Data Protection/Privacy Update: Seeking Input on Proposed Interim Model for GDPR Compliance
It has been a very busy couple of weeks since my last update in mid-February. Today I want to provide you with a brief recap of where we are and next steps.
As we entered 2018, we focused on developing and soliciting input on interim models for collecting registration data and implementing registration directory services to comply with the European Union's General Data Protection Regulation (GDPR) and ICANN's agreements with contracted parties. We subsequently published three ICANN-proposed models [PDF, 623 KB] that incorporated a tiered/layered access approach, and held a webinar to discuss and consider views on these models and alternatives proposed by members of the community.
We continued to engage with individuals and groups including constituencies, contracted parties, and data protection agencies to discuss the pros and cons of various models, as well as alternative options for a path forward. These discussions have been enlightening and fruitful. We are beginning to converge on a single model that includes elements where we have consensus and some areas that may require further discussion with the community.
Today we published two important documents for community review:
- A document [PDF, 728 KB] providing a high-level summary of the proposed interim model, including a proposal for an accreditation program for continued access to full Thick WHOIS data for accredited users/entities. The legal justification for collection and use of the WHOIS data included in the interim model is not included in this summary document, but will be based on legitimate interests of the controllers or third parties, and will be detailed in an analysis accompanying the final model.
- A comparison [XLSX, 21 KB] of ICANN organization and community-proposed models based on various elements of registration data against the proposed interim model.
We're now much closer to settling on a final interim model to use until the community adopts new policies to guide our work. ICANN org, with multistakeholder input, is attempting to identify the appropriate balance for a path forward to ensure compliance with the GDPR while maintaining the existing WHOIS system to the greatest extent possible. Your input remains critical to this process. I am asking for your feedback, preferably prior to ICANN61, where we will continue this conversation on the direction we are taking toward interim compliance with the GDPR.
We will also continue to engage with data protection authorities, which are tasked with enforcing data protection laws at a national level, and solicit their input on aspects of the GDPR related to the work of ICANN and ICANN's contracts with registries and registrars.
This has been an intensive, time-consuming process. I am grateful for the outstanding efforts of so many of you in the global multistakeholder community. Thank you for your diligence and hard work. On behalf of ICANN org, we look forward to continuing the dialogue during the upcoming ICANN61 meeting in Puerto Rico. If you won't be there in person, I encourage you to check the schedule and participate remotely in the discussions that will occur. You can also email your input to firstname.lastname@example.org. Let's continue to push forward together.
Don't forget to visit our data protection/privacy page for recent and historical information on this topic.