[PC-NCSG] Draft Comments for Whois Proceeding
Avri Doria
avri
Fri Aug 1 09:04:46 EEST 2014
Hi,
Even though this version still contains the sentence about us being
shocked that ICANN did nothing, which I think adds nothing and is
shocking - how could we be shocked at ICANN behavior, i can accept this
version.
avri
On 31-Jul-14 22:23, joy wrote:
> Hi - I've inserted my para in the document again
> maybe an online document would help next time :)
> thanks everyone for the comments
> I am happy to endorse this
> Regards
>
> Joy
>
> On 1/08/2014 6:27 a.m., Stephanie Perrin wrote:
>> Ok folks, I think we have a draft (5) which is now ready for final
>> approval. I have taken Kathy's last draft, done a final edit
>> (unfortunately I cannot restrain my editing, each time I go through
>> the draft, as I find things I forgot to note the last time. So there
>> are a few changes.) In deference to Avri's strong objection to the
>> mention of multistakeholderism as being subservient to adherance to
>> law, I did an edit of that sentence.
>> It is unfortunate that Michele used the example of German law (as the
>> lander each have their own laws and Commissioners, and I am quite
>> unsure whose jurisdiction this issue would fall under) however I left
>> it in. I also tried to clarify the paragraph where we discuss
>> consultation on decisions regarding exemption. I hope it is now clear
>> and reflects all members views on the matter.
>> Rafik, I would recommend that when you digitally sign the clean copy
>> you save it as NCSG comments on the WHOIS conflicts consultation, as
>> the current title is messy (assuming we can now get concensus on
>> moving forward and filing this tomorrow).
>> Kind regards,
>> Stephanie
>> On 2014-07-31, 11:09, Kathy Kleiman wrote:
>>> Hi Stephanie,
>>> Tx for adding Avri's comments. I've reviewed all of the changes, and
>>> also added one more to this most recent version. _Newest version
>>> (NCSGEdits3) attached. _
>>> **Due tomorrow**
>>> Best,
>>> Kathy
>>> :
>>>> I also agreed with Avri and inserted a few of her changes, Kathy did
>>>> not get those edits....we need to make sure we have a final copy
>>>> that Rafik can sign, which reflects all the agreed changes. Do you
>>>> want me to have another edit one last time, to make sure that Joy's
>>>> comments (which were on an earlier draft) and Avri's are all in there?
>>>> cheers stephanie
>>>> On 2014-07-31, 9:22, Amr Elsadr wrote:
>>>>> Hi all,
>>>>>
>>>>> On Jul 30, 2014, at 2:57 PM, Avri Doria <avri at ACM.ORG> wrote:
>>>>>
>>>>>> hi,
>>>>>>
>>>>>> Reviewed the document.
>>>>>>
>>>>>> Made a change so it could be a NCSG document.
>>>>> Thanks.
>>>>>
>>>>>> There are parts I am uncomfortable with, some of which I deleted and
>>>>>> some of which I left and still am uncomfortable with.
>>>>>>
>>>>>> I do not think we should ever dismiss the Multistakeholder model.
>>>>>> I do
>>>>>> not wish to find ourselves in the situation of being quoted for
>>>>>> having
>>>>>> suggested that there are times when the model should be
>>>>>> superseded. That
>>>>>> would be a gold mine for some. I deleted those references.
>>>>> Fully agree. Although I don?t feel that was the intent, it could
>>>>> certainly be perceived that way. No need to bring it up.
>>>>>
>>>>>> I am also uncomfortable with saying there are things that don't need
>>>>>> public comment on. To just have to take the legal staff view on
>>>>>> things
>>>>>> is dangerous. What if they say the law does not require something
>>>>>> when
>>>>>> someone knows better. Better to have a null review. I have not,
>>>>>> however, removed these as they were an entire section. I would
>>>>>> like
>>>>>> to see that section reworded or removed before approving the
>>>>>> documents.
>>>>> IMHO, I don?t see the need for a public comment period on every
>>>>> time this policy might be used. If a new set of policies and
>>>>> processes are adopted for handling WHOIS conflicts with privacy
>>>>> laws, then they should be clear enough during implementation to not
>>>>> require public comment, right? Isn?t this the case with all
>>>>> policies? For instance, is there a public comment period every time
>>>>> a new registrar signs a contract with ICANN? Or will there be a
>>>>> public comment period when implementation of the ?thick? WHOIS
>>>>> policy kicks in?
>>>>>
>>>>> Another thought is that a public comment period will also lengthen
>>>>> the period during which a registrar will potentially be at risk for
>>>>> non-compliance with local laws. Unless there is an important reason
>>>>> why there should be a public comment for each of the resolution
>>>>> scenarios, then I suggest we support Kathy?s recommendation to not
>>>>> have any.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Amr
>>>>>
>>>>>> I also removed a bunch of weasel words like 'respectfully'
>>>>>>
>>>>>> avri
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 30-Jul-14 14:28, Avri Doria wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Started reviewing them, actually Stephanie's comments. They are
>>>>>>> written
>>>>>>> from an NCUC perspective and need to be approved by them, not us.
>>>>>>>
>>>>>>> avri
>>>>>>>
>>>>>>>
>>>>>>> On 30-Jul-14 11:36, Rafik Dammak wrote:
>>>>>>>> Hi everyone,
>>>>>>>>
>>>>>>>> Kathy sent a draft comment to the whois conflict with local
>>>>>>>> laws. we
>>>>>>>> have a tight schedule and we should act quickly.
>>>>>>>> we are responding during the reply period which means the last
>>>>>>>> chance
>>>>>>>> for us to do so.
>>>>>>>> @Maria can you please follow-up with this request?
>>>>>>>>
>>>>>>>> Best,
>>>>>>>>
>>>>>>>> Rafik
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------- Forwarded message ----------
>>>>>>>> From: *Kathy Kleiman* <kathy at kathykleiman.com
>>>>>>>> <mailto:kathy at kathykleiman.com>>
>>>>>>>> Date: 2014-07-30 2:44 GMT+09:00
>>>>>>>> Subject: Draft Comments for Whois Proceeding
>>>>>>>> To: Rafik Dammak <rafik.dammak at gmail.com
>>>>>>>> <mailto:rafik.dammak at gmail.com>>, NCSG-DISCUSS at listserv.syr.edu
>>>>>>>> <mailto:NCSG-DISCUSS at listserv.syr.edu>
>>>>>>>>
>>>>>>>>
>>>>>>>> To Rafik, NCSG Executive Committee and NCSG Membership,
>>>>>>>>
>>>>>>>> There is an important, but very quiet comment proceeding that
>>>>>>>> has been
>>>>>>>> taking place this summer. It is the /Review of the ICANN
>>>>>>>> Procedure for
>>>>>>>> Handling WHOIS Conflicts with Privacy Law///at
>>>>>>>> /https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Stephanie put out a call for comments, and not seeing any, I
>>>>>>>> drafted
>>>>>>>> these. It has been dismayeding ever since ICANN adopted its
>>>>>>>> Consensus
>>>>>>>> Procedure for Handling WHOIS Conflicts with Privacy law --
>>>>>>>> because it
>>>>>>>> basically requires that Registrars and Registries have to be
>>>>>>>> sued or
>>>>>>>> receive an official notice of violation before they can ask
>>>>>>>> ICANN for a
>>>>>>>> waiver of the Whois requirements. That always seemed very
>>>>>>>> unfair- that
>>>>>>>> you have to be exposed to allegation of illegal activity in
>>>>>>>> order to
>>>>>>>> protect yourself or your Registrants under your national data
>>>>>>>> protection
>>>>>>>> and privacy laws.
>>>>>>>>
>>>>>>>> In the more recent Data Retention Specification, of the 2013
>>>>>>>> RAA, ICANN
>>>>>>>> Staff and Lawyers saw this problem and corrected it -- now
>>>>>>>> Registrars
>>>>>>>> can be much more pro-active in showing ICANN that a certain
>>>>>>>> clause in
>>>>>>>> their contract (e.g., extended data retention) is a clear
>>>>>>>> violation of
>>>>>>>> their national law (e.g., more limited data retention).
>>>>>>>>
>>>>>>>> So to this important comment proceeding, I drafted these
>>>>>>>> comments for us
>>>>>>>> to submit. As Reply Comments (during the Reply Period), we are
>>>>>>>> asked to
>>>>>>>> respond to other commenters. That's easy as the European
>>>>>>>> Commission and
>>>>>>>> Registrar Blacknight submitted useful comments.
>>>>>>>>
>>>>>>>> Rafik, can we edit, finalize and submit by the deadline on Friday?
>>>>>>>> Comments below and attached. If you have edits, in the interest
>>>>>>>> of time,
>>>>>>>> kindly suggest alternate language. Tx!!
>>>>>>>>
>>>>>>>> Best,
>>>>>>>> Kathy
>>>>>>>> --------------------------------------------------------------------------------------------------------
>>>>>>>>
>>>>>>>>
>>>>>>>> DRAFT NCSG Response to the Questions of the
>>>>>>>>
>>>>>>>> /Review of the ICANN Procedure for Handling WHOIS Conflicts with
>>>>>>>> Privacy
>>>>>>>> Law//
>>>>>>>> https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-en/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Introduction*
>>>>>>>>
>>>>>>>> The Noncommercial Stakeholders Group represents noncommercial
>>>>>>>> organizations in their work in the policy and proceedings of
>>>>>>>> ICANN and
>>>>>>>> the GNSO. We respectfully submit as an opening premise that
>>>>>>>> every legal
>>>>>>>> business has the right and obligation to operate within the
>>>>>>>> bounds and
>>>>>>>> limits of its national laws and regulations. No legal business
>>>>>>>> establishes itself to violate the law; and to do so is an
>>>>>>>> invitation to
>>>>>>>> civil and criminal penalties. ICANN Registries and Registrars
>>>>>>>> are no
>>>>>>>> different ? they want and need to abide by their laws.
>>>>>>>>
>>>>>>>> Thus, it is timely for ICANN to raise the questions of this
>>>>>>>> proceeding,
>>>>>>>> /Review of the ICANN Procedure for Handling WHOIS Conflicts with
>>>>>>>> Privacy
>>>>>>>> Law/(albeit at a busy time for the Community and at the height of
>>>>>>>> summer; we expect to see more interest in this time towards the
>>>>>>>> Fall).
>>>>>>>> We submit these comments in response to the issues raises and the
>>>>>>>> questions asked.
>>>>>>>>
>>>>>>>> *Background*
>>>>>>>>
>>>>>>>> The /ICANN Procedure for Handling Whois Conflicts with Privacy
>>>>>>>> Law /was
>>>>>>>> adopted in 2006 after years of debate on Whois issues. This
>>>>>>>> Consensus
>>>>>>>> Procedure was the first step of recognition that data protection
>>>>>>>> laws
>>>>>>>> and privacy law DO apply to the personal and sensitive data being
>>>>>>>> collected by Registries and Registrars for the Whois database.
>>>>>>>>
>>>>>>>> But for those of us in the Noncommercial Users Constituency (now
>>>>>>>> part of
>>>>>>>> the Noncommercial Stakeholders Group/NCSG) who helped debate,
>>>>>>>> draft and
>>>>>>>> adopt this Consensus Procedure in the mid-2000s, we were always
>>>>>>>> shocked
>>>>>>>> that the ICANN Community did not do more. At the time, multiple
>>>>>>>> Whois
>>>>>>>> Task Forces were at work with multiple proposals which include
>>>>>>>> important
>>>>>>>> and pro-active suggestions to allow Registrars and Registries to
>>>>>>>> come
>>>>>>>> into compliance with their national data protection and privacy
>>>>>>>> laws.
>>>>>>>>
>>>>>>>> At the time, we never expected this Consensus Procedure to be an
>>>>>>>> end
>>>>>>>> itself ? but the first step of many steps. It was an ?end? for
>>>>>>>> too long,
>>>>>>>> so we are glad the discussion is reopened and once again we seek to
>>>>>>>> allow Registrars and Registries to be in full compliance with their
>>>>>>>> national data protection and privacy laws ? from the moment they
>>>>>>>> enter
>>>>>>>> into their contracts with ICANN.
>>>>>>>>
>>>>>>>> *II. Data Protection and Privacy Laws ? A Quick Overview of the
>>>>>>>> Principles that Protect the Personal and Sensitive Data of
>>>>>>>> Individuals
>>>>>>>> and Organizations/Small Businesses *
>>>>>>>>
>>>>>>>> **
>>>>>>>>
>>>>>>>> /*[Stephanie, Tamir or Others with Expertise in Canadian and
>>>>>>>> European
>>>>>>>> Data Protection Laws may choose to add something here]. */
>>>>>>>>
>>>>>>>> III/*. */Questions asked of the Community in this Proceeding
>>>>>>>>
>>>>>>>> The ICANN Review Paper raised a number of excellent questions. In
>>>>>>>> keeping with the requirements of a Reply Period, these NCSG
>>>>>>>> comments
>>>>>>>> will address both our comments and those comments we particularly
>>>>>>>> support in this proceeding.
>>>>>>>>
>>>>>>>> 1.
>>>>>>>>
>>>>>>>> Is it impractical for ICANN to require that a contracted
>>>>>>>> party
>>>>>>>> already has litigation or a government proceeding initiated
>>>>>>>> against it prior to being able to invoke the Whois
>>>>>>>> Procedure?
>>>>>>>>
>>>>>>>> 1.1 Response: Yes, it is completely impractical (and
>>>>>>>> ill-advised) to
>>>>>>>> force a company to violate a national law as a condition of
>>>>>>>> complying
>>>>>>>> with that national law. Every lawyer advises businesses to
>>>>>>>> comply with
>>>>>>>> the laws and regulations of their field. To do otherwise is to face
>>>>>>>> fines, penalties, loss of the business, even jail for officers and
>>>>>>>> directors. Legal business strives to be law-abiding; no officer or
>>>>>>>> director wants to go to jail for her company's violations. It is
>>>>>>>> the
>>>>>>>> essence of an attorney's advice to his/her clients to fully
>>>>>>>> comply with
>>>>>>>> the laws and operate clearly within the clear boundaries and
>>>>>>>> limits of
>>>>>>>> laws and regulations, both national, by province or state and
>>>>>>>> local.
>>>>>>>>
>>>>>>>> In these Reply Comments, we support and encourage ICANN to adopt
>>>>>>>> policies consistent with the initial comments submitted by the
>>>>>>>> European
>>>>>>>> Commission:
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> that the Whois Procedure be changed from requiring specific
>>>>>>>> prosecutorial action instead to allowing ?demonstrating
>>>>>>>> evidence
>>>>>>>> of a potential conflict widely and e.g. accepting
>>>>>>>> information on
>>>>>>>> the legislation imposing requirements that the contractual
>>>>>>>> requirements would breach as sufficient evidence.? (European
>>>>>>>> Commission comments)
>>>>>>>>
>>>>>>>> We also agree with Blacknight:
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> ?It's completely illogical for ICANN to require that a
>>>>>>>> contracting party already has litigation before they can
>>>>>>>> use a
>>>>>>>> process. We would have loved to use a procedure or
>>>>>>>> process to
>>>>>>>> get exemptions, but expecting us to already be litigating
>>>>>>>> before
>>>>>>>> we can do so is, for lack of a better word, nuts.?
>>>>>>>> (Blacknight
>>>>>>>> comments in this proceeding).
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.1a How can the triggering event be meaningfully defined?
>>>>>>>>
>>>>>>>> 1.1 a Response: This is an important question. Rephrased, we
>>>>>>>> might ask
>>>>>>>> together ? what must a Registry or Registrar show ICANN in
>>>>>>>> support of
>>>>>>>> its claim that certain provisions involving Whois data violate
>>>>>>>> provisions of national data protection and privacy laws?
>>>>>>>>
>>>>>>>> NCSG respectfully submits that there are at least four ?triggering
>>>>>>>> events? that ICANN should recognize:
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> Evidence from a national Data Protection Commissioner or
>>>>>>>> his/her
>>>>>>>> office (or from a internationally recognized body of
>>>>>>>> national
>>>>>>>> Data Protection Commissioners in a certain region of the
>>>>>>>> world,
>>>>>>>> including the Article 29 Working Party that analyzes the
>>>>>>>> national data protection and privacy laws) that ICANN's
>>>>>>>> contractual obligations for Registry and/or Registrar
>>>>>>>> contracts
>>>>>>>> violate the data protection laws of their country or
>>>>>>>> their group
>>>>>>>> of countries;
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> Evidence of legal and/or jurisdictional conflict arising
>>>>>>>> from
>>>>>>>> analysis performed by ICANN's legal department or by
>>>>>>>> national
>>>>>>>> legal experts hired by ICANN to evaluate the Whois
>>>>>>>> requirements
>>>>>>>> of the ICANN contracts for compliance and conflicts with
>>>>>>>> national data protection laws and cross-border transfer
>>>>>>>> limits)
>>>>>>>> (similar to the process we understand was undertaken for the
>>>>>>>> data retention issue);
>>>>>>>>
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> Receipt of a written legal opinion from a nationally
>>>>>>>> recognized
>>>>>>>> law firm in the applicable jurisdiction that states that the
>>>>>>>> collection, retention and/or transfer of certain Whois data
>>>>>>>> elements as required by Registrar or Registry Agreements is
>>>>>>>> ?reasonably likely to violate the applicable law? of the
>>>>>>>> Registry or Registrar (per the process allowed in RAA Data
>>>>>>>> Retention Specification); or
>>>>>>>>
>>>>>>>>
>>>>>>>> o
>>>>>>>>
>>>>>>>> An official opinion of any other governmental body of
>>>>>>>> competent
>>>>>>>> jurisdiction providing that compliance with the data
>>>>>>>> protection
>>>>>>>> requirements of the Registry/Registrar contracts violates
>>>>>>>> applicable national law (although such pro-active
>>>>>>>> opinions may
>>>>>>>> not be the practice of the Data Protection Commissioner's
>>>>>>>> office).
>>>>>>>>
>>>>>>>> The above list draws from the comments of the European
>>>>>>>> Commission, Data
>>>>>>>> Retention Specification of the 2013 Registrar Accreditation
>>>>>>>> Agreement,
>>>>>>>> and sound compliance and business practices for the ICANN General
>>>>>>>> Counsel's office.
>>>>>>>>
>>>>>>>> We further agree with Blacknight that the requirements for
>>>>>>>> triggering
>>>>>>>> any review and consideration by ICANN be: simple and
>>>>>>>> straightforward,
>>>>>>>> quick and easy to access.
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.3 Are there any components of the triggering
>>>>>>>> event/notification
>>>>>>>> portion of the RAA's Data Retention waiver process that should be
>>>>>>>> considered as optional for incorporation into a modified Whois
>>>>>>>> Procedure?
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.3 Response: Absolutely, the full list in 1.1a above, together
>>>>>>>> with
>>>>>>>> other constructive contributions in the Comments and Reply
>>>>>>>> Comments of
>>>>>>>> this proceeding, should be strongly considered for incorporation
>>>>>>>> into a
>>>>>>>> modified Whois Procedure, or simply written into the contracts
>>>>>>>> of the
>>>>>>>> Registries and Registrars contractual language, or a new Annex or
>>>>>>>> Specification.
>>>>>>>>
>>>>>>>> We respectfully submit that the obligation of Registries and
>>>>>>>> Registrars
>>>>>>>> to comply with their national laws is not a matter of
>>>>>>>> multistakeholder
>>>>>>>> decision making, but a matter of law and compliance. In this
>>>>>>>> case, we
>>>>>>>> wholeheartedly embrace the concept of building a process
>>>>>>>> together that
>>>>>>>> will allow exceptions for data protection and privacy laws to be
>>>>>>>> adopted
>>>>>>>> quickly and easily.
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.4 Should parties be permitted to invoke the Whois Procedure
>>>>>>>> before
>>>>>>>> contracting with ICANN as a registrar or registry?
>>>>>>>>
>>>>>>>>
>>>>>>>> 1.4 Response: Of course, Registries and Registrars should be
>>>>>>>> allowed to
>>>>>>>> invoke the Whois Procedure, or other appropriate annexes and
>>>>>>>> specifications that may be added into Registry and Registrar
>>>>>>>> contracts
>>>>>>>> with ICANN. As discussed above, the right of a legal company to
>>>>>>>> enter
>>>>>>>> into a legal contracts is the most basic of expectations under law.
>>>>>>>>
>>>>>>>>
>>>>>>>> 2.1 Are there other relevant parties who should be included
>>>>>>>> in this
>>>>>>>> step?
>>>>>>>>
>>>>>>>>
>>>>>>>> 2.1 Response: We agree with the EC that ICANN should be working as
>>>>>>>> closely with National Data Protection Authorities as they will
>>>>>>>> allow. In
>>>>>>>> light of the overflow of work into these national commissions,
>>>>>>>> and the
>>>>>>>> availability of national experts at law firms, ICANN should also
>>>>>>>> turn to
>>>>>>>> the advice of private experts, such as well-respected law firms who
>>>>>>>> specialize in national data protection laws. The law firm's
>>>>>>>> opinions on
>>>>>>>> these matters would help to guide ICANN's knowledge and
>>>>>>>> evaluation of
>>>>>>>> this important issue.
>>>>>>>>
>>>>>>>>
>>>>>>>> 3.1 How is an agreement reached and published?
>>>>>>>>
>>>>>>>> 3.1 Response. As discussed above, compliance with national law
>>>>>>>> may not
>>>>>>>> be the best matter for negotiation within a multistakeholder
>>>>>>>> process. It
>>>>>>>> really should not be a chose for others to make whether you
>>>>>>>> comply with
>>>>>>>> your national data protection and privacy laws. That said, the
>>>>>>>> process
>>>>>>>> of refining the Consensus Procedure, and adopting new policies and
>>>>>>>> procedures, or simply putting new contract provisions, annexes or
>>>>>>>> specifications into the Registry and Registrar contracts SHOULD be
>>>>>>>> subject to community discussion, notification and review. But
>>>>>>>> once the
>>>>>>>> new process is adopted, we think the new changes, variations,
>>>>>>>> modifications or exceptions of Individual Registries and
>>>>>>>> Registrars need
>>>>>>>> go through a public review and process. The results, however,
>>>>>>>> Should be
>>>>>>>> published for Community notification and review.
>>>>>>>>
>>>>>>>>
>>>>>>>> We note that in conducting the discussion with the Community on the
>>>>>>>> overall or general procedure, policy or contractual changes, ICANN
>>>>>>>> should be assertive in its outreach to the Data Protection
>>>>>>>> Commissioners. Individual and through their organizations, they
>>>>>>>> have
>>>>>>>> offered to help ICANN evaluate this issue numerous times. The Whois
>>>>>>>> Review Team noted the inability of many external bodies to
>>>>>>>> monitor ICANN
>>>>>>>> regularly, but the need for outreach to them by ICANN staff
>>>>>>>> nonetheless:
>>>>>>>>
>>>>>>>>
>>>>>>>> *Recommendation 3: Outreach*
>>>>>>>>
>>>>>>>> *ICANN should ensure that WHOIS policy issues are accompanied by
>>>>>>>> cross-community*
>>>>>>>>
>>>>>>>> *outreach, including outreach to the communities outside of
>>>>>>>> ICANN with a
>>>>>>>> specific*
>>>>>>>>
>>>>>>>> *interest in the issues, and an ongoing program for consumer
>>>>>>>> awareness.*
>>>>>>>>
>>>>>>>> This is a critical policy item for such outreach and input.
>>>>>>>>
>>>>>>>>
>>>>>>>> 3.2 If there is an agreed outcome among the relevant parties,
>>>>>>>> should
>>>>>>>> the Board be involved in this procedure?
>>>>>>>>
>>>>>>>>
>>>>>>>> 3.2 Response: Clearly, the changing of the procedure, or the
>>>>>>>> adoption of
>>>>>>>> a new policy or new contractual language for Registries and
>>>>>>>> Registrars,
>>>>>>>> Board oversight and review should be involved. But once the new
>>>>>>>> procedure, policy or contractual language is in place, then
>>>>>>>> subsequent
>>>>>>>> individual changes, variations, modifications or exceptions
>>>>>>>> should be
>>>>>>>> handled through the process and ICANN Staff ? as the Data Retention
>>>>>>>> Process is handled today.
>>>>>>>>
>>>>>>>>
>>>>>>>> 4.1 Would it be fruitful to incorporate public comment in
>>>>>>>> each of
>>>>>>>> the resolution scenarios?
>>>>>>>>
>>>>>>>> 4.1 Response: We think this question means whether there should be
>>>>>>>> public input on each and every exception? We respectfully submit
>>>>>>>> that
>>>>>>>> the answer is No. Once the new policy, procedure or contractual
>>>>>>>> language
>>>>>>>> is adopted, then the process should kick in and the
>>>>>>>> Registrar/Registry
>>>>>>>> should be allowed to apply for the waiver, modification or revision
>>>>>>>> consistent with its data protection and privacy laws. Of course,
>>>>>>>> once
>>>>>>>> the waiver or modification is granted, the decision should be
>>>>>>>> matter of
>>>>>>>> public record so that other Registries and Registrars in the
>>>>>>>> jurisdiction know and so that the ICANN Community as a whole can
>>>>>>>> monitor
>>>>>>>> this process' implementation and compliance.
>>>>>>>>
>>>>>>>> Step Five: Public notice
>>>>>>>>
>>>>>>>>
>>>>>>>> 5.2 Is the exemption or modification termed to the length of the
>>>>>>>> agreement? Or is it indefinite as long as the contracted party is
>>>>>>>> located in the jurisdiction in question, or so long as the
>>>>>>>> applicable
>>>>>>>> law is in force.
>>>>>>>>
>>>>>>>> 5.2 Response: We agree with the European Commission in its
>>>>>>>> response,
>>>>>>>> ?/By logic the exemption or modification shall be in place as
>>>>>>>> long as
>>>>>>>> the party is subject to the jurisdiction in conflict with ICANN
>>>>>>>> rules.
>>>>>>>> If the applicable law was to change, or the contacted party
>>>>>>>> moved to a
>>>>>>>> different jurisdiction, the conditions should be reviewed to
>>>>>>>> assess if
>>>>>>>> the exemption is still justified.? But provided it is the same
>>>>>>>> parties,
>>>>>>>> operating under the same laws, the modification or change should
>>>>>>>> continue through the duration of the relationship between the
>>>>>>>> Registry/Registrar and ICANN. /
>>>>>>>>
>>>>>>>>
>>>>>>>> 5.3 Should an exemption or modification based on the same
>>>>>>>> laws and
>>>>>>>> facts then be granted to other affected contracted parties in
>>>>>>>> the same
>>>>>>>> jurisdiction without invoking the Whois Procedure
>>>>>>>>
>>>>>>>> 5.3 Response. The European Commission in its comments wrote, and we
>>>>>>>> strongly agree: /?the same exception should apply to others in
>>>>>>>> the same
>>>>>>>> jurisdiction who can demonstrate that they are in the same
>>>>>>>> situation.?
>>>>>>>> /Further, Blacknight wrote and we support: /?if ANY registrar in
>>>>>>>> Germany, for example, is granted a waiver based on German law,
>>>>>>>> than ALL
>>>>>>>> registrars based in Germany should receive the same treatment.?
>>>>>>>> /Once a
>>>>>>>> national data protection or privacy law is interpreted as
>>>>>>>> requiring and
>>>>>>>> exemption or modification, it should be available to all
>>>>>>>> Registries/Registrars in that country.
>>>>>>>>
>>>>>>>> Further, we recommend that ICANN should be required to notify
>>>>>>>> each gTLD
>>>>>>>> Registry and Registrar in the same jurisdiction as that of the
>>>>>>>> decision
>>>>>>>> so they will have notice of the change.
>>>>>>>>
>>>>>>>> We thank ICANN staff for holding this comment period.
>>>>>>>>
>>>>>>>> Respectfully submitted,
>>>>>>>>
>>>>>>>> NCSG
>>>>>>>>
>>>>>>>>
>>>>>>>> DRAFT
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> PC-NCSG mailing list
>>>>>>>> PC-NCSG at ipjustice.org
>>>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> PC-NCSG mailing list
>>>>>>> PC-NCSG at ipjustice.org
>>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>>>
>>>>>>>
>>>>>> <NSCG DRAFT Comments for Review of WHOIS Consensus
>>>>>> Proceduresp+ad.doc>_______________________________________________
>>>>>> PC-NCSG mailing list
>>>>>> PC-NCSG at ipjustice.org
>>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>>>
>>>>> _______________________________________________
>>>>> PC-NCSG mailing list
>>>>> PC-NCSG at ipjustice.org
>>>>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>>>
>>
>>
>>
>>
>> _______________________________________________
>> PC-NCSG mailing list
>> PC-NCSG at ipjustice.org
>> http://mailman.ipjustice.org/listinfo/pc-ncsg
>
>
>
> _______________________________________________
> PC-NCSG mailing list
> PC-NCSG at ipjustice.org
> http://mailman.ipjustice.org/listinfo/pc-ncsg
>
More information about the NCSG-PC
mailing list