1 / 12

Privacy and Data Protection Considerations of the Whois Directories Discussion

This document discusses the privacy and data protection considerations of the Whois directories, focusing on the legal framework in Europe. It highlights the applicability of relevant directives and the need to respect individuals' rights while serving the original purpose of the Whois directories.

rmorrison
Download Presentation

Privacy and Data Protection Considerations of the Whois Directories Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO BLAS, LL.M. European Commission, DG Markt Unit Data Protection and media

  2. Legal framework in Europe • Directive 95/46/EC: general DP directive • Directive 2002/58/EC: electronic communications directive (previous 97/66) • Many documents of Article 29 Working Party • Council of Europe Convention 1981

  3. Concerns regarding Whois discussion • European Commission: several contributions sent to ICANN and Whois Task Force • DPAs: complaints about misuse of Whois data. Document about to be issued by WP 29 • International Working Group on Privacy in the telecom sector: Common position of May 2000 • Citizens: complaints and petition to EP

  4. Increasing concerns for several reasons • More and more individuals register their own domain names • Reports of the Whois Task Force seem to ignore the original purpose of the Whois and the existing legal framework in the EU

  5. Applicability of directives • Clearly personal data • Processing: collection, publication, access, further use • Directives fully apply to data made publicly available • Conclusion: not everything that might seem useful or desirable is legally possible!

  6. Key-issue: the purpose of the Whois • Original purpose, technical contact in case of problem, is legitimate • Directive only allow use for the original purpose or other compatible ones (reasonable expectation of the user) • Other uses might seem useful, desirable or legitimate to some parties but are not necessarily compatible and therefore legal under our legal framework • WP 29 opinion June 2003 refers in this context to self-police activities of private parties as not compatible

  7. Proportionality principle • Necessary to make difference between data necessary for registration of domain name and data that should be published in Whois • Need to look for less intrusive means to serve the same purpose: solutions found in some countries through ISPs • EC has proposed several times two-step approach

  8. Only data relevant and not excessive • This principle should be kept in mind in uniformity discussion • Data should be kept to a minimum • Specific problems concerning telephone numbers and general right not to be included in a directory: article 12.2 of directive 2002/58

  9. Big concerns about more searchable Whois • Issue addressed by WP 29 in opinion of 2000: the processing of personal data in reverse directories or multi-criteria searching services without unambiguous and informed consent by subscriber is unfair and unlawful

  10. Support for some proposals • Accuracy: one of principles of the directives • Limitations for bulk access for direct marketing • Bulk access is not acceptable for any purpose (proportionality) • Directive 2002/58 only allows use of e-mail addresses for direct marketing with consent of user

  11. Conclusions • Need to respect the existing data protection framework in Europe, contracts can in no case overrule the law • Need to look for privacy-enhancing ways to run the Whois directories in a way that serves the original purpose whilst protecting the rights of individuals

  12. Available for your questions Diana ALONSO BLAS, LL.M. European Commission, DG Markt, Unit Data Protection and Media Av. de Cortenbergh 100, 6-31 B-1040 Brussels Tel: 00/32/2-2984280 Fax: 00/32/2-2998094 E-mail: diana.alonso-blas@cec.eu.int http://www.europa.eu.int/comm/privacy

More Related