Comment - GNSO Privacy & Proxy Services Accreditation Issues Working Group Initial Report

["Ramachandran, Chaitanya" <chaitanya.ramachandran@xxxxxxxxxxxxxx>]

[On Behalf of Shardul Amarchand Mangaldas – Advocates and Solicitors, India]

In response to this call for public comments, we submit the following 
observations. We limit the scope of our observations to the issue of the 
desirability of easy availability of Privacy/Proxy (“P/P”) services for 
legitimate purposes to the general public, which may be threatened by the 
enhanced user data disclosure requirements contemplated in the PPSAI-WG’s 
preliminary report.


1)      In general, privacy of sensitive personal data is desirable for domain 
owners (or “registrants”). This is because of the high risk of 
publicly-available data on the WHOIS database being mined and used for adverse 
or illegal purposes. P/P services are a valuable tool that domain registrants 
can use to safeguard their sensitive personal data from such activities. 
Therefore, the PPSAI-WG must adopt the overarching principle that privacy is 
desirable for domain registrants, and that mandatory disclosure of a 
registrant’s personal information must always be a narrowly-circumscribed 
exception to the general rule in favour of privacy.



2)      Where a draft Disclosure Framework is contemplated, it is crucial to 
strictly limit the potential sources of demands for disclosure, in order to 
safeguard the general principle in favour of domain privacy through P/P 
services. A hierarchy of priority between different sources of demands for 
disclosure may also be established. For example, disclosure demands from law 
enforcement agencies (LEAs) investigating criminal activities such as terrorism 
or threats to cybersecurity should be permitted, subject to the establishment 
of due procedures and adequate safeguards for registrants. Then, disclosure 
demands from IP owners may also be permitted, subject to stricter procedures 
and safeguards. Finally, disclosure demands from other third parties may be 
permitted (if at all) only in strictly limited circumstances, and subject to 
the strictest set of procedures and safeguards.


3)      Disclosure demands for a registrant’s data must be dealt with in 
compliance with the local privacy law in the applicable registry’s home 
jurisdiction. For example, if data is being sought with respect to a domain 
registered under “.in”, the country code Top Level Domain (ccTLD) for India, 
then such a request must be dealt with in full compliance with applicable 
Indian privacy law. A “one size fits all” approach should be avoided.


4)      We recommend that registrars be mandated to publish statistics about 
the number of disclosure requests they receive, and also the number of such 
requests they comply with.


5)      Finally, we believe that a registrant’s ability to use P/P services 
should be completely independent of the nature of use of the domain in question 
(i.e. whether it is commercial or non-commercial). This is because the 
desirability of privacy is an overarching principle that should apply equally 
to all domain registrants. The mere fact that a domain is being used for 
commercial purposes does not justify forcing the registrant to assume all risks 
associated with its sensitive personal data or information being publicly 
available through WHOIS.

We thank the GNSO for this opportunity to air our views on the crucial issue of 
domain privacy, and hope that our comments are considered and adopted by the 
PPSAI-WG.

On Behalf of Shardul Amarchand Mangaldas – Advocates and Solicitors, India,

Chaitanya Ramachandran


[http://www.amsshardul.com/logo.jpg]
Chaitanya Ramachandran
Associate
Shardul Amarchand Mangaldas & Co
Advocates & Solicitors
Amarchand Towers, 216 Okhla Industrial Estate, Phase III, New Delhi - 110 020, 
India
T        +91 11 41590700, 40606060  ext. 4593 F: +91 11 2692 4900
M        +918800491499
E        
chaitanya.ramachandran@xxxxxxxxxxxxxx<mailto:chaitanya.ramachandran@xxxxxxxxxxxxxx>





Privileged and Confidential email from Shardul Amarchand Mangaldas & Co.



The information contained in this communication (including any attachment(s) 
hereto) (collectively, “Communication”) is confidential, may be attorney-client 
privileged, may constitute inside information, and is intended only for the use 
of the addressee.  It is the property of Shardul Amarchand Mangaldas & Co. 
(“SAM & Co.”) and the intended recipient.  Unauthorized use, disclosure or 
copying of this Communication or any part thereof is strictly prohibited and 
may be unlawful.  If you have received this Communication in error, please 
notify us immediately by return e-mail, and destroy this Communication and all 
copies thereof. Further, any tax advice contained in this Communication is not 
intended or written to be used, and cannot be used, by any taxpayer for the 
purpose of (1) avoiding tax-related penalties, or (2) promoting, marketing or 
recommending to another party any tax-related matters addressed herein.  SAM & 
Co. is not liable for the improper transmission of this Communication or for 
any damages sustained as a result of this Communication.

Please contact our IT Department on  +91 11 41590700, 40606060 or e-mail 
IT@xxxxxxxxxxxxxx<mailto:IT@xxxxxxxxxxxxxx> for further assistance