Yes. [No Response] General Questions

Similar documents
Yes. [No Response] General Questions

No opinion. [No Response]

Contact Data Disclosure in the.uk WHOIS. Summary of Consultation Feedback. Nominet.uk Policy Process Secretariat

Summary of feedback on the proposed changes to.uk policy arising from GDPR

Contact Data Disclosure in the.uk WHOIS

Advisory Concerning Inter-Registrar Transfer Policy. 23 August 2007

WHOIS Survey Prepared on behalf of:

Privacy Policy May 2018

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

The information we collect

Proposal for a model to address the General Data Protection Regulation (GDPR)

Draft Applicant Guidebook, v3

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

Plus500UK Limited. Website and Platform Privacy Policy

OnlineNIC PRIVACY Policy

Proposed Final Report on the Post-Expiration Domain Name Recovery Policy Development Process Executive Summary

Privacy and WHOIS Data Policy

2. COLLECTIO OF PERSO AL I FORMATIO

GDPR. The new landscape for enforcing and acquiring domains. You ve built your business and your brand. Now how do you secure and protect it?

Privacy Policy Mobiliya Technologies. All Rights Reserved. Last Modified: June, 2016

Topic LE /GAC position Registrar Position Agreement in Principle 1. Privacy and Proxy services

Privacy policy. Privacy Policy

Progress Report Negotiations on the Registrar Accreditation Agreement Status as of 1 March 2012

TERMS OF USE Effective Date: January 1, 2015 To review material modifications and their effective dates scroll to the bottom of the page. 1.Parties.

Privacy Policy. LAST UPDATED: 23 June March 2017

Summary. January 31, Jo Lim. Chief Operations and Policy Officer. Dear Jo,

Proposed Service. Name of Proposed Service: Technical description of Proposed Service:

Inspiring Insights Ltd Privacy Policy - May Important Information. 2. The data we collect and how we store it.

AMENDMENT NO. 1 TO REGISTRY-REGISTRAR AGREEMENT

Website Privacy Policy

The Center for Affiliated Learning ( the CAL ) Privacy Policy

Inter-Registrar Transfer Policy (IRTP) Audit Report

etouches, Inc. Privacy Policy

We will never knowingly collect the personal information of minors.

Effective Date: November 26, A. Overview

Privacy Policy Statement Last update 25 th May 2018.

Magento GDPR Frequently Asked Questions

DATA PROTECTION AND PRIVACY POLICY

TABLE OF CONTENTS. Page

SYDNEY FESTIVAL PRIVACY POLICY

Report on Registrar Whois Data Reminder Policy Survey

Introduction. Prepared by: ICANN Org Published on: 12 January 2018

PRIVACY POLICY Let us summarize this for you...

Whirlpool Corporation Smart Appliance Services Privacy Statement. For Our Customers in the United States. Effective as of March 20, 2013 SUMMARY

PRIVACY POLICY. 1. What Information We Collect

TIX NZ Privacy Policy

INNOVENT LEASING LIMITED. Privacy Notice

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

In this Policy the following terms shall have the following meanings:

GROUPON.COM - PRIVACY POLICY

Important Information

I. INFORMATION WE COLLECT

Picshare Party Privacy Policy

This policy is a public document and has been prepared in light of the National Privacy Principle 5: Openness.

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

Draft Applicant Guidebook, v4

Privacy Policy- ADDO Worldwide LLC LAST UPDATED: September 9, 2014

Privacy Notice. Introduction. What is personal data? Date Updated: 2/11/2019

Privacy Policy. For purposes of this Agreement, Site refers to the Company s website, which can be accessed at

THESTREET.COM - PRIVACY POLICY

1. Anti-Piracy Services. 2. Brand Protection (SAAS) 3. Brand Protection Services. Data Protection and Permitted Purpose. Services

VETS FIRST CHOICE PRIVACY POLICY FOR PARTICIPATING VETERINARY PRACTICES

Christmas Island Domain Administration Limited ( cxda)

Summary of Expert Working Group on gtld Directory Services June 2014 Final Report

TERMS AND CONDITIONIONS FOR WHOIS DATA COLLECTION AND DISPLAY

TechTarget, Inc. Privacy Policy

Canadian Anti-Spam Legislation (CASL) Campaign and Database Compliance Checklist

Privacy Policy and WHOIS Data

Effective October 31, Privacy Policy

Eight Minute Expert GDPR. Login. Password

Spree Privacy Policy

MASTERCARD PRICELESS SPECIALS INDIA PRIVACY POLICY

Privacy Policy. We may collect information either directly from you, or from third parties when you:

.CAM Registry. GDPR integration. Version nd May CAM AC Webconnecting Holding B.V. Beurs plein AA Rotterdam

What personal data or information do we collect? The personal information we collect may include:

The types of personal information we collect and hold

GENERAL PRIVACY POLICY

PRIVACY POLICY OUR SERVICES. Last modified: November 29, 2015

When and what information does Kantar Worldpanel collect?

EIT Health UK-Ireland Privacy Policy

Canadian Anti Spam Legislation (CASL) FREQUENTLY ASKED QUESTIONS

Information we collect about you: (Rewritten)

Privacy Notice Q-UK-PO02

Hertfordshire Natural History Society

TIX Privacy Policy. 1. Scope of this Privacy Policy. 2. What personal information does TIX collect? Updated 7 September 2015

Our Privacy Policy. Last modified: December 12th Summary of changes can be consulted at the bottom of this Privacy Policy.

Privacy Policy Effective Date: October 4, 2017

Matters Related to WHOIS

Privacy Notice - General Data Protection Regulation ( GDPR )

Privacy Policy. Full name and contact details (including your contact number, and postal address).

The registration of Domain Names will be centralized and managed through all DOT accredited Registrars selected by the Registry.

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

Contractual Compliance. Text. IPC Meeting. Tuesday, 24 June 2014 #ICANN50

Janie Appleseed Network Privacy Policy

GDPR Compliance. Clauses

Privacy Policy. How we handle your information you provide to us. Updated: 14 March 2016

Data locations. For our hosted(saas) solution the servers are located in Dallas(USA), London(UK), Sydney(Australia) and Frankfurt(Germany).

NYSVMS WEBSITE PRIVACY POLICY

Post-Expiration Domain Name Recovery PDP. Presentation of Final Report

Privacy Policy. Third Party Links

Transcription:

General Questions Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar privacy services meets the policy objectives set out in the consultation document? [ Response] Q2. Do you wish to highlight any potential stakeholder impacts or concerns should the proposal to refine the WHOIS opt-out eligibility criteria be implemented? Please explain, providing examples and evidence to support your view, where possible. We believe that the proposed changes to opt-out eligibility are likely to cause further conflicts and still will not meet the expectations of registrants due to the definition of a data controller. We believe it is highly likely that most websites such as blogs will not conform to these requirements due to the common collection of Name and Email address for simple login, comment and subscription systems. This will likely lead to further confusion if minet enforces this part of the opt-out requirements and will likely result in similar discontent as the current trading stipulation. We believe this may prove harder for minet to enforce than the existing trading test due to the complexities over 3rd party comment systems, subscription systems and other integrated web technologies which store/process personal data - but where the site owner doesn't actually store or process the information directly, these and other similar situations may cause inconsistent judgments as minet staff investigating these cases would need intimate understanding of how site software works and how personal data is processed and stored to properly determine if the site operator is a data controller. Most registrants are likely to be much less familiar with what defines a Data Controller and aspects of the Data Protection Act than they are with the concept of "trading" which can be more easily explained as "If you make money from your website in any way." We therefore believe minet should reconsider this approach and ensure that the final policy for opt-out eligibility is as simple and clear as possible to reduce confusion and ensure equal treatment of all registrants.

Q3. Do you wish to highlight any potential stakeholder impacts or concerns should privacy services be permitted to operate in the way in which we have proposed? Please explain, providing examples and evidence to support your view, where possible. Overall Paragon believes a framework for privacy services is a good step forward and will enable more registrars to offer privacy services without the associated risks of assuming the registrant role. However, we do have concerns over when, how and to whom the registrants data may be disclosed under the minet managed system. Traditionally privacy services define their policy for disclosure and registrants can expect this to be applied across all domains which that service is offered. This will require exceptions to be made for existing privacy services to highlight that.uk domains are not subject to the same disclosure process, and is likely to lead to confusion to registrants. We therefore believe that minet needs to provide a clear policy which sets out when, to whom and how data will be disclosed to 3rd parties - Particularly in cases where minet has no legal obligation, such as a UK Court order, to comply with such request but discloses regardless. Q4. Please provide any other views on the direct impact these proposals may have on you or your organisation. It would be helpful if you could advise your interest in the WHOIS, and the stakeholder group(s) you represent. Paragon Internet Group operates numerous hosting & domain brands and manage a large number of.uk domains for our customers. We also offer our own Privacy Protection service for gtld domains under our ICANN Accreditation and, should this proceed will likely extend this privacy service to.uk as well. The proposal will require some development time to change our systems to support privacy using EPP Disclose as well as time to update details on our website to inform registrants new and existing of the changes and how this may affect their registration. Additionally, minet should consider how changes to opt-out eligibility will impact registrar support services after the transition, especially for any registrants which lose eligibility - We would recommend that minet highlight domains which are no longer eligible due to the change, but were previously, to the registrar before opt-out is removed. An additional grace period should be given to allow time for the registrar to reach out to the registrant and advise them of the change of policy and the implications for them. This would also be an opportunity to offer registrants who will lose opt-out to switch to the privacy option. This should ensure that affected registrants are informed, and avoids unnecessary disclosures of their personal data due to the policy change.

Q5. Do you have a commercial interest in the domain name industry, including but not limited to acting on behalf of registrants in the registration of domain names or holding domain names in your own name? We are an ICANN & minet Accredited registrar and also hold a number of names of our own, mostly for commercial purposes. We would now like to ask you specific questions relating to each proposal. t all questions are mandatory. These are set out below for your convenience: Do you agree with our assessment of the options we have chosen to not recommend? Are the proposed criteria for eligibility of the opt-out clear and logical enough for WHOIS users and registrants? Do they meet your expectations as a WHOIS user or registrant? Do you agree that domains used to collect personal data should be excluded from eligibility to opt out? If you do not agree, we would like your thoughts on whether your concerns could be mitigated by being able to use a privacy service. Are there any process or technical consequences of the proposed changes to WHOIS opt-out eligibility that minet should take into account or would discourage implementation of this proposal? Do you think we should change the WHOIS query output so that the name of registrants who are optedout are withheld from publication, as well as their address? What obligations, if any, should registrars be subject to in relation to drawing the attention of registrants to the availability of the WHOIS opt-out? Are there any specific standards that registrars should be asked to meet in order to provide a privacy service? Are there process or technical issues in separating collection from publication of contact data in the way we have suggested that minet should be aware of? Should the framework be restricted only to minet Channel Partner and Accredited Channel Partner Tag holders? If you believe the framework should not be restricted, and that other parties should be permitted to operate privacy services, please explain why and provide comments on how minet could identify, monitor, and enforce the framework for third parties., I wish to answer some or all of the additional questions i. Publish less data on the WHOIS

[ Comment] ii. Removing the individual/trading tests from the opt-out [ Comment] iii. Align opt-out eligibility with the E-Commerce Directive [ Comment] iv. Do nothing in relation to privacy services / WHOIS opt-out [ Comment] v. Prohibit privacy services [ Comment] vi. Develop a minet privacy service for registrars to sell on to their customers (white-labelled solution) [ Comment] vii. Regulate privacy services offered by registrars We believe this may be more preferable as it could potentially allow for more competition within privacy services and would enable privacy providers to offer consistent terms on disclosure across all TLDs. WHOIS opt-out proposal Q7a. To qualify to use the opt-out we are proposing that: The registrant must be an individual; and, The domain name must not be used: o to transact with customers (merchant websites);

o to collect personal data from subjects (ie data controllers as defined in the Data Protection Act); o to primarily advertise or promote goods, services, or facilities. Are the proposed criteria for eligibility of the opt-out clear and logical enough for WHOIS users and registrants? As described on Q2; we believe the new requirement of not being data controllers will cause confusion and discontent with registrants due to the wide practice of processing basic personal details on even basic websites which are commonly run by individuals. Q7b. Do the criteria meet your expectations as a WHOIS user or registrant? See Q2/Q7a. Q7c. Do you agree that domains used to collect personal data should be excluded from eligibility to opt out? If you do not agree, we would like your thoughts on whether your concerns could be mitigated by being able to use a privacy service. Every registrant should have the option to use a privacy service if desired. We believe the data controller requirement will unfairly impact private individuals running basic websites. Q8. Are there any process or technical consequences of the proposed changes to WHOIS opt-out eligibility that minet should take into account or would discourage implementation of this proposal? Please explain with details about whether this would affect registrants, registrars, WHOIS users, or other stakeholders. Registrants would need to be educated on the differences between opt-out and privacy to make an informed decision on which is best suited to them and when opt-out is, and isn't available to them.

Registrars will need to make system changes to support the EPP Disclose command. Additionally it s likely that existing privacy systems, such as those used to enable 3rd parties to send messages to the underlying registrant will need changes to be made. Q9. Do you think we should change the WHOIS query output so that the name of registrants who are opted-out are withheld from publication, as well as their address? While previously this is something registrants often request, we believe the demand for this can better be addressed by privacy services. Q10. What obligations, if any, should registrars be subject to in relation to drawing the attention of registrants to the availability of the WHOIS opt-out? Registrars should be required to highlight the differences between opt-out and privacy services and ensure registrants are able to make an informed choice between the 2 options. There is potential that some registrars may try to mislead registrants into purchasing privacy protection over opt-out even if the registrant is eligible - this should be avoided as it could diminish trust in the.uk namespace. Privacy Services proposal Q11. Which, if any of these standards do you think registrars should be asked to meet in order to provide a privacy service? Being required to respond to or transmit abuse complaints from third parties to the registrant, Provide their own contact details to be published in the WHOIS, Highlight the availability of the opt-out to registrants, Other (please specify) We believe it is appropriate for privacy providers to also be Accredited Channel Partners as they should be expected to meet the same level of service, abuse handling, and responsibility when providing privacy services. This will also encourage registrars which are not accredited to become so; and to attain those same high standards in order to provide their own privacy service and will help to raise standards across the board.

Q12. Are there process or technical issues in separating collection from publication of contact data in the way we have suggested that minet should be aware of? For example, updating registration data of domains currently held using a privacy service to the registry moving domains with privacy from a registrar to another (TAG change), where the new registrar does not offer privacy transfer of a domain(s) to a privacy service transfer of a domain(s) to a new registrant minimising the incidence of abuse use of the RFC5733 contact disclose field for both name and address Please explain with details about whether this would affect registrants, registrars, WHOIS users, or other stakeholders. It should be carefully considered how registrar transfers will proceed if the new registrar does not offer a privacy service. Additionally as many registrars will change for this service it may be inappropriate to transfer a name to the new registrars privacy service if that service has not been paid for. This is a tricky technical issue, and not one which can be easily solved under the current Push Transfer process. It would appear the only way to achieve a smooth transfer, without disclosure, would be to switch the transfer process to a pull which would enable the new registrar to initiate the transfer with privacy enabled. Q13. Whilst noting that the proposed privacy services framework would not apply to Self-Managed Tag users where domains must be connected to the registrant, should the framework be restricted only to minet Channel Partner and Accredited Channel Partner Tag holders? Privacy services should be operated with care and high standards, we believe it is appropriate for registrars to be Accredited Channel Partners in order to provide privacy services. Do you wish to provide any supporting evidence in your submission?

The feedback we receive will inform our decision on changes to our WHOIS policy. We will publish all formal stakeholder responses after this decision has been made. Please tell us if you agree to the publication of your response by selecting one of the options below. Anonymous responses will not be published although they will be taken into account. I am happy for minet to publish my response, along with my name and organisation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback