Skip to main content
Resources

Legal Analyses, Proposed Compliance Models, & Community Feedback

This page includes documents and community feedback that informed ICANN's development of the Temporary Specification for gTLD Registration Data that was adopted by resolution of the ICANN Board of Directors (ICANN Board) on 17 May 2018. These include proposed Temporary Specifications, ICANN- and Community-proposed compliance models, legal analyses, and points of discussion, community feedback, and reference documents. For more information on Registration Data, please visit our Registration Data at ICANN page.

Click here to return to ICANN's Data Protection/Privacy Issues webpage.

On this page you'll find:

Temporary Specification for gTLD Registration Data

Click here for the wiki workspace for the GNSO Team that will be conducting an Expedited Policy Development Process (PDP) on the Temporary Specification for gTLD Registration Data.

17 May 2018 – Temporary Specification for gTLD Registration Data (Approved 17 May 2018; Effective as of 25 May 2018)

This Temporary Specification for gTLD Registration Data (Temporary Specification) establishes temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies in light of the GDPR.

14 May 2018 – Proposed Temporary Specification for gTLD Registration Data – For Discussion [PDF, 153 KB]

14 May 2018 – REDLINED Proposed Temporary Specification for gTLD Registration Data – For Discussion [PDF, 199 KB]

Updated version of the Proposed Temporary Specification for gTLD Registration Data to reflect ICANN Board discussion at Vancouver Workshop, 11-13 May 2018.

11 May 2018 – Proposed Temporary Specification for gTLD Registration Data – For Discussion [PDF, 625 KB]

This is the initial ICANN-proposed Temporary Specification for gTLD Registration Data (Temporary Specification)

ICANN-and Community-Proposed Compliance Models for Community Discussion

For more information about these proposed models, click here

ICANN-Proposed Framework Elements for Unified Access Model for Continued Access to Full WHOIS Data

The ICANN Board’s adoption of the Temporary Specification for gTLD Registration Data included a recommendation that the ICANN community work “to develop an accreditation and access model that complies with the GDPR.” Building on prior community discussions, including the approach reflected in the Calzone model, ICANN published the Framework Elements for a Unified Access Model for Continued Access to Full WHOIS Data for community discussion. This document is accompanied by a chart comparing ICANN’s proposed model to other proposed community models.

ICANN's Technical Study Group on Access to Non-Public Registration Data

This group will explore technical solutions for authenticating, authorizing, and providing access to non-public registration data for third parties with legitimate interests. Click here for more information on this group.

GDPR Legal Analysis Memoranda

The ICANN organization engaged European law firm, Hamilton Advokatbyrå, to provide us with information and analysis to assist in our discussions with the community and contracted parties regarding their contractual agreements with ICANN and the GDPR, as well as topics looking beyond WHOIS to include registration data more broadly, including data required to be escrowed and retained under ICANN's contracts.

Community Discussions

Please email gdpr@icann.org if you would like to share other community discussions regarding data protection/privacy issues on this page.

Community Group Discussion Topic Meetings Documents

ICANN's Intellectual Property and Business Constituencies

Accreditation & Access Model

Mailing List Archives

Meetings:

26 July 2018, 1630 UTC – Accreditation and Access Model for Non-Public WHOIS Data Call

Model Version 1.7 dated 23 July 2018 [PDF, 1.52 MB]

Model Version 1.6 dated 18 June 2018 [PDF, 853 KB]

The Palage Differentiated Registrant Data Access Model (aka Philly Special) - Version 2.0 dated 30 May 2018 [PDF, 628 KB]

Model Version 1.5 dated 10 May 2018 [PDF, 843 KB]

Model Version 1.4 dated 20 April 2018 [PDF, 180 KB]

Model Version 1.3 dated 27 March 2018 [PDF, 393 KB]

Model Version 1.2 dated 23 March 2018 [PDF, 382 KB]

Model Version 1.1 dated 13 March 2018 [PDF, 171 KB]

Comments/Questions Received on Models/Analyses

Click here for all comments/questions that have been received in response to proposed model submissions and legal analyses.

Reference Documents

The community has provided the following inputs to assist in, or to be considered as part of the legal analysis.

Date Document

22 June 2018

FAQ for implementing the Temporary Specification for gTLD Registration Data

24 May 2018

Timeline dated 24 May 2018 – Plan of Action to Implement GDPR Interim Compliance Model [PDF, 81 KB]

14 May 2018

Comparison of Calzone Model and Temporary Specification Requirements – Draft Version dated 14 May 2018 [PDF, 91 KB]

14 May 2018

High-Level Summary of Requirements: Proposed Temporary Specification for gTLD Registration Data – Draft Version dated 14 May 2018 [PDF, 292 KB]

20 April 2018

WHOIS High-Level Technical Brief dated 20 April 2018 [PDF, 1.85 MB]

20 April 2018

Timeline dated 20 April 2018 – Plan of Action to Implement GDPR Interim Compliance Model [PDF, 33 KB]

20 April 2018

Working Draft Non-Paper dated 20 April 2018 – Selected Interim GDPR Compliance Models and Comments [PDF, 14 KB]

13 April 2018

Data Protection/Privacy FAQs [PDF, 76 KB]

10 April 2018

Data Protection/Privacy FAQs [PDF, 22 KB]

10 March 2018

Working Draft dated 10 March 2018 -- Proposed Interim GDPR Compliance Models and Selected Community Input [PDF, 70 KB]

28 February 2018

Working Draft Non-Paper dated 28 February 2018 – Selected Interim GDPR Compliance Models & Comments [XLSX, 21 KB]

2 February 2018

Working Draft dated 2 February 2018 -- Proposed Interim GDPR Compliance Models and Selected Community Input [PDF, 729 KB]

2 February 2018

Working Draft Non-Paper dated 1 February 2018 -- Selected Interim GDPR Compliance Models & Comments [XLSX, 14 KB]

17 November 2017

Questions for GDPR Legal Analysis (Part 2) and Additional Background Resources [PDF, 1.12 MB]

14 November 2017

Questions from ICANN Business Constituency (BC) [PDF, 36 KB]

14 November 2017

Questions from ICANN Intellectual Property Constituency (IPC) [PDF, 444 KB]

14 November 2017

Questions from Internet Service Providers and Connectivity Providers (ISPCP) [PDF, 14 KB]

11 November 2017

Strawman Proposal for WHOIS Compliance with GDPR from Greg Aaron, iThreat Cyber Group [PDF, 90 KB]

1 November 2017

GAC Communiqué – Abu Dhabi, UAE (section on GDPR/WHOIS) [PDF, 595 KB]

29 October 2017

Independent analysis of the WHOIS system in connection with the GDPR commissioned by the IPC [PDF, 1.12 MB]

2017

Guidelines for Proposed Models to Address the General Data Protection Regulation (GDPR)

2017

gTLD Registration Dataflow Matrix and Information webpage

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."