[lac-discuss-es] Fwd: [ALAC-Announce] ICANN News Alert -- Advisory Concerning Registrar Obligations to Provide Data to ICANN Pursuant to Section 3.4.3 of the 2013 RAA

Alejandro Pisanty apisanty en gmail.com
Sab Jun 6 00:22:54 UTC 2015


Colegas,

acaba de llegar esta nota de ICANN. Informa acerca de los procedimientos
por los cuales los "registrars" (registradores) de nombres de dominio
genéricos deberán proveer datos relacionados con los nombres de dominio
cuyo registro han procesado, así como las excepciones, limitaciones y
ajustes posibles en estos casos.

Dado que nuestras organizaciones tienen una responsabilidad explícita en la
defensa de los intereses de los usuarios, y esta información se refiere "de
necessario" a datos personales de los registrantes, considero de interés
que LACRALO se forme un criterio acerca de estos intercambios de
información y posiblemente prepare un documento informativo orientado a los
usuarios de la región. En caso de encontrarnos en desacuerdo, procedería
formar una opinión de consenso y comunicarla a las diversas instancias de
ICANN a través de las cuales es posible proponer modificaciones a una
política como ésta.

Seguramente algunos de Uds. estarán mejor enterados de las discusiones y
negociaciones, complejas y a ratos contenciosas, que han dado lugar a este
documento. Todo ello alimentará el interés de la discusión.

Atentamente,

Alejandro Pisanty

---------- Forwarded message ----------
From: ICANN At-Large Staff <staff en atlarge.icann.org>
Date: Fri, Jun 5, 2015 at 6:42 PM
Subject: [ALAC-Announce] ICANN News Alert -- Advisory Concerning Registrar
Obligations to Provide Data to ICANN Pursuant to Section 3.4.3 of the 2013
RAA
To: "alac-announce en atlarge-lists.icann.org" <
alac-announce en atlarge-lists.icann.org>



   [image: ICANN] <http://www.icann.org/> News Alert

https://www.icann.org/news/announcement-2015-06-05-en
------------------------------
Advisory Concerning Registrar Obligations to Provide Data to ICANN Pursuant
to Section 3.4.3 of the 2013 RAA

5 June 2015

Section 3.4.3 of the 2013 Registrar Accreditation Agreement (the "2013
RAA") requires registrars to provide certain data, information, and records
to ICANN upon request and incorporates a procedure by which ICANN and
registrars can agree to limitations, protections, or alternative solutions
in the event a registrar believes that the provision of such data to ICANN
would violate applicable law or legal proceedings.

Several registrars have requested clarification from ICANN regarding the
2013 RAA's procedure for discussing and agreeing on appropriate
limitations, protections, or alternative solutions for production of data,
information, or records requested by ICANN. In particular, registrars have
told ICANN that meaningful discussions of potentially relevant legal issues
require that ICANN identify

(i) the purposes for which ICANN is requesting such data, information, or
records;
(ii) how ICANN intends to use such data, information, or records; and
(iii) duration for which ICANN intends to retain such data, information, or
records.1 <https://www.icann.org/news/announcement-2015-06-05-en#foot1>

The following advisory outlines the relevant provisions of the 2013 RAA and
explains the steps that ICANN will take upon a registrar's request if ICANN
seeks access to data, information, or records pursuant to Section 3.4.3 of
the 2013 RAA.
Relevant Provisions of the 2013 RAA

Section 3.4.3 of the 2013 RAA provides:

3.4.3 During the Term of this Agreement and for two (2) years thereafter,
Registrar shall make the data, information and records specified in this
Section 3.4 available for inspection and copying by ICANN upon reasonable
notice. In addition, upon reasonable notice and request from ICANN,
Registrar shall deliver copies of such data, information and records to
ICANN in respect to limited transactions or circumstances that may be the
subject of a compliance-related inquiry; provided, however, that such
obligation shall not apply to requests for copies of the Registrar's entire
database or transaction history. Such copies are to be provided at
Registrar's expense. In responding to ICANN's request for delivery of
electronic data, information and records, Registrar may submit such
information in a format reasonably convenient to Registrar and acceptable
to ICANN so as to minimize disruption to the Registrar's business. In the
event Registrar believes that the provision of any such data, information
or records to ICANN would violate applicable law or any legal proceedings,
ICANN and Registrar agree to discuss in good faith whether appropriate
limitations, protections, or alternative solutions can be identified to
allow the production of such data, information or records in complete or
redacted form, as appropriate. ICANN shall not disclose the content of such
data, information or records except as expressly required by applicable
law, any legal proceeding or Specification or Policy.

Procedure for Data To Be Made Available to ICANN

   1. If, pursuant to Section 3.4.3, ICANN provides notice to a registrar
   requiring that (1) data, information, or records be made available to ICANN
   for inspection or copying; or (2) that data, information or records be
   delivered to ICANN, the registrar may request, in writing (with email
   deemed sufficient), that ICANN provide a written description specifying to
   a reasonable extent: (a) the data, information, and records that are the
   subject of the request; and (b) the purpose, including identification of
   the transfers envisaged to third parties and the purpose of such transfer,
   for which ICANN maintains that access to or a copy of the data,
   information, and records is necessary (the "Access Purpose Description").
   2. ICANN will, upon the written request of the registrar, provide the
   registrar with the Access Purpose Description in writing (with email deemed
   sufficient). With respect to the purpose, ICANN is limited to one or more
   of the purposes described in the draft document "Description of 2013 RAA
   Data Retention Specification data elements and potentially legitimate
   purposes for collection/retention" that was posted on 21 March 2014 (the
   "Description") as it may be modified by ICANN from time to time. Any future
   changes to the Description must be in line with the law and regulations
   applicable to the registrars, including but not limited to rules on the
   processing of data for purposes which are not incompatible with the
   legitimate purpose for which the data were originally collected. ICANN will
   work in good faith to agree with the Registrar on appropriate levels of
   data protection, if applicable, and, respecting any safeguards necessary to
   achieve this purpose (e.g., Standard Contractual Clauses, if appropriate).
   3. If an Access Purpose Description is requested by a registrar and
   provided by ICANN, ICANN will not process or use the data, information, and
   records for any purpose other than those stated in the Access Purpose
   Description. This does not exclude ICANN from issuing a further Access
   Purpose Description, referring to one or more purposes listed in the
   Description, if another purpose becomes relevant with respect to such data,
   information, and records and is in line with the law and regulations
   applicable to the registrars, including but not limited to rules on the
   processing of data for purposes which are not incompatible with the
   legitimate purpose for which the data were originally collected. As
   provided in Section 3.4.3 of the 2013 RAA, ICANN will not disclose the
   content of such data, information, or records to a third party except as
   expressly required by applicable law; any legal proceeding; or
   Specification or Policy (as defined in the 2013 RAA) in line with the law
   and regulations applicable to the registrars, including but not limited to
   rules on the processing of data for purposes which are not incompatible
   with the legitimate purpose for which the data were originally collected;
   and, to the extent applicable, in line with any "onward transfer
   requirements" safeguards to which ICANN has stipulated to ensure
   appropriate levels of data protection on part of ICANN (e.g., Standard
   Contractual Clauses, if appropriate). If ICANN is required to disclose the
   content of the data, information or records in accordance with the
   preceding sentence, it will immediately notify the registrar involved in
   writing (with email deemed sufficient) of the grounds for the order or
   requirement, the party to whom the data must be disclosed and the stated
   purpose of the disclosure, as well as the legal means available to oppose
   such disclosure, if and to the extent stated in the order or requirement,
   unless and to the extent such notification is expressly prohibited by law
   or court order.
   4. ICANN will delete the data, information, and records if and when they
   are no longer required for the purpose(s) stated in the Access Purpose
   Description(s), subject to adherence to any retention requirements mandated
   by law, if any.

If a registrar believes that the provision of any such data, information,
or records to ICANN would violate applicable law or any legal proceedings,
any ensuing good faith discussions between ICANN and the registrar will
take into consideration the purposes set forth in the Access Purpose
Description provided by ICANN. In those good faith discussions, ICANN would
take into account, without limitation any legal opinion submitted by the
registrar from a nationally recognized law firm in the applicable
jurisdiction and, in particular, the rulings or guidance provided by a
national or EU governmental body of competent jurisdiction including
relevant data protection authorities, as well as the requirement of Section
3.7.2 2013 RAA that registrar shall abide by applicable laws and
governmental regulations.

If good faith discussions are ongoing between ICANN and the registrar as
indicated above, ICANN would refrain from commencing a compliance procedure
against the registrar for breach of Section 3.4.3 of the 2013 RAA for a
reasonable period of time with the goal of allowing the good faith
discussions to facilitate a resolution.
------------------------------

1 <https://www.icann.org/news/announcement-2015-06-05-en#note1>In
discussions with ICANN, most registrars have acknowledged that legitimate
purposes exist for the retention of the data elements specified in Articles
1.1 and 1.2 of the Data Retention Specification (the "Specification") of
2013 RAA, but some registrars have called for clarification of the 2013
RAA's process for ICANN's request for data from a registrar to ensure a
compatible use of the data, which is not addressed by the waiver process
described in the Specification.


_______________________________________________
ALAC-Announce mailing list
ALAC-Announce en atlarge-lists.icann.org
https://atlarge-lists.icann.org/mailman/listinfo/alac-announce

At-Large Official Site: http://www.atlarge.icann.org



-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - -
     Dr. Alejandro Pisanty
Facultad de Química UNAM
Av. Universidad 3000, 04510 Mexico DF Mexico
+52-1-5541444475 FROM ABROAD
+525541444475 DESDE MÉXICO SMS +525541444475
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Unete al grupo UNAM en LinkedIn,
http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---->> Unete a ISOC Mexico, http://www.isoc.org
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://atlarge-lists.icann.org/pipermail/lac-discuss-es/attachments/20150605/873537ce/attachment.html>


Más información sobre la lista de distribución lac-discuss-es