Protection of directive also extends to publicized data. Not everything that might seem useful is legally permissible. Key issue for EU: Purpose of WHOIS. Original purpose (technical contact) is legitimate. Directive only allows use for original purpose or compatible uses — expectation of user. Artcile 29 working party: Self-policing activities of private parties not compatible. Public sector has legal procedures. Private sector has problem. Want to protect right holders, but need to find a position which can do both things within the legal system and respecting legislation on data protection. Proportionality: Distinguish between data necessary for registration, and data that should be published. Look for less intrusive means to serve purpose. Is there a different possibility of serving purposes without having all information available on web site, to anybody who wants to have it? Two-step approach could be explored. Make data not available to general public, but only to those who really need it. Possible control after the fact. Discussion of uniformity? Collecting same data everywhewre is a problem — only collect minimum data which are actually necessary. Public directories: General right not to have phone number included in public directory. Unlisted phone numbers in WHOIS?!? Some difficult problems with this; discussions are ongoing. … Extended searchability: Article 29 WP opinion from 2002 on reverse directories. Not just opposing — accuracy important issue. Keep in mind why individuals give inaccurate data — feeling of insufficient protection. Bulk access not acceptable. Marketing uses not acceptable.
Need to respect law. Don’t place registrars between rock and hard place. Keep in mind and involve data protection community in these discussions. Article 29 working party has approved opinion in time for this meeting; would be pleased to be involved in discussion.
Vint asks about choice — nobody forced to register domain name. May incur obligations to rest of community when registering. Alonso-Blas: Having domain name may be important for many people, professional and personal activities. (…) Q. about law enforcement. Legislation in Europe has specific provisions for law enforcement. Exceptions that need to be implemented in natl law. Can consult data protection authorities if in doubt. Limited powers for law enforcement. Availability of information about identification of commercial activities. E-commerce directive; identification of data users. Not opposing to that. What data exactly needs to be collected and published? Different regimes for different cases?