• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
Domain Industry & Internet News

Domain Industry & Internet News

Domain Name Industry News

  • Home
  • About
  • Archives
  • Submit News
  • Comment Policy
  • Privacy Policy
  • Advertise Hosting & Domain Industry Jobs
You are here: Home / icann / European Data Protection Supervisor Smacks ICANN Over Privacy Issues With 2013 RAA

European Data Protection Supervisor Smacks ICANN Over Privacy Issues With 2013 RAA

April 18, 2014 by Michele Neylon

european-data-protection-supervisor-logoICANN has been sent a letter by the European Data Protection Supervisor calling them out with respect to both data collection, retention and privacy within the context of the 2013 Registrar contract (RAA).

The letter is the first instance of one, to my knowledge, which makes reference to the ECJ’s recent ruling that rendered the data retention directive null and void.

While the letter is very polite, as they always are, they make it very clear that they consider the RAA’s default requirements to be in breach of EU law. (Of course they’re not the first entity to tell ICANN this, but obviously ICANN is a bit hard of hearing .. ).  It’s almost understandable at this stage why one GAC representative from the EU referred to ICANN as “deaf or stupid” a few years ago.

Here’s the “meat” of the letter:

… the 2013 RAA and the Draft Specification continue to fall short of compliance with European data protection law.

The Draft Specification should only require collection of personal data, which is genuinely necessary for the performance of the contract between the Registrar and the Registrant (e.g. billing) or for other compatible purposes such as fighting fraud related to domain name registration. This data should be retained for no longer than is necessary for these purposes. It would not be acceptable for the data to be retained for longer periods or for other, incompatible purposes, such as law enforcement purposes or to enforce copyright.

Processing contrary to these recommendations would be contrary to three key principles of European data protection law set forth in Directive 95/46/EC. It would violate the principle of purpose limitation under Article 6(1)(b) of Directive 95/46/EC, which prohibits the processing of personal data for incompatible purposes4, the requirement under Article 7 of the Directive to have an appropriate legal ground for the processing of data, such as contract, consent or the legitimate interest of the controller, and the requirement of proportionality, including the requirement not to retain data ‘longer than is necessary for the purposes for which the data were collected or for which they are further processed’ (Article 6(1)(e)). These provisions are specifications of the fundamental rights to privacy and the protection of personal data laid down in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union.

Retention of personal data originally collected for commercial purposes, and subsequently retained for law enforcement purposes, has been the subject of a recent landmark ruling by the European Court of Justice, which held Directive 2006/24/EC to be invalid, as an unjustified interference with those rights.6 The Court recognised that the retention of personal data might be considered appropriate for the purposes of the detection, investigation and prosecution of serious crime, but judged that the Directive ‘exceeded the limits imposed by compliance with the principle of proportionality’. It is reasonable to expect requirements for retaining personal data to be subject to increasing scrutiny and legal challenges in the EU.

And the full letter:

[spiderpowa-pdf src=”https://www.internetnews.me/wp-content/uploads/2014/04/14-04-17_EDPS_letter_to_ICANN_EN.pdf”]14-04-17_EDPS_letter_to_ICANN_EN

 

 

Related articles
  • Art. 29 Data Protection Working Party To ICANN – Maybe You’re Hard Of Hearing? (internetnews.me)
  • ICANT Cope With ICANN! (blacknight.com)
  • EU body tells ICANN that 2013 RAA really is illegal (domainincite.com)
  • Euro registrars miffed about ICANN privacy delays (domainincite.com)
  • ICANN says Article 29 letter does not give EU registrars privacy opt-out (domainincite.com)
  • Article 29 Working Party To ICANN – EU Registrars Exempt From Data Retention Requirements (internetnews.me)
  • Registrar Negotiating Team Issues Statement On RAA (internetnews.me)
  • ICANN to Registrars: We’re working on legal issues with 2013 RAA (domainnamewire.com)
  • Article 29 Working Party challenges new RAA data retention requirements (domainnamewire.com)

Filed Under: icann Tagged With: Article 29 Working Party, Data Protection Directive, Directive, European Commission, European Court of Justice, European Data Protection Supervisor, European Union, Generic top-level domain, icann, Member state of the European Union, privacy, raa

About Michele Neylon

Michele is founder and managing director of Irish domain registrar and hosting company Blacknight. Michele has been deeply involved in domain and internet policy discussions for more than a decade.
He also co-hosts the Technology.ie podcast.

Primary Sidebar

Recent Articles

ICANN’s Cancún Meeting Was Almost Normal

Middle East DNS Forum to be Held in Istanbul

Gandi Merges with TWS to Form “Your.Online”

Anguilla Offline due to Fibre Issue

IGF 2023 to be Held in Kyoto, Japan

Recent Comments

  • ICANN Gets First Female CEO on Centralnic Head Honcho Announces Immediate Retirement
  • Kieren McCarthy Elected to Nominet Board on Nominet Election Candidates 2022 Finally Announced
  • Michele Neylon on Nominet Taking RDAP Out of Beta
  • Gavin Brown on Nominet Taking RDAP Out of Beta
  • ICANN Heading to Hamburg (ICANN78) and Los Angeles (GDD) Plus Training For African Registries - Goldstein Report on ICANN Announces GDD Summit Dates & Location

Categories

Blogroll

  • Alex Bligh
  • Circle ID
  • Domain Incite
  • Domain Name News
  • Domain Name Wire
  • Jason Thompson

Blogs

  • Domain Gang
  • Stéphane Bortzmeyer

Archives

Recent Comments

  • ICANN Gets First Female CEO on Centralnic Head Honcho Announces Immediate Retirement
  • Kieren McCarthy Elected to Nominet Board on Nominet Election Candidates 2022 Finally Announced
  • Michele Neylon on Nominet Taking RDAP Out of Beta
  • Gavin Brown on Nominet Taking RDAP Out of Beta
  • ICANN Heading to Hamburg (ICANN78) and Los Angeles (GDD) Plus Training For African Registries - Goldstein Report on ICANN Announces GDD Summit Dates & Location

Categories

Blogroll

  • Alex Bligh
  • Circle ID
  • Domain Incite
  • Domain Name News
  • Domain Name Wire
  • Jason Thompson
  • Nigel Roberts

Blogs

  • Domain Gang
  • Stéphane Bortzmeyer

Copyright © 2023 InternetNews.me