en

ICANN Grants Data Retention Waiver to LEDL.NET GmbH

25 October 2016

DATA RETENTION WAIVER
LEDL.NET GmbH, AUSTRIA

LEDL.NET GmbH ("Registrar") submitted to ICANN a Registrar Data Retention Waiver Request ("Waiver Request") on the basis of Registrar's contention that compliance with the data collection and/or retention requirements of the Data Retention Specification in the 2013 RAA violates applicable law in Austria.

ICANN hereby grants Registrar a limited waiver from compliance with certain provisions of the 2013 RAA on the following terms:

  1. ICANN agrees as follows:
    1. Following Registrar's execution of the 2013 RAA, for purposes of assessing Registrar's compliance with the data retention requirement of Paragraph 1.1 of the Data Retention Specification in the 2013 RAA, the period of "two additional years" in Paragraph 1.1 of the Data Retention Specification will be deemed modified to "one additional year."
    2. Apart from that, the Registrar shall remain obliged to retain all data elements specified in Sections 1.1 and 1.2 of the Specification for the periods specified therein; provided that ICANN submits a comprehensive list of legitimate purposes and recipients or categories of recipients for which/whom the data elements need to be retained. ICANN hereby declares the "legitimate purposes for collection / retention and recipients or categories of recipients" contained in the "Description of 2013 RAA Data Retention Specification - Data Elements, Legitimate Purposes for Collection/Retention and Recipients of Data" (available at https://www.icann.org/en/system/files/files/raa-data-retention-elements-10aug15-en.pdf (the "Description") to constitute such comprehensive list of legitimate purposes and recipients or categories of recipients, subject to further changes.
    3. If additional or other legitimate purposes for collection / retention or recipients or categories of recipients become relevant in the future, ICANN will publicly notify thereof and change the Description accordingly. If changing the purposes or recipients or categories of recipients requires the (additional) notification of or authorization by the Austrian Data Protection Authority (the "Authority"), the Registrar will conduct such notification or apply for such authorization accordingly.
    4. ICANN shall provide reasonable additional information regarding the legitimate purposes or recipients or categories of recipients if and as reasonably requested by the Authority within the scope of such notification or application for authorization.
    5. If and insofar as the Authority rules that the collection / retention of certain data for certain purposes and / or recipients or categories of recipients violate applicable law ICANN and the Registrar will determine in good faith whether and to what extent the Description can be changed to accommodate the concerns of the Authority. The rules of the Waiver Request procedure described in Sections 2, 3, and 4 of the Specification shall apply accordingly in this case and written notice of the Authority's rejection decision to ICANN will be deemed to constitute a further Waiver Request.
    6. Furthermore, it is acknowledged that data elements which are subject to claims of data subjects for correction or deletion are excepted from the collection and/or retention requirements of the Specification, if and to the extent they are founded under applicable Austrian law.
  2. In all other respects the terms of the Data Retention Specification will remain AS IS. The waiver granted to Registrar applies only to the post-sponsorship period of retention of the data listed in the Paragraphs 1.1.1 through 1.1.8 inclusive of the Data Retention Specification, and it does not constitute a waiver of any other provisions of the 2013 RAA or other ICANN policies applicable to registrars. Without limiting the foregoing, nothing in this waiver limits Registrar's obligation to comply with Consensus Policies or Temporary Policies developed and adopted in accordance with ICANN's Bylaws ("ICANN Policies") or limits Registrar's obligation to comply with any amendment, supplement or modification of the 2013 RAA approved and adopted in accordance with the terms of the 2013 RAA ("RAA Amendments"). In the event of any inconsistency between this waiver and the terms of any ICANN Policy or RAA Amendment, the terms of the ICANN Policy or RAA Amendment will control.
  3. The waiver granted to Registrar shall remain in effect for the duration of the term of the 2013 RAA signed by Registrar.

ICANN notes that the provisions of Section 3 of the Specification will apply to similar waivers requested by other registrars that are located in Austria and subject to Austrian law.