Data Protection/Privacy Issues
Data privacy and data protection regulations are currently undergoing developments that may impact specific areas of the ICANN organization's work. This page contains a current listing of ongoing projects at the ICANN organization related to data protection and privacy matters, and is intended to provide easy access to this information.
European Union General Data Protection Regulation
The General Data Protection Regulation (GDPR) was adopted by the European Union (EU) on 14 April 2016 and takes effect on 25 May 2018 uniformly across the EU countries. According to the European Commission, the aim of the GDPR is to protect all EU citizens and residents from privacy and data breaches1. It applies to all companies processing and holding the personal data of subjects residing in the European Union, regardless of the company's location. More information is available here.
The ICANN organization executives, subject matter experts from various departments, and Board members are guiding the organization's activities related to the GDPR.
Contractual Compliance with Registry and Registrar Agreements
On 2 November 2017, ICANN org published a statement regarding the ability of registries and registrars to comply with their WHOIS and other contractual requirements related to domain name registration data in light of the European Union's General Data Protection Regulation (GDPR). Detailed guidance regarding the process and eligibility requirements are outlined below. View the statement here.
Guidelines for Proposed Models to Address GDPR
Instructions for submitting models can be found here. When possible, we encourage the community to work together to align its models prior to submission. Fewer models will ease the impact on end-users and operational processes for all. Those models will be published and shared with Hamilton, the European law firm engaged to assist ICANN org, which will consider the proposal's compliance with the GDPR.
Engagement Activities Related to GDPR
The ICANN organization engages in a range of forums and with a range of stakeholders on issues relating to ICANN's mission, including privacy and law enforcement, and the interdependent issues. The ICANN organization's engagement strategy can be described as involving: 1) awareness, including privacy-related aspects of ICANN's work such as WHOIS and associated procedures; and 2) educational awareness and capacity building on policy development, technical coordination and their implementation. ICANN will continue to engage with the European community (including the European Data Protection Board), data protection agencies, and other relevant stakeholders to gain a better understanding of the relevant aspects of GDPR related to the work of the ICANN organization and its' contracts with registries and registrars.
If you have questions, please direct them to firstname.lastname@example.org. Refer to the following information for additional details about this work:
- Latest Announcements, Updates & Blogs
- Legal Analyses, Proposed Compliance Models, & Community Feedback
- Meetings & Work Sessions
GNSO Policy Development Processes and Implementation
The Generic Names Supporting Organization (GNSO) has ongoing policy development processes related to data protection and privacy matters. Refer to the GNSO active projects list for more information.
WHOIS Conflicts Procedure
Additionally, in response to a GNSO Council request, the ICANN organization has commenced an assessment of the revised ICANN Procedure for Handling WHOIS Conflicts with Privacy Law, which was made effective on 18 April 2017.
- European Union Data Protection website
- FAQ on ICANN Organization's Chief Data Protection Officer Role [PDF, 211 KB]