ICANN has started a new round of consultations with regard to the Registrar Accreditation Agreement. The consultation is open through 4 August 2008. I submitted the following comment:

3.3 Public Access to Data on Registered Names

This section of the RAA has been left untouched, although it is well known to ICANN and its community that this contravenes several national and international laws.

See http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2003/wp76_en.pdf
and http://www.icann.org/correspondence/schaar-to-cerf-12mar07.pdf

Quoting this last letter: “Privacy issues stemming from the making available of personal data in the context of the operation of the WHOIS services should be solved through amendments to the registrar accreditation agreement that would offer at least to those registrars located in EU member countries to comply with EU data protection legislation in accordance with the basic principles of data protection and privacy.”

How can ICANN justify that it forces, by contract, other parties to break the law ?

Of course, one could say that it is customary in most European countries laws that contract clauses which go against the laws are considered void. As an example, both the French and Belgian Civil Codes define in article 1133 that “La cause est illicite, quand elle est prohibée par la loi [...]“. Hence, European registrars could invoke the legal requirement to not publish data about individuals in their whois database , and to inform ICANN they are not able to fully comply with article 3.3.  Most don’t, but rather have registrants accept terms by which they agree to see their data published. This lack of courage has always amazed me.