Skip to main content

Data Protection/Privacy Issues Update: Summarizing our Recent Meeting with Article 29

Gdpr summarizing recent article29 meeting 750x420 23apr18 en

I'd like to provide an update on our ongoing discussions relating to the GDPR. Today in Brussels, ICANN org's Akram Atallah, John Jeffrey, Elena Plexida, and Theresa Swinehart joined me along with Board member Maarten Botterman, to meet with the Article 29 Working Party (WP29) Technology Subgroup and representatives of the Directorate-General for Communications Networks, Content & Technology and Directorate-General for Justice and Consumers. This meeting was in follow-up to the Article 29 Working Party 11 April letter. I was grateful for this opportunity to share with them additional details on the ICANN org's work with the community to develop an interim compliance model. We also reiterated ICANN's mission and how it relates to the purposes of WHOIS defined in the model. The Bylaws (Section 1.2) require ICANN to perform its mission "for the benefit of the Internet community as a whole;" and that ICANN must take into account that WHOIS, "meets the legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data." (Section 4.6 (e)(ii)).

During the meeting we hand-delivered communications received from the Business Constituency [PDF, 108 KB], Intellectual Property Constituency [PDF, 137 KB], International Trademark Association [PDF, 202 KB], Non-Commercial Stakeholders Group [PDF, 179 KB], and the U.S. Government [PDF, 259 KB].

We also provided the following materials:

We reiterated to the WP29 that we are committed to compliance with the law and that we, along with the community and ICANN's 2,500 contracted parties, still need additional time for implementation. Also, without further guidance from the data protection authorities (DPAs) on a working model, it is difficult to retain a single approach to a GDPR compliant WHOIS system. During the discussion regarding the timeline, the DPAs requested information regarding the implementation of anonymized email addresses in WHOIS contact information. It is clear from our meeting that registrant, administrative, and technical contact email addresses must be anonymized.

We also shared some further thinking on the accreditation model and will provide them with a more detailed version based on their input during the meeting. This information will also be shared with the community.

We appreciate the feedback we received during the meeting. From our discussions, we agreed that there are still open questions remaining, and that ICANN will provide a letter seeking additional clarifying advice to better understand our plan of action to come into compliance with the law. We also understand that the community may have opinions regarding the clarifications or interpretations of the law provided by the DPAs. All of this information is needed for the ICANN org and community to move forward, so that we can continue to establish the necessary milestones for compliance, and ultimately implement a model that is fully compliant with the law.

We continue to work with the ICANN Board on the important next steps to be in compliance with the law, together with the community.

Our dialogue with the DPAs is part of our overall work including evaluating all of our available options to ensure we maintain a stable and secure Internet and comply with our bylaw obligations relating to WHOIS. We will continue to publish questions, proposals, and solicit community input as your feedback remains a vital part of the discussions.

As always, you can follow the latest updates on our Data Protection/Privacy Issues page including the updates to the FAQs [PDF, 76 KB]. We welcome the community's input and invite you to email your thoughts to


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."