Purpose: This public comment proceeding seeks to obtain community input on the effectiveness of the updated ICANN Procedure for Handling WHOIS Conflicts with Privacy Law (WHOIS Procedure), which was recently revised to incorporate an "Alternative Trigger," in addition to the existing trigger to invoke the procedure.
Current Status: This assessment is posted for public comment in response to a Generic Names Supporting Organization (GNSO) Council request. Public comment is sought on the assessment of the practicality and feasibility of the additional trigger recently added to the WHOIS Procedure, in comparison to the existing trigger to invoke the WHOIS Procedure as well as other triggers.
Next Steps: ICANN will review and summarize the feedback and report back accordingly to the GNSO Council. As directed by the ICANN Procedure for Handling WHOIS Conflicts with Privacy Law, this assessment is intended to inform the next periodic review of the WHOIS Procedure, which will commence no later than 1 October 2017.
Section I: Description and Explanation
In response to a Generic Names Supporting Organization (GNSO) Council request, ICANN staff has published an assessment of the revised ICANN Procedure for Handling WHOIS Conflicts with Privacy Law (WHOIS Procedure), which was made effective on 18 April 2017. Specifically, this paper is intended to collect input on the assessment of the practicality and feasibility of the "Alternative Trigger" recently added in Step One of the WHOIS Procedure, in comparison to the existing trigger to invoke the procedure as well as other triggers previously discussed by the community. Given that the WHOIS Procedure has recently been updated, and no registrar or registry operator to date has formally invoked the procedure, this analysis is based on community discussions and input received during the previous review of the procedure that will allow for evaluation of the triggers required for invoking the procedure. It also draws upon ICANN's experience administering other processes where a contracted party is seeking ICANN's approval for new services, or waiving certain contractual requirements, as a point of comparison for the implementation of the procedure.
The existing trigger in the original WHOIS Procedure allows a registry operator or ICANN-accredited registrar to invoke the procedure if they are in receipt of a notification of an action that its compliance with WHOIS obligations are prevented by local laws. With the additional trigger, a registry operator or ICANN-accredited registrar may now also invoke the procedure by providing ICANN with a written statement from the applicable government agency responsible for enforcing its data privacy laws indicating that a WHOIS obligation in an ICANN contract conflicts with such applicable national law.
This paper outlines a set of questions for discussion that the ICANN community, including contracted parties, data protection agencies, law enforcement and other relevant parties may want to consider regarding the revised WHOIS Procedure and the process itself. The community is encouraged to offer thoughtful comments on utility of the triggers in the updated WHOIS Procedure or suggestions on how to move forward with the review. Feedback is especially important to ensure that all issues that need to be considered are identified and examined in the upcoming review.
Section II: Background
In November 2005, the GNSO concluded a policy development process (PDP) establishing a procedure to allow gTLD registry operators and ICANN-accredited registrars to demonstrate when they are prevented by local laws from fully complying with the provisions of their respective ICANN contracts regarding personal data in WHOIS. The ICANN Board of Directors adopted the recommendations in May 2006 and directed staff to develop such a procedure. A contracted party that credibly demonstrates that it is legally prevented from complying with its WHOIS obligations can invoke the procedure, which became effective in January 2008. To date, the procedure has never been invoked. ICANN launched a review of the procedure in May 2014 and concluded that review with the recently adopted update to the WHOIS Procedure.
Following a Call for Volunteers addressed to all interested parties, an Implementation Advisory Group (IAG) was formed to review the implementation of the policy recommendations and began its work in January 2015. The IAG devoted most of its time to discussing whether additional triggers to invoke the procedure should be incorporated and, if so, how to ensure that they remain consistent with the existing policy.
In May 2016, the IAG submitted its final report [PDF, 155 KB] to the GNSO Council and recommended that the WHOIS Procedure be revised to incorporate an "Alternative Trigger," in addition to the existing trigger to invoke the procedure. In February 2017, the GNSO Council passed a resolution adopting IAG's recommendation and confirmed that the modification to the WHOIS Procedure does not change the intent of the original GNSO policy recommendations.
Section III: Relevant Resources
- Revised ICANN Procedure for Handling WHOIS Conflicts with Privacy Law: Assessment and Next Steps [PDF, 159 KB]
- Revised WHOIS and National Law Conflicts Procedure [PDF, 55 KB]
- Final Report on the Implementation Advisory Group Review of Existing ICANN Procedure for Handling WHOIS Conflicts with Privacy Laws [PDF, 55 KB]
- Review of the ICANN Procedure for Handling WHOIS Conflicts with Privacy Law (2014) [PDF, 205 KB]
- Registry Services Evaluation Procedure
- 2013 RAA Data Retention Specification
- GNSO Council Resolution: Confirmation that modification to procedure that implements the WHOIS conflicts with privacy law policy recommendation is consistent with the intent of the policy recommendation (17 February 2017)
Section IV: Additional Information
- Initial Report on the Implementation Advisory Group Review of Existing ICANN Procedure for Handling Whois Conflicts with Privacy Laws [PDF, 616 KB]
- Initial Report on the Implementation Advisory Group Review of Existing ICANN Procedure for Handling Whois Conflicts with Privacy Laws, Appendices 1-4 [PDF, 563 KB]