Skip to main content

Data Protection/Privacy Update: Seeking Input on Proposed Interim Model for GDPR Compliance

Gdpr update seeking input interim model compliance 750x423 28feb18 en

It has been a very busy couple of weeks since my last update in mid-February. Today I want to provide you with a brief recap of where we are and next steps.

As we entered 2018, we focused on developing and soliciting input on interim models for collecting registration data and implementing registration directory services to comply with the European Union's General Data Protection Regulation (GDPR) and ICANN's agreements with contracted parties. We subsequently published three ICANN-proposed models [PDF, 623 KB] that incorporated a tiered/layered access approach, and held a webinar to discuss and consider views on these models and alternatives proposed by members of the community.

We continued to engage with individuals and groups including constituencies, contracted parties, and data protection agencies to discuss the pros and cons of various models, as well as alternative options for a path forward. These discussions have been enlightening and fruitful. We are beginning to converge on a single model that includes elements where we have consensus and some areas that may require further discussion with the community.

Today we published two important documents for community review:

  • A document [PDF, 728 KB] providing a high-level summary of the proposed interim model, including a proposal for an accreditation program for continued access to full Thick WHOIS data for accredited users/entities. The legal justification for collection and use of the WHOIS data included in the interim model is not included in this summary document, but will be based on legitimate interests of the controllers or third parties, and will be detailed in an analysis accompanying the final model.
  • A comparison [XLSX, 21 KB] of ICANN organization and community-proposed models based on various elements of registration data against the proposed interim model.

We're now much closer to settling on a final interim model to use until the community adopts new policies to guide our work. ICANN org, with multistakeholder input, is attempting to identify the appropriate balance for a path forward to ensure compliance with the GDPR while maintaining the existing WHOIS system to the greatest extent possible. Your input remains critical to this process. I am asking for your feedback, preferably prior to ICANN61, where we will continue this conversation on the direction we are taking toward interim compliance with the GDPR.

We will also continue to engage with data protection authorities, which are tasked with enforcing data protection laws at a national level, and solicit their input on aspects of the GDPR related to the work of ICANN and ICANN's contracts with registries and registrars.

This has been an intensive, time-consuming process. I am grateful for the outstanding efforts of so many of you in the global multistakeholder community. Thank you for your diligence and hard work. On behalf of ICANN org, we look forward to continuing the dialogue during the upcoming ICANN61 meeting in Puerto Rico. If you won't be there in person, I encourage you to check the schedule and participate remotely in the discussions that will occur. You can also email your input to Let's continue to push forward together.

Don't forget to visit our data protection/privacy page for recent and historical information on this topic.


    Peter Vergote  03:24 UTC on 06 March 2018

    While I appreciate the reach out to the community for providing feedback to the proposed interim (whois) model for GDPR compliance, I find it somehow troublesome that this model is not listed for public comment in the appropriate section on the ICANN website. Is this comment box the only way ICANN is seeking comments from the community? I will send in my comments to gdpr(at)icann(dot)org just to be sure. Kind regards, Peter Vergote

    Eleeza Agopian  12:12 UTC on 06 March 2018

    Thank you for the comment. ICANN is seeking comments from the community via the gdpr @ icann. org email address. We also welcome your participation at ICANN61 either via remote participation or in-person during the relevant sessions.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."