Skip to main content

Data Protection/Privacy Update: Proposed Temporary Specification Now Available

Gdpr proposed temp spec now available 750x425 11may18 en

As you may recall, I noted in one of my recent data protection/privacy updates that we would soon be posting the proposed Temporary Specification for gTLD Registration Data. The draft document is now available here [PDF, 625 KB] and I encourage you to take a moment to read through it.

We are sharing the proposed Temporary Specification with the community now, at the same time that we are providing it to the Board at their Vancouver Workshop. In light of both the importance of this issue and the timing, the board has reorganized its schedule in Vancouver to spend the maximum amount of time needed to discuss the Temporary Specification during the workshop and possibly during its 13 May Board meeting.

The ICANN organization and community continue to work together to find a way to bring both the ICANN org and contracted parties into compliance with the European Union's General Data Protection Regulation (GDPR), while maintaining the existing WHOIS system to the greatest extent possible, in accordance with the policies set by the ICANN community through the multistakeholder model. The ICANN org also continues to discuss the matter with the Article 29 Working Party.

This proposed Temporary Specification provides an interim solution until the community completes a policy development process that will result in a consensus policy for a revised WHOIS model. The Temporary Specification, which reflects ICANN's Proposed Interim Model [PDF, 922 KB], balances the requirements of the existing WHOIS with the requirements established by the GDPR. It does so by allowing for the robust collection of registration data but also restricting the access to personal data to layered/tiered access. Users with a legitimate purpose may request access to non-public data through registrars and registry operators, and will be able to contact either the registrant or administrative and technical contacts through an anonymized email or web form. Registrants will also be able to opt-in to having their full contact information made publicly available.

In parallel, the Board has started a pre-consultation process with the Governmental Advisory Committee (GAC) regarding the advice it provided on GDPR in its San Juan Communiqué [PDF, 232 KB]. The proposed Temporary Specification, is or may be inconsistent with certain parts of the GAC's advice. As such, it's important that the Board engage with the GAC.

This pre-consultation is the first step in the Process for Consultations between the ICANN Board and the GAC [DOC, 42 KB]. Following a call held on 8 May, where the GAC provided additional clarification that the advice it provided in the San Juan Communiqué is intended to apply to the Interim Compliance Model, the ICANN Board sent a letter [PDF, 315 KB] to GAC leadership outlining the next steps.

Please take a moment to review the proposed Temporary Specification, and don't forget that you can follow the latest updates on our dedicated Data Protection/Privacy page.


    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."