Skip to main content

Data Protection/Privacy Update: ICANN’s GDPR Efforts with Temporary Specification Now in Effect

Gdpr efforts 3124x1765 05jun18 en

With the recently adopted Temporary Specification for gTLD Registration Data now in effect, I wanted to take this opportunity to update you on what the ICANN organization is doing internally to comply with the European Union's General Data Protection Regulation (GDPR). I also wanted to share some new information about our ongoing dialogue with the Article 29 Working Party (WP29), which has now become the European Data Protection Board (EDPB).

With regard to our internal compliance efforts within the ICANN org, we have updated several of our policies, including the following policies that cover both the ICANN org and Public Technical Identifiers (PTI):

Links to the new online Privacy Policy, Terms of Service, and Cookies Policy have been placed on ICANN supported websites, including icann.org, as well as community-facing sites, such as the Community Wiki, atlarge.icann.org, gac.icann.org, and whois.icann.org, to name a few. Pop-up notifications, banners, and hard-coded text have been deployed on most of these sites to notify users of these recent changes. You can find all of these policies here. Over the next few weeks, acknowledgment or consent language regarding our data processing practices and Terms of Service is being placed on every fillable and downloadable form available across all ICANN org supported websites. We've also rolled out internal changes to the way we handle personal data, from data processing arrangements with vendors to our various personnel policies.

As for our external activities, we recently published a letter from the European Commission's (EC) Directors Generals (Roberto Viola, DG Communications Networks, Content & Technology; Paraskevi Michou, DG Migration and Home Affairs; and Tiina Astola, DG Justice and Consumers) about our efforts related to the WHOIS services. We are pleased with the positive feedback they've provided regarding the Temporary Specification. In my response, I reiterated our appreciation of the Commission's ongoing facilitating role, and outlined the next steps now that the Temporary Specification has been adopted.

We also appreciate the 27 May 2018 communication from the European Data Protection Board and its recognition of the work ICANN has undertaken with its stakeholders and contracted parties on GDPR as it applies to the WHOIS services. We look forward to continuing our dialogue with the community and the relevant European data protection authorities, including the European Data Protection Board, as we seek further clarification on the law and work to develop a unified access model for providing continued access to full WHOIS data. This includes identifying opportunities for ICANN, beyond its role as one of the "controllers" with respect to WHOIS or its contractual enforcement role, to be acknowledged under the law as the coordinating authority of the WHOIS system.

We will continue to keep the ICANN community updated on these discussions as they occur. As the ICANN Board is required to reaffirm the Temporary Specification 90 days after its adoption, we encourage ongoing community discussions and welcome your feedback at gdpr@icann.org. An announcement related to our recent legal activities related to the GDPR is published here. Be sure to visit our Data Protection/Privacy page for regular updates and an overview of our activities in this area.

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."