Study Suggestion Number 22
Submitted By: [Redacted for privacy reasons] Topic: Study of Country Code TLD policies for Whois and other personal domain name registration data. To what extent do ccTLD Whois policies reflect national data protection laws and priorities? Have ccTLD Whois policies changed over the last few years? Is there any direction or momentum on this issue? Hypothesis: ccTLDs more accurately reflect their national laws than the general ICANN Whois policy. Should many ccTLDs, or the largest ccTLDs have data protection policies, that would show countries' legally requirement of this type of online data protection. Should a growing number of countries be adopting data protection aspects in their Whois in the last few years, that would show a momentum and direction on the Whois issue that merits evaluation and analysis. How the hypothesis could be falsified: If many of the largest ccTLDs are not found to have data protection aspects to their Whois policy, then the hypothesis about countries having national data protection laws would be proven invalid. If ccTLDs without data protection are now found to be adopting data protection in their Whois policies, in the last few years, than the hypothesis of direction and momentum towards data protection in Whois would be proven invalid. Utility: Should the hypothesis be proven, then the data protection aspects of numerous ccTLDs policies should be compiled, analyzed and studied. To the extent that there are overlapping provisions or principles, they serve as a guide to ICANN staff and the GNSO in revising and redrafting the long-standing Whois policies of ICANN. Type of Study Needed: Detailed questionnaires distributed to the largest ccTLDs, the top 25-30. Data that needs to be collected: 1. What personal data is collected about the registrant? 2. What personal data is disclosed about the registrant in the public ccTLD Whois database? 3. Is the registrant accorded data protection by virtue of registration, or does it need to be invoked in some format? For example, is the privacy of the Whois database an opt-in or opt-out? If opt-out, what must the registrant show or prove to the ccTLD to obtain the opt-out? 4. How is the underlying data provided by the ccTLD to law enforcement? to others? What the standards for release of the personal data? What is the registrant told about this release under ccTLD policy? 5. Has the policy been challenged? 6. In the ccTLD's assessment, is the Whois policy working? Population to be surveyed: The 25 largest ccTLDs Sample Size: I don't think that ICANN must survey every ccTLD. A questionnaire surveying the top 25-30 will cover almost every continent and a wide array of legal and cultural regimes. This survey group will provide a good source of data, as well as a sense of movement direction and moment of Whois policies, if any. Type of Analysis: Presentation of raw data in report and table format. A table should layout the raw data, as gathered for question 6 above. A report should evaluate the data as well as assess movement and direction in the ccTLD Whois arena.