Introduction and background
0.1 In December 2003,[ 1 ] the WHOIS Task Force 2 of the GNSO recommended the development of a procedure to allow gTLD registry/registrars to demonstrate when they are prevented by local laws from fully complying with the provisions of ICANN contracts regarding personal data in WHOIS.
0.2 In November 2005[ 2 ], the GNSO concluded a policy development process on establishing such a procedure. It follows the ‘well-developed advice on a procedure’ recommended by the WHOIS Task Force and approved by the GNSO Council.[ 3 ] In May 2006, the ICANN Board[ 4 ] adopted the policy and directed ICANN staff to develop and publicly document a conflicts procedure.
0.3 On 3 December 2006, ICANN staff published the Draft ICANN Procedure for Handling WHOIS Conflicts with Privacy Law [insert footnote, http://gnso.icann.org/issues/whois-privacy/whois_national_laws_procedure.htm]. ICANN sought input on the draft procedure from the Governmental Advisory Committee (GAC). Revised language has been incorporated into 1.4 below.
0.4 The procedure outlined below details how ICANN will respond to a situation where a registrar/registry[ 5 ] indicates that it is legally prevented by local/national privacy laws or regulations from complying with the provisions of its ICANN contract regarding the collection, display and distribution of personal data via WHOIS. The procedure is for use by ICANN staff. While it includes possible actions for the affected gTLD registry/registrar, this procedure does not impose any new obligations on registries/registrars or third parties. It aims to inform registries/registrars and other parties of the steps that will be taken when a possible conflict between other legal obligations and the ICANN contractual requirements regarding WHOIS is reported to ICANN.
Step One: Notification of Whois Proceeding
1.1 At the earliest appropriate juncture on receiving notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance with the provisions of the Registrar Accreditation Agreement (“RAA”) or other contractual agreement with ICANN dealing with the collection, display or distribution of personally identifiable data via WHOIS ("WHOIS Proceeding"), a registrar/registry should provide ICANN staff with the following:
- Summary description of the nature and status of the action (e.g., inquiry, investigation, litigation, threat of sanctions, etc.) and a range of possible outcomes.
- Contact information for the responsible official of the registrar/registry for resolving the problem.
- If appropriate, contact information for the responsible territorial government agency or other claimant and a statement from the registrar/registry authorizing ICANN to communicate with those officials or claimants on the matter. If the registrar/registry is prevented by applicable law from granting such authorization, the notification should document this.
- The text of the applicable law or regulations upon which the local government or other claimant is basing its action or investigation, if such information has been indicated by the government or other claimant.
- Description of efforts undertaken to meet the requirements of both local law and obligations to ICANN.
1.2 Meeting the notification requirement permits registrars/registries to participate in investigations and respond to court orders, regulations, or enforcement authorities in a manner and course deemed best by their counsel.
1.3 Depending on the specific circumstances of the WHOIS Proceeding, the registrar/registry may request that ICANN keep all correspondence between the parties confidential pending the outcome of the WHOIS Proceeding. ICANN will ordinarily respond favorably to such requests to the extent that they can be accommodated with other legal responsibilities and basic principles of transparency applicable to ICANN operations.
1.4 A registrar or registry that is subject to a WHOIS proceeding should work cooperatively with the relevant national government to ensure that the registrar or registry operates in conformity with domestic laws and regulations, and international law and applicable international conventions.
Step Two: Consultation
2.1 The goal of the consultation process should be to seek to resolve the problem in a manner that preserves the ability of the registrar/registry to comply with its contractual WHOIS obligations to the greatest extent possible.
2.1.1 Unless impractical under the circumstances, upon receipt and review of the notification, ICANN will consult with the registrar/registry. Where appropriate under the circumstances, ICANN will consult with the local/national enforcement authorities or other claimant together with the registrar/registry.
2.1.2 Pursuant to advice from ICANN’s Governmental Advisory Committee, ICANN will request advice from the relevant national government on the authority of the request for derogation from the ICANN WHOIS requirements.
2.2 If the WHOIS Proceeding ends without requiring any changes or the required changes in registrar/registry practice do not, in the opinion of ICANN, constitute a deviation from the RAA or other contractual obligation, then ICANN and the registrar/registry need to take no further action.
2.3 If the registrar/registry is required by local law enforcement authorities or a court to make changes in its practices affecting compliance with WHOIS-related contractual obligations before any consultation process can occur, the registrar/registry should promptly notify ICANN of the changes made and the law/regulation upon which the action was based.
2.4 The registrar/registry may request that ICANN keep all correspondence between the parties confidential pending the outcome of the WHOIS Proceeding. ICANN will ordinarily respond favorably to such requests to the extent that they can be accommodated with other legal responsibilities and basic principles of transparency applicable to ICANN operations.
Step Three: General Counsel Analysis and Recommendation
3.1 If the WHOIS Proceeding requires changes (whether before, during or after the consultation process described above) that, in the opinion of the Office of ICANN’s General Counsel, prevent compliance with contractual WHOIS obligations, ICANN staff may refrain, on a provisional basis, from taking enforcement action against the registrar/registry for non-compliance, while ICANN prepares a public report and recommendation and submits it to the ICANN Board for a decision. Prior to release of the report to the public, the registry/registrar may request that certain information (including, but not limited to, communications between the registry/registrar and ICANN, or other privileged/confidential information) be redacted from the report. The General Counsel may redact such advice or information from any published version of the report that relates to legal advice to ICANN or advice from ICANN’s counsel that in the view of the General Counsel should be restricted due to privileges or possible liability to ICANN. Such a report may contain:
- A summary of the law or regulation involved in the conflict;
- Specification of the part of the registry or registrar's contractual WHOIS obligations with which full compliance if being prevented;
- Summary of the consultation process if any under step two; and
- Recommendation of how the issue should be resolved, which may include whether ICANN should provide an exception for those registrars/registries to which the specific conflict applies from one or more identified WHOIS contractual provisions. The report should include a detailed justification of its recommendation, including the anticipated impact on the operational stability, reliability, security, or global interoperability of the Internet's unique identifier systems if the recommendation were to be approved or denied.
3.2 The registrar/registry will be provided a reasonable opportunity to comment to the Board. The Registrar/Registry may request that ICANN keep such report confidential prior to any resolution of the Board. ICANN will ordinarily respond favorably to such requests to the extent that they can be accommodated with other legal responsibilities and basic principles of transparency applicable to ICANN operations.
Step Four: Resolution
4.1 Keeping in the mind the anticipated impact on the operational stability, reliability, security, or global interoperability of the Internet's unique identifier systems, the Board will consider and take appropriate action on the recommendations contained in the General Counsel's report as soon as practicable. Actions could include, but are not limited to:
- Approving or rejecting the report's recommendations, with or without modifications;
- Seeking additional information from the affected registrar/registry or third parties;
- Scheduling a public comment period on the report; or
- Referring the report to GNSO for its review and comment by a date certain.
Step Five: Public Notice
5.1 The Board's resolution of the issue, together with the General Counsel's report, will ordinarily be made public and be archived on ICANN’s website (along with other related materials) for future research. Prior to release of such information to the public, the registry/registrar may request that certain information (including, but not limited to, communications between the registry/registrar and ICANN, or other privileged/confidential information) be redacted from the public notice. The General Counsel may redact such advice or information from any published version of the report that relates to legal advice to ICANN or advice from ICANN’s counsel that in the view of the General Counsel should be restricted due to privileges or possible liability to ICANN. In the event that any redactions make it difficult to convey to the public the nature of the actions being taken by the registry/registrar, ICANN will work to provide appropriate notice to the public describing the actions being taken and the justification for such actions, as may be practicable under the circumstances.
5.2 Unless the Board decides otherwise, if the result of its resolution of the issue is that data elements in the registry/registrar's WHOIS output will be removed or made less accessible, ICANN will issue an appropriate notice to the public of the resolution and of the reasons for ICANN's forbearance from enforcement of full compliance with the contractual provision in question.
Step Six: Ongoing Review
6.1 With substantial input from the relevant registries or registrars, together with all constituencies, ICANN will review the effectiveness of the process annually.
[ 1 ] Whois Task Force 2, Preliminary Report, June 2004; http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html
[ 2 ] GNSO Council minutes, 28 November 2005; http://gnso.icann.org/meetings/minutes-gnso-28nov05.shtml
[ 3 ] Final Task Force Report 25 October, 2005 of the GNSO Whois Task Force; http://gnso.icann.org/issues/tf-final-rpt-25oct05.htm
[ 5 ] Reference to ‘registries’ in this document includes registry operators and sponsoring organizations.