ccTLD%20Meetings%20Rome%202004 - PowerPoint PPT Presentation

About This Presentation
Title:

ccTLD%20Meetings%20Rome%202004

Description:

... managers to contact each other quickly to try and fix issues. ( RFCs ... Find out quickly the holder of a web site carrying offending or infringing content ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 15
Provided by: kimda4
Learn more at: http://www.wwtld.org
Category:

less

Transcript and Presenter's Notes

Title: ccTLD%20Meetings%20Rome%202004


1
ccTLD Meetings Rome 2004
  • WHOIS Data Privacy
  • Jean-Christophe Vignes
  • Registry Liaison Manager

2
Uses of WHOIS
  • Internet Stability
  • Allows network managers to contact each other
    quickly to try and fix issues. (RFCs 812 954)
  • Helps others benefit from the Internet by
    checking Domain names availability and Register
    them
  • Law enforcement
  • Find out quickly the holder of a web site
    carrying offending or infringing content
  • Contact details used to serve legal documents
  • E-Commerce
  • Customers can find out what entity is behind a
    web site with a well known domain name

3
WHOIS and Data Privacy
  • Contact Details are useful to facilitate
    technical communications
  • But WHOIS can also be used for Data Mining.
  • Data Privacy laws and Best Practices may be
    needed to protect the Registrants Rights
  • E.g CENTR - http//www.centr.org/docs/statements/
    CENTR-Position-on-Whois.html

4
WHOIS Legal Framework
  • Depends of the country in which the Registry
    operates.
  • General trend to establish privacy laws
  • Specific Directive applies to member-states of
    the European Union
  • Many countries recently passed national Privacy
    Law with the same guidelines - YMMV -)
  • Canada (January 1st 2004)
  • Australia (December 21st 2004)
  • Japan (May 23rd 2003)

5
Basic Concepts for Data Privacy
  • Personal Data
  • Data characterizing the individual
  • I.e. name, address, phone number
  • gt WHOIS holds Personal Data!
  • Data Subject and Controller
  • The Data Subject is the Registrant
  • The Controller is the Registry (or the Registrar)
  • Processing
  • To Integrate the data into a database by
    automatic or electronic means.

6
Basic Concepts for Data Privacy (Contd)
  • Consent
  • The Data Subject has to agree before its data can
    be processed and/or published.
  • The Controller may have to inform a Supervisory
    Authority on the Process before collecting Data
    from subjects.
  • I.e Federal Privacy Commissioner (Au), Office
    for Personal Data Protection (Cz), Information
    Commissioner (UK)
  • http//www.privacylaws.com/links/linknational.htm

7
Data PrivacyUsual Principles
  • The Controller has to be clearly identified
  • The Data Subject has the opportunity to give its
    Explicit Consent before Data is processed
  • The Data Subject is allowed to Check and Rectify
    the Data stored by the Data Controller
  • The Controller can only keep the Data for an
    appropriate amount of time
  • The Controller has to keep the Data accurate and
    up-to-date
  • Transfer to third parties in other countries can
    only happen under certain conditions

8
Data PrivacyccTLD Perspective - 1
  • Provide the Registrant with the full details of
    the entity processing the Data
  • The Registrant has to know how and where to
    contact the Registry, the information has to be
    readily available on the Registrys site
  • the controller must provide the data subject
    with the identity of the controller and of
    his representative, if any (Article 10a of the
    ECD)
  • Inform the Registrant of any process hat might
    take place on its data
  • Privacy Policy page may be clearly accessible on
    the Registrys site (On the index page in a easy
    to read format and wording)
  • the controller must provide the data subject
    with the purposes of the processing for which
    the data are intended and the recipients or
    categories of recipients of the data (Articles
    10b 10c of the ECD)

9
Data PrivacyccTLD Perspective - 2
  • Consent
  • Check-Box at the bottom of the Registration
    agreement
  • any freely given specific and informed indication
    of his wishes by which the data subject signifies
    his agreement to personal data relating to him
    being processed (Article 2 of the ECD)
  • Check and Rectify
  • E.g Web form to access and edit the Data,
    dedicated e-mail address (Privacy_at_Registry.ccTLD
    ?) to ask for an output of the stored Data.
  • Data subject has the right to obtain from the
    controller as appropriate the rectification,
    erasure or blocking of data (Article 23b of the
    ECD)

10
Data PrivacyccTLD Perspective - 3
  • Maintain the Data
  • Data should be kept on a secure server and
    rendered anonymous after a certain period of time
  • The controller must implement appropriate
    technical and organizational measures to protect
    personal data against accidental or unlawful
    destruction or accidental loss, alteration,
    unauthorized disclosure or access, (Articles 13-2
    and 17 of the ECD)
  • Transfer to third parties
  • If the Registry transfers the Data in another
    country (to Registrars)it has to make sure the
    Data is protected.
  • the transfer to a third country of personal data
    may take place only the third country in
    question ensures an adequate level of protection.
    (Article 25-1 of the ECD)

11
Data PrivacyccTLD Perspective - 4
  • Accuracy of the Data
  • Important role for the Registrar
  • National Law?
  • I.e U.S. Bill HR 4640
  • Registry Terms Conditions
  • The Registrant has to make sure and represent
    that Data submitted fro Registration is accurate.

12
Beyond WHOIS
  • Allow Registrants to refuse publication of
    selected data
  • ex-listed
  • i.e www.nic.TM/New1.html
  • Provide an availability-only service
  • Easy way to know if a Domain is available without
    providing personal data
  • avail.nic.TM on Port 43
  • Tiered Access

13
Conclusion
  • Data Privacy has become a worldwide preoccupation
  • WHOIS service causes concern that may be
    addressed by Registries
  • Solutions exist that preserve flexibility and the
    Registrants rights
  • Towards WHOIS Best Practices?

14
Thank You !
  • Jean-Christophe.Vignes_at_Nic.TM
Write a Comment
User Comments (0)
About PowerShow.com