EU data protection group says law enforcement’s wish list would be unlawful in European Union.
In May I wrote about some of the requests law enforcement agencies were making for the new ICANN registrar accreditation agreement. Some of the requests included verifying phone numbers, annual whois updates, and retaining IP addresses.
Now the Article 29 Data Protection Working Party has chimed in, stating that these requirements are likely unlawful in the European Union.
In a four page letter (pdf) to ICANN, the group states that ICANN isn’t addressing the root of the problem of inaccurate whois records.
The Working Party finds the proposed new requirement to annually re-verify both the telephone number and the e-mail address and publish these contact details in the publicly accessible WHOIS database excessive and therefor unlawful.” Because ICANN is not addressing the root of the problem, the proposed solution is a disproportionate infringement of the right to protection of personal data.
The Working Group describes the “root of the problem” as the “unlimited public accessibility of private contact details in the WHOIS database”.
It also takes issue with data retention proposals that would require specific information about domain registrants to be maintained for two years after the contract for the domain has ended. The letter states:
“The Working Party strongly objects to the introduction of data retention by means of a contract issued by a private corporation in order to facilitate (public) law enforcement.”
Nevermind that law enforcement’s proposals, as currently stated, would lead to increased domain registrar phishing and would not actually curtail illegal activity.