7 Amendments of Salvatore DE MEO related to 2020/0359(COD)
Amendment 83 #
Proposal for a directive
Recital 15
Recital 15
(15) Upholding and preserving a reliable, resilient and secure domain name system (DNS) is a key factor in maintaining the integrity of the Internet and is essential for its continuous and stable operation, on which the digital economy and society depend. Therefore, this Directive should apply to all providers of DNS services along the DNS resolution chain, including operators of root name servers, top-level-domain (TLD) name servers, authoritative name servers for domain names and recursive resolvers, and privacy or proxy registration service providers, domain brokers or resellers, and any other services that are related to the registration of domain names.
Amendment 118 #
Proposal for a directive
Recital 59
Recital 59
(59) Maintaining accurate, verified and complete databases of domain names and registration data (so called ‘WHOIS data’) and providing lawful access to such data is essential to ensure the security, stability and resilience of the DNS, which in turn contributes to a high common level of cybersecurity within the Union. Where processing includes personal data such processing shall comply with Union data protection law.
Amendment 121 #
Proposal for a directive
Recital 61
Recital 61
(61) In order to ensure the availability of accurate and complete domain name registration data, TLD registries and the entities providing domain name registration services for the TLD (so-called registrar(including services provided by domain name registries and registrars, privacy or proxy registration service providers, domain brokers or resellers, and any other services which are related to the registration of domain names) should collect and guarantee the integrity and availability of domain names registration data. In particular, TLD registries and the entities providing domain name registration services for the TLD should establish policies and procedures to collect and maintain accurate and complete registration data, as well as to prevent and correct inaccurate registration data in accordance with Union data protection rules.
Amendment 123 #
Proposal for a directive
Recital 62
Recital 62
(62) TLD registries and the entities providing domain name registration services for them should make publically available domain name registration data that fall outside the scope of Union data protection rules, such as data that concern legal persons25 . TLD registries and the entities providing domain name registration services for the TLD should also enable lawful access to specific domain name registration data concerning natural persons to legitimate access seekers, in accordance with Union data protection law. Member States should ensure that TLD registries and the entities providing domain name registration services for them should respond without undue delay and in any event within 24 hours to requests from legitimate access seekers for the disclosure of domain name registration data. TLD registries and the entities providing domain name registration services for them should establish policies and procedures for the publication and disclosure of registration data, including service level agreements to deal with requests for access from legitimate access seekers. The access procedure may also include the use of an interface, portal or other technical tool to provide an efficient system for requesting and accessing registration data. With a view to promoting harmonised practices across the internal market, the Commission may adopt guidelines on such procedures without prejudice to the competences of the European Data Protection Board. __________________ 25REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL recital (14) whereby “this Regulation does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person”.
Amendment 256 #
Proposal for a directive
Article 23 – paragraph 1
Article 23 – paragraph 1
1. For the purpose of contributing to the security, stability and resilience of the DNS, Member States shall ensure that TLD registries and the entities providing domain name registration services for the TLD, shall collect, verify and maintain accurate and complete domain name registration data in a dedicated database facility with due diligence subject to Union data protection law as regards data which are personal data. This should take place as a pre- requisite to engaging in domain name registration services as well as at regular periods thereafter, including when changes are made to domain name registration data. Where the domain name registration data collected and maintained is inaccurate, legitimate access seekers shall have the right to request that it is reverified and corrected, failure by an operator to do so resulting in termination of the service.
Amendment 261 #
Proposal for a directive
Article 23 – paragraph 2
Article 23 – paragraph 2
2. Member States shall ensure that the databases of domain name registration data referred to in paragraph 1 contain relevant information to identify and contact the holders of the domain names and the points of contact administering the domain names under the TLDs, including at least the registrants' name, physical address, email address, and telephone number.
Amendment 269 #
Proposal for a directive
Article 23 – paragraph 5
Article 23 – paragraph 5
5. Member States shall ensure that the TLD registries and the entities providing domain name registration services for the TLD provide access to specific domain name registration data upon lawful and duly justified requests of legitimate access seekers, in compliance with Union data protection law. Legitimate access seekers may include natural or legal persons making a duly justified request to access the DNS data under Union or national law, and they may include competent authorities under Union or national law, CERTs, CSIRTs, and as regards the data of their clients – providers of electronic communications networks and services and providers of cybersecurity technologies and services and cybersecurity researchers. Such duly justified requests shall include requests made to prevent DNS abuse. Member States shall ensure that the TLD registries and the entities providing domain name registration services for the TLD replyprovide such access without undue delay, and in any event within 24 hours, to all requests for access. Member States shall ensure that policies and procedures to disclose such data are made publicly available.