Göran Marby, ICANN’s President and Chief Executive Officer, has requested guidance about the General Data Protection Regulation (GDPR) impact on the domain name system and WHOIS from the European Union.
Marby sent letters (pdf) to the commissioners of all European Union countries that relate to Personal Data Protection and Information.
ICANN seems to have given up trying to figure out a solution to the upcoming GDPR and is asking everybody else to solve the problem. It is already too late. ICANN has not even figured out what the interim GDPR model is going to be.
Maybe ICANN should start doing some actual work instead of only spending our money.
Here is how the Göran Marby letter begins:
“This letter is in follow up to our letter dated 12 September 2017 to provide you with an update on the ongoing work of ICANN and the global Internet community in seeking to comply with the General Data Protection Regulation (GDPR) as it may apply to the global Domain Name System, and in particular, the WHOIS, a global, publicly available distributed directory service containing information about the registration records of more than 187 million domain names.
ICANN helps to coordinate a decentralized WHOIS through private contractual arrangements, with more than 2, 500 domain name registries and registrars, each of which, along with ICANN, are data controllers impacted by the GDPR.
Accordingly, ICANN and more than a thousand of the domain names registries and registrars are at a critical juncture. We need specific guidance from European data protection authorities in order to meet the needs of the global internet stakeholder community, including governments, privacy authorities, law enforcement agencies, intellectual property holders, cybersecurity experts, domain name registries, registrars, registrants and ordinary internet users.
Following extensive public debates and information exchanges about the impact of the GDPR on WHOIS, there remain critical questions regarding how to maintain the global system of WHOIS in a manner that is consistent with the GDPR. Without guidance from you on these critical questions detailed below, the integrity of the global WHOIS system and our ability to enforce WHOIS requirements after the GDPR becomes effective will be threatened.
Continued ambiguity on the applicability of the GDPR to the global WHOIS may result in many of the domain name registries and registrars choosing not to comply with their contractual requirements on WHOIS out of fear that they will be subject to significant fines following actions brought against them by your respective offices. Many of ICANN’s contracted parties, specifically domain name registries and registrars, need clear guidance on these critical questions and assurance that they will not have enforcement actions brought against them while they implement changes to comply with the GDPR.
At the same time, governments, law enforcement authorities and others are deeply concerned that blocked access to the global WHOIS may significantly harm the public interest, by blocking access to critical information which allow them to enforce other laws and protect consumers, critical infrastructure and intellectual property rights.
We request you to help ICANN and the domain name registries and registrars to maintain the global WHOIS in its current form, through either clarification of the GDPR, a moratorium on enforcement or other relevant actions, until a revised WHOIS policy that balances these critical public interest perspectives may be developed and implemented.”
You can read the complete letter here.