07, Milton Mueller <Mueller@xxxxxxx> wrote:
Lynn:
Insofar as your approach is valid, I see no need for a
"commercial/noncommercial" distinction, only a need for a legal
person/natural person distinction.
I feel that your approach may not recognize the multi-functional nature
of an internet presence. An online identity such as a domain name,
particularly for natural persons, may be the basis for both private and
fundraising-related activities.
Many nonprofit activities are informal and never achieve the status of
a tax-exempt, formally recognized charity. To treat advocacy groups of
this sort as "commercial" because they run a garage sale or solicit
financial support seems self-evidently absurd, and represents the kind
of overreach we need to avoid.
Likewise, a person may indeed be engaged in commercial activity but
still be an individual, legal natural person working at home, and thus
have a legitimate reason not to want to expose the contact information.
People on your side of the fence on this issue are fond of pointing out
that no one "is forced to" register a domain name. I would also point
out that no one "is forced to" do business with or donate money to
someone who they can't identify using Whois.
I'd suggest that you discard the commercial/noncommercial distinction
as a basis for defining the status of whois exposure and rely instead on
legal vs. natural persons.
>>> "Goodendorf, Lynn (IHG)" <Lynn.Goodendorf@xxxxxxx> 5/22/2007 8:14
AM >>>
Based on concepts in the EU Privacy Directive, data protection is
applied to natural persons engaged in private activities.
Yes, the person advertising a local garage sale would be commercial
and
I would expect they would advertise their address.
A person putting their resume online would be independent from domain
name registration.
And yes, trading on ebay is commercial and is collecting and
processing
personal data of others.
Raising funds for a charity is part of a legal entity, not a natural
person. As such, the legal entity is not covered under data
protection.
Someone keeping records for their club or sports team would be private
and not commercial.
My sorting above is based on the following sections of the EU Privacy
Directive:
Paragraph (12)of the EU Privacy Directive states:
"Whereas the protection principles must apply to all processing of
personal data by any person whose activities are governed by Community
law; whereas there should be excluded the processing of data carried
out
by a natural person in the exercise of activities which are
exclusively
personal or domestic, such as correspondence and the holding of
records
of addresses."
Paragraph (37)of the EU Privacy Directive states:
"Whereas the processing of personal data for purposes of journalism or
for purposes of literary or artistic expression, in particular in the
audiovisual field, should qualify for exemption from the requirements
of
certain provisions of this Directive in so far as this is necessary to
reconcile the fundamental rights of individuals with freedom of
information and notably the right to receive and impart information,
as
guaranteed in particular in Article 10 of the European Convention for
the Protection of Human Rights....
-----Original Message-----
From: owner-gnso-reg-sgc@xxxxxxxxx
[mailto:owner-gnso-reg-sgc@xxxxxxxxx]
On Behalf Of Avri Doria
Sent: Tuesday, May 22, 2007 1:59 AM
To: gnso-reg-sgc@xxxxxxxxx
Subject: Re: [gnso-reg-sgc] Commercial vs. Non-commercial
hi,
i am having some trouble understanding the implications of the
decision
procedure.
A couple of test questions that might help me;
- would the person advertising a local garage sale be commercial?
- would a person advertising an online 'garage sale' be commercial?
- would a person putting their resume on line saying they were looking
for work be commercial?
- does engaging in ebay make you commercial?
- does raising funds for a charity on line make one commercial?
- if someone keeps the records for the local futbol team, their wine
society, or the local theatre group, are they commercial?
a.
On 21 maj 2007, at 18.56, Christopher Gibson wrote:
> _____________________________________
>
>
> Commercial vs. Non-Commercial Activity
>
>
>
> For purposes of considering issues related to access to, and
> disclosure of, WHOIS data:
>
>
>
> (1) Step One - the registered name holder is a:
>
>
>
> (a) legal person (e.g., companies, businesses, partnerships, non-
> profit entities, etc.,), or
>
>
>
> (b) natural person.
>
>
>
> (We assume the distinction between legal vs. natural persons would
> apply, so that the commercial vs. non-commercial distinction needs to
> be considered only in relation to natural persons).
>
>
>
> (2) Step Two
>
>
>
> (a) commercial activity means only those activities carried out by
> natural persons which involve:
>
>
>
> (i) the offer or sale of goods or services;
>
>
>
> (ii) the solicitation or collection of money or payments-in-kind
> for goods or services;
>
>
>
> (iii) marketing activities including advertising or sale of
> advertising (e.g., these categories would include websites
> containing paid hypertext links);
>
>
>
> (iv) all activities carried out by natural persons on behalf of
> legal persons; or
>
>
>
> (v) the collection, holding or processing of personal data (or
> instructing another legal or natural person to collect, hold,
> process, use, transfer or disclose such data), except in the
> exercise of activities which relate exclusively to personal,
> family, domestic or household affairs, such as correspondence or
> the holding of address books containing family, friends and
> professional contacts.
>
>
>
> (b) non-commercial activity means activities by natural persons
> which do not fall within paragraph (2)(a) above.
>
>
>
> ___________________________________
>
>
--
____________________
Bertrand de La Chapelle
Délégué Spécial pour la Société de l'Information / Special Envoy for the
Information Society
Ministère des Affaires Etrangères / French Ministry of Foreign Affairs
Tel : +33 (0)6 11 88 33 32
"Le plus beau métier des hommes, c'est d'unir les hommes" Antoine de Saint
Exupéry
("there is no better mission for humans than uniting humans")
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|