The issue of purpose is essential from a data protection and privacy perspective. The purposes for which WHOIS data may be legitimately collected, maintained, and used should be stated in very clear terms. Under ICANN’s agreements, WHOIS may be used for any lawful purposes except to enable marketing or spam, or to enable high volume, automated processes to query a registrar or registry’s systems, except to manage domain names.
The Security and Stability Advisory Committee (SSAC) believes that the foundational problem facing all “WHOIS” discussions is an understanding the purpose of domain name registration data. In the SSAC-55 Report, SSAC states that there is a critical need for a policy defining the purpose of collecting and maintaining registration data. This policy should address the operational concerns of the parties who collect, maintain or use this data as it relates to ICANN’s remit. The SSAC believes that the policy should address at least the following questions:
The SSAC believes that a single consensus policy answering at least the questions listed above is achievable and the essential first step toward any “solution” to “the WHOIS.
Others believe that the stated purposes of WHOIS data should be reexamined in light of certain data privacy and protection principles that apply in many countries, such as:
GNSO is likely to commence policy activities in the near future related to the defining the purpose of WHOIS. Get Involved in these policy discussions.