[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of Repository Data for Certain Purposes

Date: Mon, 13 Jan 1997 23:26:38 +0100
From: Horns@t-online.de (Axel H. Horns)
Subject: Re: Use of Repository Data for Certain Purposes
-----BEGIN PGP SIGNED MESSAGE-----

On 13 Jan 97 at 14:21, Robert Shaw wrote:

> The IAHC has received similar comments that echo this opinion.

Please let me give another view on that issue. I know that it is a
quite particular view from a German perspective, but perhaps it might
be of some interest for some of you.

It is to be expected that many countries will do some multimedia
legislation in order to get rid with particular upcoming questions
related to privacy, digital signatures and the like on the net.

At the time being it looks like that Germany might be one of the
first countries having worked out a detailed multimedia law.

In December 1996, a draft version of a "Federal Act to Regulate the
Conditions for Information and Communications Services (IuKDG)"
was approved by the German government. It is expected that it will be
brought into parliament in early spring of 1997, and maybe that it will
enter into force on August 01, 1997 or so.

An English translation of the draft prepared by Christopher Kuner, Esq.
is available under

  http://ourworld.compuserve.com/homepages/ckuner/multimd1.htm

This "Federal Act to Regulate the Conditions for Information and
Communications Services (IuKDG)" is something like an "omnibus act".
When having passed the German parliament, a number of acts embedded
therein will enter into force, namely, inter alia,

- - "Teleservices Act (TDG)",

- - "Act Concerning Data Protection in Teleservices (TDDSG)", and

- - "Digital Signature Act".

At least any Registrar residing in Germany will be subject to these
regulations, and perhaps, at least theoretically, also Registrars
residing elsewhere making contracts with German residents.

The "Act Concerning Data Protection in Teleservices (TDDSG)" seeks to
reduce the amout of data gathered by teleservices. Of course,
applying for a domain by contacting a registrar on-line should be
some sort of teleservice. There are strict regulations limiting the
collection of user data:


- --- quotation on ---

§ 3 (Principles for the Processing of Personal Data)

(1) Personal data may only be collected, processed, and used by
service providers to perform teleservices if this law or another legal
provision so allows or the person affected has given his consent.

(2) The service provider may only use data collected to perform
teleservices for other purposes if this law or another legal provision
so allows or the person affected has given his consent.

(3) The service provider may not make the provision of teleservices
dependent on consent of the user that his data may be processed or
used for other purposes.

(4) The design and selection of technical facilities for teleservices
shall be oriented toward the goal of collecting, processing, and using
either no personal data or as little as possible.

(5) The user shall be instructed concerning the method, scope, place,
and purposes of collection, processing, and use of his personal data
before it is collected. With regard to automatic processes which make
possible a later identification of the user and make preparations for
the collection, processing, or use of personal data, the user shall be
instructed before this process begins. The content of such instruction
must be accessible for the user at all times. The user can waive such
instruction. Such instruction and any waiver must be recorded. A
waiver does not constitute consent within the meaning of § 3.

(6) The user shall be informed before he gives his consent that he has
the right at any time to prospectively revoke such consent. Para. 5,
sentence 3 applies accordingly.

(7) Consent may also be given electronically, if the service provider
assures that

1. it can only be given by an unambiguous and conscious act of the
user;

2. it cannot be discernibly changed;

3. its author can be determined;

4. such consent is recorded; and

5. the content of the consent can be revoked at any time by the user.


[...]


§ 5 (Contractual Data)

(1) A service provider may collect, process, and use personal data of
a user to the extent necessary for the existence, substantive content,
or amendment of a contractual relationship with him concerning the use
of teleservices (contractual data).

(2) Processing and use of contractual data for the purpose of
advising, advertisement, market research or structuring technical
facilities of the service provider in accordance with need is only
permissible if the user has given his express consent.

(3) [...]

- --- quotation off ---

Hence, the legal status of any desired publicity of registry data
seems to depend strongly on the wording of the contract which the
registrar makes with the client applying for a domain registration.

The draft of the "Digital Signature Act" seems to cause no trouble in
view of possible introduction of digital signatures by PGP or other
means into the services provided by the registrars because of this
act explicitely states that other signatures not covered by that law
may also be used unless requested to the contrary by any other law.

Axel H. Horns

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAgUBMtsK90CRr0tDijlVAQGDywP+NExkhEG1ZxgT3ztl1oIAN4WJkEqYauHO
VNqWfylIw685NbMujp4nAYpgiwSWJv6gd1XxfgkwTP/lJPQnns9ctGFYte/aqcYN
puHH0LrJ7WkEHvt3jxcWtGQNevcGCiAOw4UP8nmSMs7TGYN8zWdLRbY2kFXmUpA2
gwDGMHWaS50HEg
-----END PGP SIGNATURE-----
Prev by Date: Re: IAHC Proposal (Attacks Thereon)
Next by Date: Re: IAHC Proposal (Attacks Thereon)
Prev by thread: Re: Use of Repository Data for Certain Purposes
Next by thread: use the force Luke...
Index(es):
- Date
- Thread