You are here
The issue of purpose is essential from a data protection and privacy perspective. The purposes for which WHOIS data may be legitimately collected, maintained, and used should be stated in very clear terms. Under ICANN’s agreements, WHOIS may be used for any lawful purposes except to enable marketing or spam, or to enable high volume, automated processes to query a registrar or registry’s systems, except to manage domain names.
The Security and Stability Advisory Committee (SSAC) believes that the foundational problem facing all “WHOIS” discussions is an understanding the purpose of domain name registration data. In the SSAC-55 Report, SSAC states that there is a critical need for a policy defining the purpose of collecting and maintaining registration data. This policy should address the operational concerns of the parties who collect, maintain or use this data as it relates to ICANN’s remit. The SSAC believes that the policy should address at least the following questions:
- Why are data collected?
- What purpose will the data serve?
- Who collects the data?
- Where is the data stored and how long is it stored?
- Where is the data escrowed and how long is it escrowed?
- Who needs the data and why?
- Who needs access to logs of access to the data and why?
The SSAC believes that a single consensus policy answering at least the questions listed above is achievable and the essential first step toward any “solution” to “the WHOIS.
Others believe that the stated purposes of WHOIS data should be reexamined in light of certain data privacy and protection principles that apply in many countries, such as:
- Purpose limitation: Personal data should be processed and subsequently used or further communicated only for legitimate purposes for which it was originally collected or subsequently authorized by the data subject
- Data quality and proportionality: Personal data should be accurate and, where necessary, kept up to date. The personal data should be adequate, relevant and not excessive in relation to the purposes for which it is collected, transferred and further processed
GNSO is likely to commence policy activities in the near future related to the defining the purpose of WHOIS. Get Involved in these policy discussions.