Skip to main content

Data Protection/Privacy Issues: ICANN61 Wrap-up and Next Steps

Icann61 wrap up next steps gdpr 1568x890 21mar18 en

I want to thank everyone from across the community who participated in discussions around the ICANN61 meeting on the European Union's General Data Protection Regulation (GDPR) and its impact on registration directory services, as well as ICANN's contracts. Your contributions have helped advance our work to come into compliance with the law.

As I noted during ICANN61, we have provided representatives of the Article 29 Working Party with an initial approach to our plan of action, by sharing our "Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation, (or the "Cookbook") [PDF, 922 KB]. The Cookbook provides explanation and rationale for the developing plan of action. The Cookbook also highlighted and requests guidance on some of the key points of divergence within our community. We will continue to seek guidance on those points of divergence and we will add new information we have gained from the discussions in San Juan in next versions and in our communications with the data protection authorities (DPAs).

At the end of March we anticipate having our next interaction with Article 29 representatives since sending them the proposed model. This next stage is critical to determine what appears in the public WHOIS, including what is collected, escrowed and transferred from registrants to registrars and registries. There are open questions about several elements in the Proposed Interim Model and it's important we determine what are the best ways to answer those in a final model.

In presenting our plan of action, we want to ensure that access is not lost if an accreditation model is not implemented in time for the GDPR's 25 May 2018 enforcement deadline. We will also highlight again, the importance of additional time to implement our solution. We are very aware of the need for additional time beyond May 2018 to implement a compliance model by which accredited users with a legitimate purpose may gain access to non-public WHOIS data. Feedback may also allow further refinement of the accreditation model.

We will share any information that we gain from our next meeting with you by posting it to our Data Protection/Privacy Issues correspondence page.

I am grateful for the contribution and spirit of collaboration that I have seen within so many constituencies and stakeholder groups. As noted in my previous blog, ICANN org is committed to finding a single, unified solution for use by all parties. The full community's engagement in this public discussion will help ensure all viewpoints are reflected as we develop a plan of action and a final interim model. In addition, as I noted several times during ICANN61, you can also reach out directly to your DPAs, in particular where you can provide additional information relating to these points of divergence and the impact of not having a plan of action in place by the upcoming May deadlines.

We urge those working in parallel on the accreditation model, as well as those working with our Global Domains Division on technical implementation and a timeline, to continue to share their work through the gdpr@icann.org address, and with each other, while heeding the advice that may come from relevant stakeholders. To ensure a unified WHOIS, it is important we work together as ICANN settles on a final model.

We welcome all feedback on the Proposed Interim Model, the development of an implementation timeline, as well as the accreditation process. Please send your input to gdpr@icann.org and be sure to review comments received from others in the community here. This is a fast-moving topic, so be sure to follow our Data Protection/Privacy Issues page for the latest updates.

Comments

    Syaiful Anam  00:40 UTC on 26 March 2018

    Congratulation ICANN

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."