Skip to main content

Notice of Preliminary Determination To Grant Registrar Data Retention Waiver Request

ICANN has made a preliminary determination that it is prepared to grant data retention waiver requests submitted by registrars World4 You Internet Service GmbH and LEDL.NET GmbH (the "Registrar") under the 2013 Registrar Accreditation Agreement (the "2013 RAA"). Section 2 of the Data Retention Specification (the "Specification") of 2013 RAA provides that prior to granting any exemption under the Specification, ICANN will post its determination on the ICANN website for a period of thirty (30) calendar days.

Pursuant to Section 2 of the Specification, Registrar submitted to ICANN a Registrar Data Retention Waiver Request ("Waiver Request") on the basis of the Registrar's contention that compliance with the data collection and/or retention requirements of the Specification violates applicable law.

The Waiver Request was originally accompanied by the letter of the Article 29 Working Party dated 6 June 2013 (Statement on the data protection impact of the revision of the ICANN RAA). The Waiver Request was later supplemented by a legal opinion of Austrian counsel asserting that compliance with the data collection and/or retention requirements of the Specification violates various applicable provisions of Austrian data protection and telecommunications law.

The Waiver Request originally concerned Sections 1.1 and 1.2 of the Specification and sought to exclude any of these data elements from the retention obligation. In subsequent correspondence and good faith discussions it has been acknowledged that legitimate purposes may exist for the retention of data elements specified in the Specification; provided that ICANN submits a comprehensive list of legitimate purposes and recipients or categories of recipients for which/whom the data elements need to be retained, so that the Austrian registrars will be able to determine whether the data collection and/or retention requirements of the Specification constitute a so called standard application (Standardanwendung) which does not need to be notified with or authorized by the Austrian Data Protection Authority (the "Authority"). Should this not be the case, each Austrian registrar will have to notify the Authority on an individual basis of the data collection and/or retention requirements of the Specification based upon the comprehensive list of legitimate purposes and recipients or categories of recipients to be provided by ICANN or apply for authorization of such data collection and/or retention, where provided for under applicable Austrian law. Irrespective whether the data collection and/or retention requirements of the Specification constitute a so called standard application or not, the registrars will be required to respect claims of data subjects for deletion or correction, to the extent provided for under applicable Austrian law.

Furthermore, the legal opinion of Austrian counsel accompanying the Waiver Request cited Article 6 para. 1 nos. 2 and 5 of the Austrian Data Protection Act (Datenschutzgesetz 2000). These sections provide as follows (the following is an unofficial translation from German):

Article 6 para. 1 no. 2
"Data shall only … be collected for the specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; …."

Article 6 para. 1 no. 5
"Data shall only … be kept in a form which permits identification of data subjects as long as this is necessary for the purposes for which the data were collected; a longer period of storage may be laid down in specific laws, particularly laws concerning archives."

The Registrar is therefore seeking a waiver with respect to Sections 1.1.1 through 1.1.8 of the Specification that seeks to reduce from two years to one year the period for which these specified data elements must be retained after the Registrar's sponsorship of the Registration ends.

Against the background of the foregoing issues, ICANN has determined on a preliminary basis that it is prepared to grant the Waiver Request in a limited scope as outlined below. ICANN is posting this preliminary determination for a period of thirty (30) days to seek feedback and input from the community on the proposed data retention waiver. After the thirty (30) day period following this posting has expired, ICANN will consider all feedback and input received before making a final determination on whether to grant the Waiver Requests.

The scope of the proposed waiver would be to permit the Registrar to maintain the information specified in Sections 1.1.1 through 1.1.8 of the Specification for the duration of its sponsorship of the Registration and for a period of one (1) additional year thereafter rather than two (2) additional years thereafter. The specific change to the Specification would be that, for the duration of the waiver, the retention requirement of Section 1.1 of the Data Retention Specification would be changed from "two additional years" to "one additional year." 

Apart from that, the Registrar shall remain obliged to retain all data elements specified in Sections 1.1 and 1.2 of the Specification for the periods specified therein; provided that ICANN submits a comprehensive list of legitimate purposes and recipients or categories of recipients for which/whom the data elements need to be retained. ICANN hereby declares the " legitimate purposes for collection / retention and recipients or categories of recipients " contained in the "Description of 2013 RAA Data Retention Specification - Data Elements, Legitimate Purposes for Collection/Retention and Recipients of Data" (available at https://www.icann.org/en/system/files/files/raa-data-retention-elements-10aug15-en.pdf [PDF, 295 KB]) (the "Description") to constitute such comprehensive list of legitimate purposes and recipients or categories of recipients, subject to further changes.

If additional or other legitimate purposes for collection / retention or recipients or categories of recipients become relevant in the future, ICANN will publicly notify thereof and change the Description accordingly. If changing the purposes or recipients or categories of recipients requires the (additional) notification of or authorization by the Authority, the Registrar will conduct such notification or apply for such authorization accordingly.

ICANN shall provide reasonable additional information regarding the legitimate purposes or recipients or categories of recipients if and as reasonably requested by the Authority within the scope of such notification or application for authorization.

If and insofar as the Authority rules that the collection / retention of certain data for certain purposes and / or recipients or categories of recipients violate applicable law ICANN and the Registrar will determine in good faith whether and to what extent the Description can be changed to accommodate the concerns of the Authority. The rules of the Waiver Request procedure described in Sections 2, 3, and 4 of the Specification shall apply accordingly in this case and written notice of the Authority's rejection decision to ICANN will be deemed to constitute a further Waiver Request.

Furthermore, it is acknowledged that data elements which are subject to claims of data subjects for correction or deletion are excepted from the collection and/or retention requirements of the Specification, if and to the extent they are founded under applicable Austrian law.

In all other respects the terms of the Specification would remain AS-IS.

If ICANN does make a final determination to grant the Waiver Request sought by the Registrars, the provisions of Section 3 of the Specification would apply to similar waivers requested by other registrars located in the same jurisdiction. Section 3 of the Specification provides as follows:

If (i) ICANN has previously waived compliance with the requirements of any requirement of this Data Retention Specification in response to a Waiver Request from a registrar that is located in the same jurisdiction as Registrar and (ii) Registrar is subject to the same applicable law that gave rise to ICANN's agreement to grant such wavier, Registrar may request that ICANN to grant a similar waiver, which request shall be approved by ICANN, unless ICANN provides Registrar with a reasonable justification for not approving such request, in which case Registrar may thereafter make an Wavier Request pursuant to Section 2 of this Data Retention Specification.

A public comment period will remain open until 23:59 UTC, 22 August, 2016. Public comments will be available for consideration by ICANN staff and the ICANN Board.

The Registrar's Waiver Request and supporting documents are available here: https://www.icann.org/en/system/files/files/waiver-request-ledlnet-gmbh-21jul16-en.pdf [PDF, 2.92 MB].

Comments can be posted to: comments-ledlnet-gmbh-21jul16@icann.org.

Comments can be viewed at: https://forum.icann.org/lists/comments-ledlnet-gmbh-21jul16/.


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."