Group provides a blanket statement for registrars wishing to get a waiver for data retention under new registrar agreement.
The Article 29 Working Party has lent a helping hand to EU registrars (and potentially others) concerned about data retention requirements in the 2013 Registrar Accreditation Agreement (RAA).
There are a number of requirements to retain data in the 2013 RAA approved last week, ranging from the IP address of domain registrants to their credit card information.
The RAA also provides a way for registrars to negotiate a waiver from data retention if they believe it violates their local laws.
The Article 29 Working Party is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission. It has been a vocal critic of the data retention requirements, calling them “unlawful” during RAA negotiations.
However, the European Commission’s Governmental Advisory Committee member played down the Article 29 Working Party’s importance.
In a letter to ICANN that was sent prior to final approval of the 2013 RAA, The Article 29 Working Party writes:
In order to avoid unnecessary duplication of work by 27 national data protection authorities in Europe, with this letter, the Working Party wishes to provide a single statement for all relevant registrars targeting individual domain name holders in Europe.
It goes on to state numerous types of data collection that may violate EU privacy laws.
Notice that the statement refers to registrars “targeting” European nameholders — which could be used to suggest that non-EU registrars that have EU customers may want to request exemptions.
The full text of the letter is here.