Minutes | Special Meeting of the ICANN Board
A Special Meeting of the ICANN Board of Directors was held telephonically on 21 August 2018 at 20:00 UTC.
Cherine Chalaby, Chair, promptly called the meeting to order.
In addition to the Chair, the following Directors participated in all or part of the meeting: Maarten Botterman, Becky Burr, Chris Disspain (Vice Chair), Sarah Deutsch, Avri Doria, Rafael Lito Ibarra, Akinori Maemura, Göran Marby (President and CEO), George Sadowsky, Léon Sanchez, Matthew Shears, Mike Silber, and Lousewies van der Laan.
The following Directors sent their apologies: Ron da Silva and Khaled Koubaa.
The following Board Liaisons participated in all or part of the meeting: Manal Ismail (GAC Liaison) and Jonne Soininen (IETF Liaison).
The following Board Liaisons sent their apologies: Ram Mohan (SSAC Liaison) and Kaveh Ranjbar (RSSAC Liaison).
Secretary: John Jeffrey (General Counsel and Secretary).
The following ICANN Executives and Staff participated in all or part of the meeting: Eleeza Algopian (Strategic Planning and Initiatives Sr. Manager), Akram Atallah (President, Global Domains Division), Michelle Bright (Board Content Coordination Director), Sally Costerton (Sr. Advisor to President & SVP, Global Stakeholder Engagement), Dan Halloran (Deputy General Counsel), Jamie Hedlund (SVP, Contractual Compliance & Consumer Safeguard and Managing Director - Washington D.C. Office), John Jeffrey (General Counsel and Secretary), Aaron Jimenez (Board Operations Sr. Coordinator), Vinciane Koenigsfeld (Board Operations Content Manager), David Olive (Senior Vice President, Policy Development Support), Wendy Profit (Board Operations Specialist), Erika Randall (Associate General Counsel), Ashwin Rangan (SVP Engineering & Chief Information Officer), Lisa Saulino (Board Operations Sr. Coordinator), Amy Stathos (Deputy General Counsel), Theresa Swinehart (Senior Vice President, Multistakeholder Strategy and Strategic Initiatives), and Gina Villavicencio (SVP, Global Human Resources).
- Main Agenda:
Reaffirming the Temporary Specification for gTLD Registration Data
Cherine Chalaby, Board Chair, provided an overview of the meeting agenda, and Becky Burr provided a briefing to the Board concerning the proposed resolution to reaffirm the Temporary Specification for gTLD Registration Data adopted on 17 May 2018 (the "Temporary Specification"). As part of the briefing, Becky outlined the reasons under which it is appropriate to adopt a temporary policy or specification, as well as the Board's specific rationale for adopting the Temporary Specification as explained in the Advisory Statement adopted by the Board on 17 May 2018.
During the Board's discussion, Becky reported that the GNSO Council initiated an expedited policy development process (PDP) to consider the development of a consensus policy on the issues within the Temporary Specification, and the work of the PDP Working Group is underway. The Board has two liaisons to the expedited PDP to share any input the Board may have that will inform the PDP Working Group's deliberations.
George Sadowsky asked whether the Advisory Statement would be updated as part of the proposed action to reaffirm the Temporary Specification, and the Board considered that the security and stability issues giving rise to the Temporary Specification remain as described in the Advisory Statement, and no changes would be needed at this time.
After discussion, the Board took the following action:
Whereas, on 17 May 2018, the Board adopted the Temporary Specification for gTLD Registration Data (the "Temporary Specification") to be effective 25 May 2018 for a 90-day period. The Temporary Specification establishes temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies concerning gTLD registration data (including WHOIS) in light of the European Union's General Data Protection Regulation (GDPR).
Whereas, the Board adopted the Temporary Specification pursuant to the procedures in the Registry Agreement and Registrar Accreditation Agreement for adopting temporary policies. This procedure requires that "[i]f the period of time for which the Temporary Policy is adopted exceeds ninety (90) calendar days, the Board shall reaffirm its temporary adoption every ninety (90) calendar days for a total period not to exceed one (1) year, in order to maintain such Temporary Policy in effect until such time as it becomes a Consensus Policy".
Resolved (2018.08.21.01), the Board reaffirms the Temporary Specification for gTLD Registration Data pursuant to the procedures in the Registry Agreement and Registrar Accreditation Agreement concerning the establishment of temporary policies. In reaffirming this Temporary Specification, the Board has determined that:
- The modifications in the Temporary Specification to existing requirements concerning the processing of personal data in registration data continue to be justified and immediate temporary establishment of the Temporary Specification continues to be necessary to maintain the stability or security of Registrar Services, Registry Services or the DNS or the Internet.
- The Temporary Specification is as narrowly tailored as feasible to achieve the objective to maintain the stability or security of Registrar Services, Registry Services or the DNS or the Internet.
- The Temporary Specification will be effective for an additional 90-day period.
Resolved (2018.08.21.02), the Board reaffirms the Advisory Statement Concerning Adoption of the Temporary Specification for gTLD Registration Data [PDF, 511 KB], which sets forth its detailed explanation of its reasons for adopting the Temporary Specification and why the Board believes such Temporary Specification should receive the consensus support of Internet stakeholders.
All members of the Board present voted in favor of Resolutions 2018.08.21.01 - 2018.08.21.02. Ron da Silva and Khaled Koubaa were unavailable to vote on the Resolutions. The Resolutions carried.
Rationale for Resolutions 2018.08.21.01 - 2018.08.21.02
The European Union's General Data Protection Regulation (GDPR) went into effect on 25 May 2018. The GDPR is a set of rules adopted by the European Parliament, the European Council and the European Commission that impose new obligations on all companies and organizations that collect and maintain any "personal data" of residents of the European Union, as defined under EU data protection law. The GDPR impacts how personal data is collected, displayed and processed among participants in the gTLD domain name ecosystem (including registries and registrars) pursuant to ICANN contracts and policies.
On 17 May 2018, the Board adopted the Temporary Specification for gTLD Registration Data ("Temporary Specification") to establish temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies concerning gTLD registration data (including WHOIS) in relation to the GDPR. The Temporary Specification, which became effective on 25 May 2018, was adopted utilizing the procedure for temporary policies established in the Registry Agreement and the Registrar Accreditation Agreement.
As required by the procedure in the Registrar Accreditation Agreement and Registry Agreements for adopting a temporary policy or specification, "[i]f the period of time for which the Temporary Policy is adopted exceeds ninety (90) calendar days, the Board shall reaffirm its temporary adoption every ninety (90) calendar days for a total period not to exceed one (1) year, in order to maintain such Temporary Policy in effect until such time as it becomes a Consensus Policy."
Today, the Board is taking action to reconfirm the Temporary Specification for an additional 90 days as the temporary requirements continue to be justified in order to maintain the stability or security of registry services, registrar services or the DNS. When adopting the Temporary Specification, the Board provided an Advisory Statement [PDF, 511 KB] to provide a detailed explanation of its reasons for adopting the Temporary Specification and why the Board believes such Temporary Specification should receive the consensus support of Internet stakeholders. The Board reaffirms the Advisory Statement, which is incorporated by reference into the rationale to the Board's resolutions.
As required when a temporary policy or specification is adopted, the Board took action to implement the consensus policy development process and consulted with the GNSO Council on potential paths forward for considering the development of a consensus policy on the issues within the Temporary Specification. The consensus policy development process must be concluded in a one-year time period. The Board takes note that the GNSO Council launched an Expedited Policy Development Process on the Temporary Specification, and the Working Group has begun its deliberations. The Board will continue to engage with the GNSO Council on this matter and reconfirms its commitment to provide the necessary support to the work of the Expediated Policy Development Process to meet the deadline (see 7 August 2018 letter from Cherine Chalaby to GNSO Council Chair: https://www.icann.org/en/system/files/correspondence/chalaby-to-forrest-et-al-07aug18-en.pdf [PDF, 269 KB]).
The Board's action to reaffirm the Temporary Specification is consistent with ICANN's mission "[…] to ensure the stable and secure operation of the Internet's unique identifier systems […]". As one of ICANN's primary roles is to be responsible for the administration of the topmost levels of the Internet's identifiers, facilitating the ability to identify the holders of those identifiers is a core function of ICANN. The Board's action today will help serve the public interest and further the requirement in ICANN's Bylaws to "assess the effectiveness of the then current gTLD registry directory service and whether its implementation meets the legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data." [Bylaws Sec. 4.6(e)(ii)]
Also, this action is expected to have an immediate impact on the continued security, stability or resiliency of the DNS, as it will assist in continuing to maintain WHOIS to the greatest extent possible while the community works to develop a consensus policy. Reaffirming the Temporary Specification is not expected to have a fiscal impact on ICANN organization beyond what was previously identified in the Board's rationale for resolutions 2018.05.17.01 – 2018.05.17.09. If the resource needs are greater than the amounts currently budgeted to perform work on WHOIS- and GDPR-related issues, the President and CEO will bring any additional resource needs to the Board Finance Committee for consideration, in line with existing fund request practices.
This is an Organizational Administrative Function of the Board for which public comment is not required, however ICANN's approach to addressing compliance with ICANN policies and agreements concerning gTLD registration data in relation to the GDPR has been the subject of comments from the community over the past year (https://www.icann.org/dataprotectionprivacy).
The Chair called the meeting to a close.
Published on 17 September 2018