In 2018, ICANN is focused on developing and soliciting input on interim models for collecting registration data and implementing registration directory services to comply with the European Union’s General Data Protection Regulation (GDPR) and ICANN’s agreements with contracted parties. They subsequently published three ICANN-proposed models [PDF, 623 KB] that incorporated a tiered/layered access approach, and held a webinar to discuss and consider views on these models and alternatives proposed by members of the community.
Today ICANN published two important documents for community review:
- A document [PDF, 728 KB] providing a high-level summary of the proposed interim model, including a proposal for an accreditation program for continued access to full Thick WHOIS data for accredited users/entities. The legal justification for collection and use of the WHOIS data included in the interim model is not included in this summary document, but will be based on legitimate interests of the controllers or third parties, and will be detailed in an analysis accompanying the final model.
- A comparison [XLSX, 21 KB] of ICANN organization and community-proposed models based on various elements of registration data against the proposed interim model.
ICANN org, with multistakeholder input, is attempting to identify the appropriate balance for a path forward to ensure compliance with the GDPR while maintaining the existing WHOIS system to the greatest extent possible.
The Proposed Interim Model maintains robust collection of registration data (including registrant, administrative, and technical contact information), but restricts most personal data to layered access via an accreditation program to be developed in consultation with the GAC.
Users without accreditation for full WHOIS access would maintain the ability to contact the registrant or administrative and technical contacts, either through an anonymized email, web form, or other technical means.
The Proposed Interim Model would be required to be implemented where required because of a nexus to the European Economic Area, while providing flexibility to registries and registrars to apply the model on global basis based on implementability and fairness considerations. The model would apply to all registrations, without requiring registrars to differentiate between registrations of legal and natural persons.
The model would include data processing agreements between and among ICANN, registries, registrars, and data escrow agents as necessary for compliance with the GDPR.