The following is an overview of the Data Protection obligations relevant to Dot-Irish LLC in order to comply with obligations under data protection law. In its capacity as Registry Operator for a top-level domain (TLD), Dot-Irish LLC would be generally considered to be acting in the capacity of a data processor in relation to personal data of Registrants processed by it, with the relevant Registrar being a data controller. Dot-Irish LLC’s responsibilities in this regard are largely set out in the ICANN Agreement pursuant to which its main function in relation to the data is to collect that which is supplied to it by the Registrars and to collate it in a usable database that can be accessed for particular services to include WHOIS services.
A data controller is a legal entity which controls and is responsible for the keeping and use of personal data. A company which holds or processes personal data (being data which can identify a living individual), on behalf of a data controller, but does not exercise responsibility for or control over the personal data, is a “data processor”. Generally, a data processor has separate legal personality from a data controller for whom they are processing personal data. Data processors are contracted to provide particular data processing services for a data controller. “Processing” is widely defined and covers all dealings in data such as storing, recording, keeping, disclosing, retrieving or using. Unlike data controllers, data processors have limited responsibilities under Data Protection Acts. Dot-Irish LLC is responsible for ensuring that personal data is kept secure from unauthorised access, disclosure, destruction or accidental loss. Dot-Irish LLC’s Registry Services Provider’s staff are aware of relevant security measures and appropriate training is in place. Audit trails and logs are produced through third-party customer relations software services are combined with internal audit and review procedures to ensure that staff comply with these measures.
The details of the written contracts relevant to Dot-Irish LLC’s processing of Registrant personal data are set out below. The following are the key provisions from the ICANN Registry Agreement relating to data protection with which Dot-Irish LLC must comply:
Clause 2.18: Registry Operator shall (i) notify each ICANN-accredited registrar that is a party to the registry-registrar agreement for the TLD of the purposes for which data about any identified or identifiable natural person (“Personal Data”) submitted to Registry Operator by such registrar is collected and used under this Agreement or otherwise and the intended recipients (or categories of recipients) of such Personal Data, and (ii) require such registrar to obtain the consent of each registrant in the TLD for such collection and use of Personal Data. Registry Operator shall take reasonable steps to protect Personal Data collected from such registrar from loss, misuse, unauthorized disclosure, alteration or destruction. Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars.
The Registry Services Agreement between Dot-Irish LLC and its Registry Services Provider states that Registry Services Provider shall take reasonable steps to protect data about any identified or identifiable natural person (“Personal Data”) from loss, misuse, unauthorized disclosure, alteration or destruction. In addition, in its use and maintenance of Registry Data, the Dot Irish LLC and its Registry Services Provider will comply with all local, state, federal, regional, divisional, and/or foreign law (including common law), statutes, rules or regulations, guidelines, codes of practice, self-regulatory practices, reporting requirements, ordinances, orders, treaties, and/or regulations applicable to privacy and data protection.