Data Protection/Privacy Update: ICANN’s GDPR Efforts with Temporary Specification Now in Effect
With the recently adopted Temporary Specification for gTLD Registration Data now in effect, I wanted to take this opportunity to update you on what the ICANN organization is doing internally to comply with the European Union's General Data Protection Regulation (GDPR). I also wanted to share some new information about our ongoing dialogue with the Article 29 Working Party (WP29), which has now become the European Data Protection Board (EDPB).
With regard to our internal compliance efforts within the ICANN org, we have updated several of our policies, including the following policies that cover both the ICANN org and Public Technical Identifiers (PTI):
- A revised Terms of Service
- A revised Cookies Policy
- A new Notice of Applicant Privacy (relating to data processed for employment applications)
- A revised New gTLD Program Personal Data Privacy Statement
As for our external activities, we recently published a letter from the European Commission's (EC) Directors Generals (Roberto Viola, DG Communications Networks, Content & Technology; Paraskevi Michou, DG Migration and Home Affairs; and Tiina Astola, DG Justice and Consumers) about our efforts related to the WHOIS services. We are pleased with the positive feedback they've provided regarding the Temporary Specification. In my response, I reiterated our appreciation of the Commission's ongoing facilitating role, and outlined the next steps now that the Temporary Specification has been adopted.
We also appreciate the 27 May 2018 communication from the European Data Protection Board and its recognition of the work ICANN has undertaken with its stakeholders and contracted parties on GDPR as it applies to the WHOIS services. We look forward to continuing our dialogue with the community and the relevant European data protection authorities, including the European Data Protection Board, as we seek further clarification on the law and work to develop a unified access model for providing continued access to full WHOIS data. This includes identifying opportunities for ICANN, beyond its role as one of the "controllers" with respect to WHOIS or its contractual enforcement role, to be acknowledged under the law as the coordinating authority of the WHOIS system.
We will continue to keep the ICANN community updated on these discussions as they occur. As the ICANN Board is required to reaffirm the Temporary Specification 90 days after its adoption, we encourage ongoing community discussions and welcome your feedback at firstname.lastname@example.org. An announcement related to our recent legal activities related to the GDPR is published here. Be sure to visit our Data Protection/Privacy page for regular updates and an overview of our activities in this area.