Skip to main content

Notice of Preliminary Determination To Grant Registrar Data Retention Waiver Request

ICANN has made a preliminary determination that it is prepared to grant a data retention waiver request submitted by Registrar COREHUB S.R.L. ("COREHUB") under the 2013 Registrar Accreditation Agreement (the "2013 RAA"). Section 2 of the Data Retention Specification (the "Specification") of 2013 RAA provides that prior to granting any exemption under the Specification, ICANN will post its determination on the ICANN website for a period of thirty (30) calendar days.

Pursuant to Section 2 of the Specification, COREHUB submitted to ICANN a Registrar Data Retention Waiver Request ("Waiver Request") on the basis of COREHUB's contention that compliance with the data retention requirements of the Specification violates applicable law in Spain.

The Waiver Request concluded that there are no legal grounds for the data retention requirements imposed under the Specification and that, therefore, the compliance with these data retention requirements could imply a breach of Spanish data protection law. The Waiver Request cited articles 4.5 and 16.3 of the Organic Law 15/1999 of 13 December on the Protection of Personal Data ("Law 15/1999") and article 8.6 of Royal Decree 1720/2007 of 21 December, which approves the regulation implementing Organic Law 15/1999 of 13 December on the Protection of Personal Data.

These articles provide as follows (the following is an unofficial English translation from Spanish):

Article 4.5: "Personal data shall be cancelled when they have ceased to be necessary or relevant for the purpose for which they were obtained or recorded. They shall not be kept in a form which permits identification of the data subject for longer than necessary for the purposes for which they were obtained or recorded."

Article 16.3 "Cancellation shall lead to the data being blocked and maintained solely at the disposal of the public administrations, judges and courts, for the purpose of determining any liability arising from the processing, and for the duration of such liability. On expiry of such liability, they shall be deleted."

Article 8.6. "Personal data shall be cancelled when they are no longer necessary or relevant for the purposes for which they were collected or recorded. The aforesaid notwithstanding, they may be stored for the duration of any kind of liability arising from legal relations or obligations or the execution of a contract or the application of pre-contractual measures requested by the data subject. On the expiry of such liability as stated above, data may only be stored following their dissociation, without prejudice to the obligation of blocking set out herein and Organic Law 15/1999, of 13 December."

The Waiver Request was accompanied by a written legal opinion from a Spanish law firm, a copy of Law 15/1999 and two letters from the Article 29 Data Protection Working Party to ICANN, dated 8 January 2014 and 6 June 2013, respectively.

Following receipt of the Waiver Request and in accordance with the 2013 RAA, ICANN through its legal counsel, and COREHUB discussed the matter in good faith in an effort to reach a mutually acceptable resolution of the matter.

The main outcome of those discussions is that COREHUB is seeking a waiver with respect to Sections 1.1.1 through 1.1.8 of the Specification that would reduce from two (2) years to one (1) year the period for which these specified data elements must be retained after the Registrar's sponsorship of the Registration ends.

ICANN has determined on a preliminary basis that it is prepared to grant the Waiver Request. ICANN is posting this preliminary determination for a period of thirty (30) days to seek feedback and input from the community on the proposed data retention waiver ("Waiver"). After the thirty (30) day period following this posting has expired, ICANN will consider all feedback and input received before making a final determination on whether to grant the Waiver Request.

The scope of the proposed Waiver would be to permit COREHUB to maintain the information specified in Sections 1.1.1 through 1.1.8 of the Specification for the duration of its sponsorship of the Registration and for a period of one (1) additional year thereafter rather than two (2) additional years thereafter. In all other respects, the terms of the Specification would remain AS-IS.

The specific change to the Specification would be that, for the duration of the Waiver, the retention requirement of Section 1.1 of the Specification be changed from "two additional years" to "one additional year."

If ICANN does make a final determination to grant the Waiver Request sought by COREHUB, the provisions of Section 3 of the Specification would apply to similar waivers requested by other registrars located in Spain and subject to Spanish law. Section 3 of the Specification provides as follows:

If (i) ICANN has previously waived compliance with the requirements of any requirement of this Data Retention Specification in response to a Waiver Request from a registrar that is located in the same jurisdiction as Registrar and (ii) Registrar is subject to the same applicable law that gave rise to ICANN's agreement to grant such wavier, Registrar may request that ICANN to grant a similar waiver, which request shall be approved by ICANN, unless ICANN provides Registrar with a reasonable justification for not approving such request, in which case Registrar may thereafter make an Wavier Request pursuant to Section 2 of this Data Retention Specification.

A public comment period will remain open until 5:00 p.m. PDT/California, 26 April 2015. Public comments will be available for consideration by ICANN staff and the ICANN Board.

The Registrar's Waiver Request and supporting documents are available here: COREHUB S.R.L. Data Retention Waiver Request and Supporting Materials [PDF, 9.08 MB]

Comments can be posted to: comments-corehub-srl-27mar15@icann.org

Comments can be viewed at: http://forum.icann.org/lists/comments-corehub-srl-27mar15/


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."