Skip to main content

ICANN Board Approves Temporary Specification for gTLD Registration Data

LOS ANGELES – 17 May 2018 – The Board of Directors of the Internet Corporation for Assigned Names and Numbers (ICANN) today approved the proposed "Temporary Specification for gTLD Registration Data." The full text of the Board's resolution is available here. The Board took this action to establish temporary requirements for how ICANN and its contracted parties will continue to comply with existing ICANN contractual requirements and with community-developed policies as they relate to WHOIS, while also complying with the European Union's General Data Protection Regulation (GDPR).

"The ICANN Board's approval today of the proposed Temporary Specification for gTLD Registration Data is an important step towards bringing ICANN and its contracted parties into compliance with GDPR," said Cherine Chalaby, ICANN Board Chair. "While there are elements remaining to be finalized, the adoption of this Temporary Specification sets us on the right path to maintaining WHOIS in the public interest, while complying with GDPR before its 25 May enforcement deadline."

The Board spent significant time during its Vancouver Workshop reviewing and discussing the proposed Temporary Specification, clearing most of their planned schedule to allow for more time to consider the most appropriate path forward.

The ICANN organization has closely worked with stakeholders and the ICANN community to discuss and develop the Temporary Specification, and has maintained an ongoing dialogue with the Article 29 Working Party (WP29) to solicit its feedback and input.

"The Proposed Interim Compliance Model is the product of significant collaboration between the org and the community," said Göran Marby, ICANN President and CEO. "With the Temporary Specification now approved by the Board, we can continue working together to identify a permanent solution."

The Board's resolution also initiated a community-led policy development process to consider the development and adoption of a consensus policy based on the issues outlined within the Temporary Specification.

The Temporary Specification, which reflects ICANN's Proposed Interim Compliance Model [PDF, 922 KB], aims to ensure the continued availability of the WHOIS system to the greatest extent possible while maintaining the security and stability of the Internet's system of unique identifiers, as outlined in its mission and bylaws. Preserving the WHOIS system is critical to the stability and security of the Internet, which allows for the easy identification and mitigation of bad actors, cybercriminals, intellectual property infringement, and other malicious activity online.

The Temporary Specification provides a single, unified interim model that ensures a common framework for registration data directory services. It allows registrars and registries, also referred to as ICANN's contracted parties, to continue with the robust collection of registration data from both natural and legal persons, as well as technical information, in connection with a domain name registration. The Temporary Specification only replaces certain provisions in the Registry Agreements and Registrar Accreditation Agreements, as well as policies. All other current obligations remain in force.

ICANN's contracted parties would be required to apply the model outlined in the Temporary Specification when processing personal data linked to the European Economic Area (EEA). If impracticable for a contracted party to limit their application of the requirements strictly to the EEA, they may apply the requirements to registrations on a global basis.

To ensure compliance with the GDPR, access to personal data will be restricted to layered/tiered access, where only users with a legitimate purpose can request access to non-public data through registrars and registry operators. Until a unified access model is in place, registries and registrars will have to determine which requests are permissible under the law. Alternatively, users may contact either the registrant or listed administrative and technical contacts through an anonymized email or web form available via the registered name's registrar. Registrants may opt to have their full contact information made publicly available.

This Temporary Specification has been adopted under the procedure for Temporary Policies outlined in the Registry Agreement and Registrar Accreditation Agreement. Fifteen Board members voted to approve its adoption, representing a unanimous approval among Board members present and meeting the contractual requirement for the Board passing a temporary specification. The Board must reaffirm its temporary adoption every 90 days, and may continue to do so for no more than one year.

The ICANN Board, in its resolution adopting the Temporary Specification, has also deferred formal action on certain pieces of advice the Government Advisory Committee (GAC) provided in its San Juan Communiqué. This decision was made at the GAC's request, which was detailed in a letter [PDF, 525 KB] to the Board. The Board will consider if any further action is needed after additional discussion with the GAC.

For more information and to follow the latest updates, please visit the dedicated Data Protection/Privacy issues page.

About ICANN

ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."