July 31, 2008

.tel launch raises questions

There are many common features in the Telnic Sunrise Policy and the old .eu Sunrise Policy (examples: right to register the transliteration of a trademark with special characters, or the nominal part of a logo when the word element is predominant), though it will be slightly easier to provide the validation agent with the documentary evidence in .tel applications.
Among the "new" things, there will be "Sunrise Reconsideration Proceedings", by which the validation agent will be invited to review an application again, when the applicant thinks it should have been accepted. Third parties may also initiate such proceedings, when they have tracked that the applicant or its trademark are not eligible under the Sunrise Policy. Interesting: These proceedings will not involve a mediation center, or the registrar itself, but the very person who took the criticized decision. The existence of this procedure is obviously a lesson from the weakest part of the .eu launch (the inconsistency of the validation agent), but I wonder whether it can be effective: Will the validation agent accept to reconsider its own previous assessments?

On a completely different note: As readers know, .tel names allow the holder to host personal contact information (e-mail, phone number, address, IM, etc.) directly in the DNS. On the website, one can find information on how to protect private data... but I have found no information regarding the status of personal data, or a clause regarding the consent of individuals. Does anyone know more on this?

UPDATE [8/14] Thanks to Justin Hayward, a spokesperson for Telnic Ltd, here is more on data protection in the .tel space:
UK/EU Data Protection* laws place a duty of care on organisations holding Personal Data: any data which identifies a living person, irrespective of the nationality of that person or their country of residence. This duty of care extends to anyone with a contractual relationship with that organisation if that third party handles Personal Data.
Telnic is holding Personal Data for every registrant. This means that registrars and others who do business with Telnic and handle Personal Data on its behalf will be obliged to meet UK/EU Data Protection obligations.
These requirements are written into their contracts with Telnic. The Data Protection responsibilities on registrars with respect to Personal Data include fair use of that data, reasonable safeguards on the storage and processing of that data, etc, etc.
For registrants, information published to the DNS is done so directly by the registrant through a management console and not on behalf of the registrant by any other party. Appropriate authorities have indicated that they see no data protection issues with this solution.
Registrars and Name Service Providers will be contractually required to comply with their Data Protection obligations. Legally, they are Data Processors handling Personal Data on behalf of Telnic, the Data Controller.
In simple terms, this just means a registrar has to use any Personal Data fairly, store and process it responsibly, allow end users to correct or update their Personal Data and so on.
This applies even if the registrant or registrar are outside the EU.
For registrars and resellers who are in the EU and other countries that have Data Protection laws, this should mean they register with the appropriate Data Protection Authority in their country. Which they should already have done anyway because they're handling Personal Data such as a registrant's contact details, either for .tel or for some other TLD.

* The legislation here is the UK Data Protection Act 1998, which is the UK implementation of the EU Directives on Data Protection and Privacy (primarily 95/46/EC but also parts of 97/66/EC and 2002/58/EC)

No comments: