Blacknight, an Irish based ICANN accredited domain registrar and hosting company, is furious at ICANN about the Registrar Accreditation Agreement (RAA) 2013.
A blog post called “ICANT Cope With ICANN!” (with a URL that ends with blow-fuse.html) Michele Neylon, describes his frustration about having to ask ICANN for permission to comply with Irish and EU data privacy law.
ICANN has ignored the letters from the Article 29 Working Party and are forcing EU based registrars to follow a rather broken process to get an exemption. To date only one registrar has been “granted” a provisional waiver, yet Blacknight knows that a much larger number of companies have applied for one.
If a Registrar has not signed the new RAA 2013 it is not allowed to offer New gTLD domain names.
Blacknight was the first registrar to seek an exemption under the process.
I’m angry, frustrated and unhappy.
Due to ICANN.
ICANN has put us and other European Union based registrars in an utterly ridiculous situation.
We are expected to ask ICANN for permission to comply with Irish and EU data privacy law.
Or put another way, an Irish company is obliged to jump through hoops with a California based corporation in order to be able to operate within Irish law.
The main problem with EU registrars and RAA 2013 is data protection and retention:
However the new contract has issues if you’re based in the EU.
The central tenet of data privacy law is summed up in Article 6(e) of the European Data Protection Directive 95/46/EC which deals with retention of data (emphasis added):
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected
Which under Irish law is Data Protection (Amendment) Act 2003:
“Article 4 (e). preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored”
However ICANN explicitly demands that registrars retain the data for way longer.
The Art. 29 Data Protection Working Party, which has representatives of the data protection authorities of all 28 member states of the European Union, has written to ICANN on several occasions telling them clearly that the 2013 RAA is not compatible with EU law.
They also made it very clear that they didn’t think it was reasonable to ask every EU based ICANN accredited registrar to jump through hoops to get an exemption to the clauses.
What did ICANN do about it?
Short answer – nothing.