The Internet Corporation for Assigned Names and Numbers, better known as ICANN and responsible for managing the internet’s naming system, is in the process of updating its Registrar Accreditation Agreement (RAA). Many of the changes it has been negotiating are at the behest of law enforcement and the Governmental Advisory Committee.
Now the Article 29 Working Party of the European Union (a group comprising representatives of the data protection authority of each EU member state) has written to ICANN with its reservations. At issue are two particular points: the annual re-verification of contact details, and a new data retention proposal.
On the former, the Working Party seems to have two problems. Firstly, it notes that the WHOIS database is “being harvested on a large scale and abused for spamming. In other words, the way the system is designed provides a strong incentive for natural persons to provide inaccurate contact details.”
Secondly, however, it is concerned about illegal mission creep. The purpose behind collecting the data is to be able to contact a person who can resolve issues associated with the domain records. Since then, ICANN has noted that, “Over time, WHOIS data has been increasingly used for other constructive and beneficial purposes...” But the Working Party says that neither this nor the fact that law enforcement is requesting the change can “legitimize the collection and processing of personal data for those other purposes.”
In short, the new requirement to collect and publish re-verified contact details in the publicly accessible WHOIS database is “excessive and therefore unlawful.”
The Working Party’s second concern is over data retention. ICANN’s proposal is that all the registration details (not just those published in the public WHOIS database, which could include credit card details) are retained after registration. This requirement, notes the Working Party, “does not stem from any legal requirement in Europe, but again, is explicitly introduced by ICANN to accommodate wishes from law enforcement.” The Working Party strongly objects to this saying that if such is required, it is up to “national governments to introduce legislation” rather than “by means of a contract issued by a private corporation in order to facilitate (public) law enforcement.”
It concludes that since “there is no legitimate purpose, and in connection with that, no legal ground for data processing, the proposed data retention requirement is unlawful in Europe.” In reality, these two concerns are an embarrassment for ICANN rather than a show-stopper. It doesn’t ultimately need Europe’s approval, although the lack of it could cause further problems for the internet.
05 October 2012
Why can not the EU enforce all domains inside EU to only publish data inside EU with EU safeguards, for retention and data publicly available, i.e. ICANN must accept a reductionin its authority and set EU as a parallel authority. I assume if done major areas PR China and Russia would do likewise.
02 October 2012
Is the letter that was sent to ICANN a recent letter or one sent years ago? False, incomplete or absent legitimate domain name registration contact details is enabling fraudulent and criminal activity and in particular, phishing schemes which exploit the personal data of individuals. It seems to me this illegal collection of personal data by websites without valid contact information should be a much greater concern to the Article 29 Working Party than spamming which happens to anyone with an email address.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.