LOS ANGELES – 17 May 2018 – The Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN) today approved the proposed "Temporary Specification for gTLD Registration Data." The full text of the Board's resolution is available here. The Board took this action to establish temporary requirements for how ICANN and its contracted parties will continue to comply with existing ICANN contractual requirements and with community-developed policies as they relate to WHOIS, while also complying with the European Union's General Data Protection Regulation (GDPR).
"The ICANN Board's approval today of the proposed Temporary Specification for gTLD Registration Data is an important step towards bringing ICANN and its contracted parties into compliance with GDPR," said Cherine Chalaby, ICANN Board Chair. "While there are elements remaining to be finalized, the adoption of this Temporary Specification sets us on the right path to maintaining WHOIS in the public interest, while complying with GDPR before its 25 May enforcement deadline."
The Board spent significant time during its Vancouver Workshop reviewing and discussing the proposed Temporary Specification, clearing most of their planned schedule to allow for more time to consider the most appropriate path forward.
The ICANN organization has closely worked with stakeholders and the ICANN community to discuss and develop the Temporary Specification, and has maintained an ongoing dialogue with the Article 29 Working Party (WP29) to solicit its feedback and input.
"The Proposed Interim Compliance Model is the product of significant collaboration between the org and the community," said Göran Marby, ICANN President and CEO. "With the Temporary Specification now approved by the Board, we can continue working together to identify a permanent solution."
The Board's resolution also initiated a community-led policy development process to consider the development and adoption of a consensus policy based on the issues outlined within the Temporary Specification.
The Temporary Specification, which reflects ICANN's Proposed Interim Compliance Model [PDF, 922 KB], aims to ensure the continued availability of the WHOIS system to the greatest extent possible while maintaining the security and stability of the Internet's system of unique identifiers, as outlined in its mission and bylaws. Preserving the WHOIS system is critical to the stability and security of the Internet, which allows for the easy identification and mitigation of bad actors, cybercriminals, intellectual property infringement, and other malicious activity online.
The Temporary Specification provides a single, unified interim model that ensures a common framework for registration data directory services. It allows registrars and registries, also referred to as ICANN's contracted parties, to continue with the robust collection of registration data from both natural and legal persons, as well as technical information, in connection with a domain name registration. The Temporary Specification only replaces certain provisions in the Registry Agreements and Registrar Accreditation Agreements, as well as policies. All other current obligations remain in force.
ICANN's contracted parties would be required to apply the model outlined in the Temporary Specification when processing personal data linked to the European Economic Area (EEA). If impracticable for a contracted party to limit their application of the requirements strictly to the EEA, they may apply the requirements to registrations on a global basis.
To ensure compliance with the GDPR, access to personal data will be restricted to layered/tiered access, where only users with a legitimate purpose can request access to non-public data through registrars and registry operators. Until a unified access model is in place, registries and registrars will have to determine which requests are permissible under the law. Alternatively, users may contact either the registrant or listed administrative and technical contacts through an anonymized email or web form available via the registered name's registrar. Registrants may opt to have their full contact information made publicly available.
This Temporary Specification has been adopted under the procedure for Temporary Policies outlined in the Registry Agreement and Registrar Accreditation Agreement. Fifteen Board members voted to approve its adoption, representing a unanimous approval among Board members present and meeting the contractual requirement for the Board passing a temporary specification. The Board must reaffirm its temporary adoption every 90 days, and may continue to do so for no more than one year.
The ICANN Board, in its resolution adopting the Temporary Specification, has also deferred formal action on certain pieces of advice the Government Advisory Committee (GAC) provided in its San Juan Communiqué. This decision was made at the GAC's request, which was detailed in a letter [PDF, 525 KB] to the Board. The Board will consider if any further action is needed after additional discussion with the GAC.
For more information and to follow the latest updates, please visit the dedicated Data Protection/Privacy issues page.
ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.