Data Protection/Privacy Issues: ICANN61 Wrap-up and Next Steps

21 March 2018

Göran MarbyGöran Marby, President and Chief Executive Officer (CEO)

I want to thank everyone from across the community who participated in discussions around the ICANN61 meeting on the European Union's General Data Protection Regulation (GDPR) and its impact on registration directory services, as well as ICANN's contracts. Your contributions have helped advance our work to come into compliance with the law.

As I noted during ICANN61, we have provided representatives of the Article 29 Working Party with an initial approach to our plan of action, by sharing our "Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation, (or the "Cookbook") [PDF, 922 KB]. The Cookbook provides explanation and rationale for the developing plan of action. The Cookbook also highlighted and requests guidance on some of the key points of divergence within our community. We will continue to seek guidance on those points of divergence and we will add new information we have gained from the discussions in San Juan in next versions and in our communications with the data protection authorities (DPAs).

At the end of March we anticipate having our next interaction with Article 29 representatives since sending them the proposed model. This next stage is critical to determine what appears in the public WHOIS, including what is collected, escrowed and transferred from registrants to registrars and registries. There are open questions about several elements in the Proposed Interim Model and it's important we determine what are the best ways to answer those in a final model.

In presenting our plan of action, we want to ensure that access is not lost if an accreditation model is not implemented in time for the GDPR's 25 May 2018 enforcement deadline. We will also highlight again, the importance of additional time to implement our solution. We are very aware of the need for additional time beyond May 2018 to implement a compliance model by which accredited users with a legitimate purpose may gain access to non-public WHOIS data. Feedback may also allow further refinement of the accreditation model.

We will share any information that we gain from our next meeting with you by posting it to our Data Protection/Privacy Issues correspondence page.

I am grateful for the contribution and spirit of collaboration that I have seen within so many constituencies and stakeholder groups. As noted in my previous blog, ICANN org is committed to finding a single, unified solution for use by all parties. The full community's engagement in this public discussion will help ensure all viewpoints are reflected as we develop a plan of action and a final interim model. In addition, as I noted several times during ICANN61, you can also reach out directly to your DPAs, in particular where you can provide additional information relating to these points of divergence and the impact of not having a plan of action in place by the upcoming May deadlines.

We urge those working in parallel on the accreditation model, as well as those working with our Global Domains Division on technical implementation and a timeline, to continue to share their work through the gdpr@icann.org address, and with each other, while heeding the advice that may come from relevant stakeholders. To ensure a unified WHOIS, it is important we work together as ICANN settles on a final model.

We welcome all feedback on the Proposed Interim Model, the development of an implementation timeline, as well as the accreditation process. Please send your input to gdpr@icann.org and be sure to review comments received from others in the community here. This is a fast-moving topic, so be sure to follow our Data Protection/Privacy Issues page for the latest updates.

Göran Marby
Göran Marby
President and Chief Executive Officer (CEO)

Göran Marby

Read biographyRead biography