As contemplated in the Whois National Law Conflict Procedure (Whois Procedure), this paper opens a review process to solicit community feedback on the effectiveness of the procedure. The community is encouraged to offer comments or suggest possible changes to the procedure, which will be compiled and analyzed to determine a proposed path forward. That path may include a published report in consultation with stakeholder groups, or it may lead to the formation of an Implementation Advisory Group of GNSO representatives to develop possible proposals for modification. Any proposed changes to implementation of the Whois Procedure would also be presented to the GNSO Council to confirm that the proposed changes do not change the intent of the policy recommendations. The proposed changes may also be presented to the Board of Directors for their review, before implementation.
Section I: Description and Explanation
This paper [PDF, 201 KB] outlines a set of questions for discussion about the effectiveness of the current framework for ICANN to address issues concerning contractual obligations and applicable law, and how the processes could potentially be improved. The paper closely examines the steps in the Whois Procedure and raises questions to encourage public comment about possible changes to the Whois Procedure. Also outlined in the paper are registry operators' and registrars' current options for requesting changes to their agreements with ICANN to ensure consistency with local or national data retention laws.
Section II: Background
In November 2005, the GNSO concluded a policy development process establishing a procedure to allow gTLD registries and registrars to demonstrate when they are prevented by local laws from fully complying with the provisions of their respective ICANN contracts regarding personal data in Whois. The ICANN Board of Directors adopted the recommendations in May 2006 and directed staff to develop such a procedure. A draft procedure was posted by staff for public comment, and input was specifically solicited from the Governmental Advisory Committee (GAC). The GAC recommended adding a provision, which was included as 1.4 in the final procedure, urging a registrar or registry to work with relevant national governments to ensure adherence to domestic and international law, as well as applicable international conventions.
The Whois Procedure, in summary, describes a process by which ICANN and contracted parties (both registrars and registries) may address their contractual obligation to collect, display, or distribute Whois data in light of a conflict with other legal obligations, namely, local or national laws. This process may be invoked by the contracted party upon receiving notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance with the provisions of the RAA or other contractual agreement with ICANN dealing with the collection, display or distribution of personally identifiable data via Whois. If the Whois Procedure requires changes that ICANN determines prevents compliance with contractual Whois obligations, ICANN staff may refrain, on a provisional basis, from taking enforcement action for non-compliance, while ICANN prepares a public report and recommendation and submits it to the ICANN Board for a decision.
To date, no registrar nor registry has formally invoked the Whois Procedure. However, there have been instances where contracted parties have successfully negotiated changes to their contractual agreements to accommodate their local data privacy restrictions through other available channels, such as the Registry Service Evaluation Process (RSEP), or the 2013 RAA's Data Retention Specification Waiver.