The Internet Corporation for Assigned Names and Numbers (“ICANN”) has requested European data protection authorities (DPAs) provide specific guidance on the organization’s Proposed Interim Compliance Model [PDF, 922 KB] as it relates to the European Union’s General Data Protection Regulation (GDPR).
In letters to each of the 28 European member states’ DPAs and the European Data Protection Supervisor, ICANN asks the authorities to “help ICANN and the domain name registries and registrars to maintain the global WHOIS in its current form, through either clarification of the GDPR, a moratorium on enforcement or other relevant actions, until a revised WHOIS policy that balances these critical public interest perspectives may be developed and implemented.”
“Absent this specific guidance, the integrity of the global WHOIS system and the organization’s ability to enforce WHOIS requirements after the GDPR becomes effective will be threatened.”
“ICANN is concerned that continued ambiguity on the application of the GDPR to the global WHOIS may result in many domain name registries and registrars choosing not to publish or collect WHOIS out of fear that they will be subject to significant fines following actions brought against them by the European DPAs. ICANN has set out that its 2,500 domain name registries and registrars need clear guidance and a moratorium so that they will not have enforcement actions brought against them while they implement changes to comply with the GDPR.”
“At the same time, governments world-wide, law enforcement authorities, and those fighting abuse on the Internet are deeply concerned that blocked access to the global WHOIS may significantly harm the public interest, by blocking access to critical information which allow them to enforce other laws and protect consumers, critical infrastructure and intellectual property rights.”
More information on ICANN’s data protection/privacy activities is available here.