Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,

Published byMary Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,"— Presentation transcript:

1 WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission

2 WHOIS - preliminary remarks Is there a clear definition of what is WHOIS? What data are we talking about? Are we not confusing WHOIS data with registration (customer) data? Is there a clear definition of what is WHOIS? What data are we talking about? Are we not confusing WHOIS data with registration (customer) data? What is the purpose of WHOIS data? This is crucial for determining what data may be included and what uses may be made of that data What is the purpose of WHOIS data? This is crucial for determining what data may be included and what uses may be made of that data

3 GNSO questions to GAC 1) Must a data subject consent to the collection and processing of his data? 1) Must a data subject consent to the collection and processing of his data? Personal data may be processed only if: the data subject has unambiguously consented, or there is a contract to which the data subject is a party processing is necessary for compliance with a legal obligation of the data controller necessary to protect the vital interests of the data subject to perform a task in the public interest or in the exercise of official authority legitimate interests of the controller or third parties to whom the data are disclosed except where such interests are overridden by the fundamental interests of the data subject

4 GNSO questions to GAC However: However: Personal data must be: Personal data must be: processed fairly and lawfully processed fairly and lawfully collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes adequate, relevant and not excessive in relation to the processing purpose adequate, relevant and not excessive in relation to the processing purpose accurate and, where necessary, kept up to date accurate and, where necessary, kept up to date

5 GNSO questions to GAC 2) Must a data subject consent to the disclosure of his collected data? 2) Must a data subject consent to the disclosure of his collected data? No, if disclosure was part of the processing purpose, of which the data subject has been informed At the time of collection of data from the data subject he must be informed of the (potential) recipients or categories of recipients of the data

6 GNSO questions to GAC 3) Can a data subject withdraw his consent to the disclosure of his data? 3) Can a data subject withdraw his consent to the disclosure of his data? In principle yes, but this is not an absolute right - there is room for judging the respective legitimate interests in question; this is first for the data controller to do, at a second stage by the national supervisory authorities and eventually the courts The data subject has a stronger objection right to the use of his data for direct marketing purposes

7 GNSO questions to GAC 4) Has a data subject the right to stay anonymous and not disclose his data? 4) Has a data subject the right to stay anonymous and not disclose his data? In principle yes, there is a right not to be included in directories; but again this is subject to a balance of legitimate interests evaluation In principle yes, there is a right not to be included in directories; but again this is subject to a balance of legitimate interests evaluation The least privacy intrusive option has to be given priority for serving the specific purpose The least privacy intrusive option has to be given priority for serving the specific purpose

8 GNSO questions to GAC Is there any regulation on the transmittal of personal data to other countries that is applicable in connection with domain name registration? Not explicitly in this connection, but articles 25 and 26 of Directive 95/46/EC deal with transfer of personal data to third countries and apply to all cases There are various possibilities foreseen to facilitate international transfers of data while ensuring adequate data protection (consent, contracts, important public interest grounds, public information registers)

9 GNSO questions to GAC Does the applicability of the law of your country depend on the location or nationality of the data subject, the registrar, or the registry? Does the applicability of the law of your country depend on the location or nationality of the data subject, the registrar, or the registry? In principle the law of the country where the data controller is applies; this may be the registrar or the registry In principle the law of the country where the data controller is applies; this may be the registrar or the registry Where the data controller is established outside the EU but has processing activities facilities/activities inside the EU, the law of the EU Member State where his processing equipment is used applies Where the data controller is established outside the EU but has processing activities facilities/activities inside the EU, the law of the EU Member State where his processing equipment is used applies

10 Response to old questions More accurate data? More accurate data? Yes, this is in line with European law - to serve their purpose, data need to be accurate

11 Response to old questions Bulk access? Bulk access? No, this is a disproportionate privacy infringing step; unless a very convincing, specific case may be made which has to be followed by due process This applies not only to marketing but to any purpose

12 Response to old questions Multi-criteria searching? Multi-criteria searching? No, privacy-intrusive, disproportionate, general presumption of guilt WHOIS not a tool for self-policing by various interests

13 Questions? George.Papapavlou@cec.eu.int George.Papapavlou@cec.eu.int

Download ppt "WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,"

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.

CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.

Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management

Data Protection and Records Management
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Overview

Data Protection Overview

Similar presentations

Ads by Google