The ICANN Board's approval today of the proposed "Temporary Specification for gTLD Registration Data" is an important step towards bringing ICANN and its contracted parties into compliance with the European Union's General Data Protection Regulation (GDPR). The Board took this action so that ICANN and its contracted parties may remain in compliance with both existing contractual requirements and community-developed policies as they relate to WHOIS.
The adoption of this Temporary Specification is a major and historic milestone as we work toward identifying a permanent solution. The ICANN org and community have been closely working together to develop this interim model ahead of the GDPR's 25 May 2018 enforcement deadline, and the Board believes that this is the right path to take.
WHOIS is an important system, and preserving it allows it to continue to act as a key tool in the ongoing fight against cybercrime, malicious actors, intellectual property infringement, and more. This Temporary Specification, which is based on the Proposed Interim Compliance Model [PDF, 922 KB], aims to prevent fragmentation of WHOIS and ensure that WHOIS continues to be available, to the greatest extent possible. ICANN's role in providing the technical coordination of the globally distributed WHOIS system is a unique matter, including the public interest nature of WHOIS.
In my previous post, I provided the background into how the Board reorganized its Vancouver Workshop to dedicate a significant amount of time, and effort to review and discuss the proposed Temporary Specification, This extra time was also an important opportunity for us to have ICANN org answer our questions and discuss the potential risks that could accompany either no action or adoption of a proposed Temporary Specification.
Above all, ICANN's mission, as laid out in the bylaws, is to preserve the Internet's system of unique identifiers. We believe that this Temporary Specification strikes the right balance between upholding that mission and bringing the org and its contracted parties into compliance with this law.
As with the requirements of a temporary policy, if still needed, the Board will reconvene in 90 days to reaffirm its adoption. Until that time, I encourage you to submit your thoughts to firstname.lastname@example.org. And I invite you to visit the dedicated Data Protection/Privacy page to follow the latest updates.
Finally, I want to thank the community, ICANN org and the Board for their hard work over the past year in getting us to this place. While I recognize there are important elements remaining to be finalized, the adoption of this Temporary Specification today is a first step, and it sets us on the right path to maintaining WHOIS in the public interest, while complying with GDPR.