On 27 April, a group of contracted parties met with me and others from ICANN org to discuss operational and technical aspects of ICANN's Proposed Interim Model [PDF, 922 KB] and compliance with the European Union's General Data Protection Regulation (GDPR). We had productive conversations during the working session and touched on topics that included technical and operational ramifications of implementing different aspects of the Interim Model, once finalized, via a temporary specification to include:
- How data controller responsibilities should flow through the registry and registrar accreditation agreements;
- Continued collection of all registration data from registrants;
- Continued transfer of thick data to registries, as well as escrow deposits;
- Registration data to be displayed in the public WHOIS and how it will appear, including operationalizing layered access via the Registry Data Access Protocol or RDAP;
- And the most efficient way to address amendments to registry-registrar agreements.
A few open issues remain to be discussed, however, this meeting was a good opportunity to hear directly from contracted parties about the work they are already doing to comply with GDPR by the 25 May 2018 enforcement deadline.
Input from the wider community, will help us refine ICANN's model to better reflect an appropriate balancing of the law's requirements and ICANN contracts. Our exchange with the contracted parties helped us take into account operational impacts. We aim to have a draft temporary specification to share with the community in the next few days.
As previously noted, our aim is to maintain the current WHOIS to the greatest extent possible while complying with the law. We look forward to the larger community process to provide us with a more comprehensive long-term solution for future registration directory services.
I encourage you to share your thoughts on this topic by emailing gdpr@icann.org. I also encourage you to visit our Data Protection/Privacy page for the latest updates.