Minutes | Special Meeting of the ICANN Board
A Special Meeting of the ICANN Board of Directors was held telephonically on 3 May 2018 at 20:00 UTC.
Cherine Chalaby, Chair, promptly called the meeting to order.
In addition to the Chair, the following Directors participated in all or part of the meeting: Maarten Botterman, Becky Burr, Ron da Silva, Sarah Deutsch, Chris Disspain (Vice Chair), Avri Doria, Rafael Lito Ibarra, Khaled Koubaa, Akinori Maemura, Göran Marby (President and CEO), George Sadowsky, Léon Sanchez, Matthew Shears, and Lousewies van der Laan.
The following Directors sent their apologies: Mike Silber.
The following Board Liaisons participated in all or part of the meeting: Manal Ismail (GAC Liaison) and Jonne Soininen (IETF Liaison).
The following Board Liaisons sent their apologies: Ram Mohan (SSAC Liaison) and Kaveh Ranjbar (RSSAC Liaison).
Secretary: John Jeffrey (General Counsel and Secretary).
The following ICANN Executives and Staff participated in all or part of the meeting: Akram Atallah (President, Global Domains Division), Susanna Bennett (Chief Operating Officer), Xavier Calvez (Chief Financial Officer), Gwen Carlson (Senior Director, GDD Communications), David Conrad (Senior Vice President and Chief Technology Officer), Samantha Eisner (Deputy General Counsel), Jamie Hedlund (SVP, Contractual Compliance & Consumer Safeguard and Managing Director - Washington D.C. Office), John Jeffrey (General Counsel and Secretary), Tarek Kamel (Sr Advisor To President & SVP, Government And IGO Engagement), Vinciane Koenigsfeld (Board Operations Content Manager), Trang Nguyen (Vice President, Strategic Programs), David Olive (Senior Vice President, Policy Development Support), Wendy Profit (Board Operations Specialist), Erika Randall (Associate General Counsel), Amy Stathos (Deputy General Counsel), Gina Villavicencio (Senior Director, Global HR Operations), and Christine Willett (Vice President, gTLD Operations).
- Main Agenda:
GAC Advice regarding European Union General Data Protection Regulation (GDPR): San Juan Communiqué (March 2018)
Cherine Chalaby provided opening remarks about proposed actions ahead of the Board in the coming days concerning plans to address the European Union General Data Protection Regulation (GDPR) as it relates to ICANN's policies and agreements with registries and registrars. Cherine explained that one such action before the Board is to address the advice from the Governmental Advisory Committee (GAC) in its San Juan Communiqué concerning WHOIS and the GDPR.
The Board discussed the GAC's advice and determined that its current approach to GDPR compliance is, or could be viewed as inconsistent with the GAC's advice in the San Juan Communiqué. Chris Disspain provided an outline of what steps would need to be taken if the Board decides to take an action the is, or could be viewed as inconsistent with the GAC's advice. Chris explained the requirements in the Bylaws, as well as the process for consultations developed by the Board and GAC. Chris also outlined a potential timeline of actions and discussions with the GAC leading up to the 25 May 2018 effective data of the GDPR. Manal Ismail informed the Board that she'd begun discussions with the GAC about the Board's current views on the GAC advice and the possibility of Board-GAC consultation.
Maarten Botterman asked whether the Bylaws establishe a specific timeline for consultations between the Board and the GAC, and if so, whether it would be possible to complete the required steps in a short timeframe. John Jeffrey walked the Board through the process for consultations, which as a first step requires the Board to provide a written response to the GAC indicating any questions or issues the Board may have with the advice, as well as a preliminary indication of whether the Board may reject the advice. The Board's letter is required to be the subject of an exchange between the Board and the GAC, and eventually a formal Bylaws Consultation, if needed.
Sarah Beutsch asked how the Board's proposed action would be received by the GAC, and Chris suggested the resolution clarify that the Board's action is to initiate the preparatory steps, which could lead to the Bylaw mandated consultation process depending upon the outcome of the pre-consultation steps.
Board members also asked questions about whether the GAC's advice was intended to apply to requirements that would be applicable to registries and registrars on 25 May 2018, or whether the advice was intended to apply to the compliance model that would ultimately be developed by the community through the policy development process. Board members suggested that additional clarity was needed on this point so that it could be considered in its deliberations about how to address the advice, and Maarten suggested that the exchange between the Board and GAC would be a good forum to discuss these issues. Manal also asked for additional clarity about which items of GAC advice the Board was considering rejecting or deferring.
After discussion, the Board took the following action:
Whereas, the Governmental Advisory Committee (GAC) met during the ICANN61 meeting in San Juan, Puerto Rico and issued advice to the ICANN Board in a Communiqué [PDF, 234 KB] on 15 March 2018 ("San Juan Communiqué").
Whereas, the San Juan Communiqué was the subject of an exchange between the Board and the GAC on 11 April 2018.
Whereas, the San Juan Communiqué includes advice concerning ICANN's proposed Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation [PDF, 922 KB] (the "Interim GDPR Compliance Model").
Whereas, the Board has identified items of GAC advice in the San Juan Communiqué that are or potentially could be inconsistent with proposed actions the Board is considering taking to adopt the Interim GDPR Compliance Model.
Whereas, the Bylaws require that "[i]n the event that the Board determines to take an action that is not consistent with Governmental Advisory Committee advice, it shall so inform the Governmental Advisory Committee and state the reasons why it decided not to follow that advice" and the Board and GAC are required to enter into a Bylaws Consultation process.
Resolved (2018.05.03.01), the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC's advice in the San Juan Communiqué concerning the GDPR and ICANN's proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process [DOC, 42 KB] required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.
All members of the Board present voted in favor of Resolution 2018.05.03.01. Mike Silber was unavailable to vote on the Resolution. The Resolution carried.
Rationale for Resolution 2018.05.03.01
Article 12, Section 12.2(a)(ix) of the ICANN Bylaws permits the GAC to "put issues to the Board directly, either by way of comment or prior advice, or by way of specifically recommending action or new policy development or revision to existing policies." In its San Juan Communiqué (15 March 2018), the GAC issued advice to the Board on various matters including ICANN's proposed approach to address compliance with ICANN's agreements with registries and registrars in relation to the European Union's General Data Protection Regulation (GDPR).
The ICANN Bylaws require the Board to take into account the GAC's advice on public policy matters in the formulation and adoption of the polices. If the Board decides to take an action that is not consistent with the GAC advice, it must inform the GAC and state the reasons why it decided not to follow the advice. Any GAC advice approved by a full consensus of the GAC (as defined in the Bylaws) may only be rejected by a vote of no less than 60% of the Board, and the GAC and the Board will then try, in good faith and in a timely and efficient manner, to find a mutually acceptable solution.
At this time, the Board's current thinking and approach to addressing the GDPR in relation to ICANN's agreements with registries and registrars is inconsistent or could be viewed as inconsistent with certain items of the GAC's advice in the San Juan Communiqué. Given this, the Board is taking action at this time to initiate the process that is required prior to the Board taking an action that is not consistent with the GAC's advice. As part of the process, the Board is required to, and will provide a written response to the GAC indicating: (1) whether it has any questions or concerns regarding such advice; (2) whether it would benefit from additional information regarding the basis for the GAC's advice; (3) and a preliminary indication of whether the Board intends to take such advice into account. The Board's response will be the subject of an exchange between the Board and the GAC.
In taking this action, the Board reviewed various materials, including, but not limited to, the following materials and documents:
- San Juan Communiqué (https://gac.icann.org/contentMigrated/icann61-gac-communique)
- Process for Consultations between the ICANN Board of Directors and the Governmental Advisory Committee (https://gacweb.icann.org/download/attachments/27132063/2013-04-07-Process forConsultations between ICANN and GAC.doc?version=1&modificationDate=1376102118000&api=v2 [DOC, 42 KB])
Taking this action will have a positive impact on the community because it will assist with resolving the advice from the GAC concerning ICANN's proposed approach for enforcing compliance with agreements with registries and registrars in relation to the GDPR. There are no foreseen fiscal impacts associated with the adoption of this resolution as the first step of the process, which requires an exchange between the Bord and the GAC, is anticipated to be conducted telephonically. Approval of the resolution will not impact security, stability or resiliency issues relating to the DNS. This is an Organizational Administrative function that does not require public comment. This action is in support of the public interest and ICANN's mission as it will assist in ensuring that public policy considerations are appropriately taken into account in proposed actions by the ICANN Board concerning GDPR compliance.
Any Other Business
The Board discussed additional GDPR-related matters that may come before the Board for a decision in the coming days. In this regard, Jonne Soininen asked for ICANN org members to provide a roadap of the anticipated next steps. ICANN org members provided updates on what is anticipated prior to 25 May and after 25 May, as well as the Organization's work to study available remedies, including legal action in Europe to clarify ICANN's ability to continue to properly coordinate WHOIS.
The Chair called the meeting to a close.
Published on 25 June 2018