Data Protection/Privacy Issues Update: More Details Published on ICANN-proposed Interim Model
As we prepare for discussions about the European Union's General Data Protection Regulation (GDPR) at ICANN61 next week in San Juan, today we are publishing [PDF, 923 KB] additional details on ICANN's Proposed Interim Model for compliance with the law and ICANN's contracts. We encourage you to review the document and are asking for your feedback.
This is a living document and builds on the summary we published [PDF, 727 KB] on 28 February 2018. It will be updated as our conversations with the community and data protection authorities (DPAs) progress, in particular with respect to competing community views on some elements. This proposal also delves further into each of the key elements of the Proposed Interim Model, community comments received on those elements, and the legal justifications underpinning the model. We hope this will help advance our conversation as we come to consensus on a single, unified interim model.
As I've previously mentioned, our goal is to identify the appropriate balance for a common path forward to ensure compliance with the GDPR while maintaining the existing WHOIS system to the greatest extent possible. With that in mind, the Proposed Interim Model maintains current requirements for the collection of registration data (including registrant, administrative, and technical contact information), but restricts most personal data to tiered/layered access via an accreditation program to be developed in consultation with the Governmental Advisory Committee (GAC), DPAs and contracted parties with full transparency to the ICANN community. Tiered/layered access is a key feature of the model and is a significant change to the current WHOIS. ICANN org has engaged with its community members, including contracted parties, governments, including DPAs, law enforcement, intellectual property representatives, and civil society to address the GDPR's impact on ICANN's contracts, particularly as it relates to the collection, retention, and display of registration data in the WHOIS services.
In addition to the community discussions at ICANN61, I indicated in a blog on 7 March 2018 that we will share this detailed description of the Proposed Interim Model with the Article 29 Working Party. We plan to discuss it in greater detail with them later this month and into April when the Working Party holds its next plenary meeting, after which we hope to publish their feedback.
We welcome your feedback, as well as encourage you to continue dialogue with each other to arrive at consensus on a single, unified interim model. Please share your thoughts by emailing email@example.com or at the ICANN61 meeting in San Juan next week, where there are several sessions devoted to GDPR. We hope you can participate in the discussions either remotely or in person. And please check back on our Data Protection/Privacy Issues page for the latest updates on this important topic.