WIPO RFC-2
reidenberg@sprynet.com
Fri, 30 Oct 1998 10:38:40 -0500
Browse by: [ date ][ subject ][ author ]
Next message: verger@spid.com: "WIPO RFC-2"
Previous message: ceo@MElbourneIT.com.au: "WIPO RFC-2"
From: reidenberg@sprynet.com
Subject: WIPO RFC-2
In response to "WIPO RFC-2 Request for Comments on Issues Addressed in the WIPO Internet Domain Name Process," I would like to submit recommendations on the urgent need to address data privacy issues in the domain name registration system.
As a law professor at Fordham University (USA), I have written extensively on data privacy issues including the co-authored books "Data Privacy Law: A Study of U.S. Data Protection" (Michie: 1996) and "Data Protection Law and On-line Services: Regulatory Responses" (European Union, CEC/DGXV No. ETD/96/B5-3000/142: February 1998) and I have consulted or advised the U.S. Government, the European Commission and other national data protection agencies on privacy issues. On the basis of this background, I believe that WIPO's recommendations on domain name registration will have a significant impact on the treatment of personal information and must recognize and require respect for data privacy principles in its recommendations on domain name registration.
As noted in Paragraphs 14.1 and 14.7 of RFC-2, domain name registration contemplates the collection of information relating to identified individuals. In addition, domain names themselves may relate to an identified or identifiable individual. For almost twenty years, the international community has formally recognized the necessity to protect individuals in the face of data processing and the collection and use of such personal information. The OECD Guidelines on Privacy (1980), Council of Europe Convention No. 108 available at (<http://www.coe.fr/eng/legaltxt/108e.htm>), and more recently the
European Directive 95/46/EC, available at (<http://europa.eu.int/comm/dg15/en/media/dataprot/law/dir9546.htm>) each outline very similar basic principles for the fair treatment of personal information. As recognized earlier this month at the October 1998 OECD Ministerial Summit in Ottawa, the protection of privacy is a critical issue for the development of electronic commerce and the Internet. Both the International Working Group on Data Protection in Telecommunications and a group of 17 delegations to the International Conference of Data Protection Authorities have also issued statements highlighting the critical need to respect the protection of privacy on the Internet. Furthermore, Article 25 of European Directive 95/46/EC requires the interdiction of transborder data flows to countries that do not adequately protection personal information.
WIPO, therefore, has an obligation to acknowledge and provide for the protection of personal information in the context of domain name registration systems. To that end, I recommend the inclusion of following provisions in WIPO's final document:
1) Any domain name registration contract may not seek to collect any personal information beyond that which is essential to administer the domain name system.
2) Any domain name contract and registry organization must stipulate the respect for internationally recognized privacy principles including prohibitions on secondary use of personal information and rights of access and correction for the named individuals to stored personal information.
3) The domain name registration system must develop internal practices, policies and technical mechanisms to assure the respect of privacy principles.
If I can provide further information or assistance, please do not hesitate to contact me.
Joel R. Reidenberg
-- Posted automatically from Process Web site
Next message: verger@spid.com: "WIPO RFC-2"
Previous message: ceo@MElbourneIT.com.au: "WIPO RFC-2"