BRUSSELS – 19 October 2020 – The Internet Corporation for Assigned Names and Numbers (ICANN) announced today that it has responded to the European Data Protection Board's (EDPB) public consultation on its Guidelines 07/2020 on the concepts of controller and processor in the GDPR. The EDPB is an independent European body whose purpose is to ensure consistent application of the General Data Protection Regulation (GDPR) and to promote cooperation among the European Union data protection authorities.
The issue of controllership has been critical throughout the work of the Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data (EPDP) and remains important for the implementation of a System for Standardized Access/Disclosure as recommended by the EPDP Phase 2 Team.
In ICANN org's response to the public consultation, which closed today, it was noted that while the guidelines are a helpful step, ICANN org believes that further clarity would be beneficial in three areas:
Precise attribution of "control" to particular stages in the processing under a micro-level analytic framework.
When and how is "control" inferred from a contract, absent a party's actual involvement in processing contemplated under any such agreement.
The newly introduced concept of "converging decisions."
The full response submitted by ICANN org is available here.
All contributions to the public comment will be available on the EDPB website.
ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public benefit corporation with a community of participants from all over the world.