ICANN met with Article 29 Working Party (WP29) in Brussels

Göran Marby, ICANN President and CEO, Akram Atallah, John Jeffrey, Elena Plexida, Theresa Swinehart and Board member Maarten Botterman, met yesterday in Brussels, with the Article 29 Working Party (WP29) Technology Subgroup and representatives of the Directorate-General for Communications Networks, Content & Technology and Directorate-General for Justice and Consumers.

This meeting was in follow-up to the Article 29 Working Party 11 April letter.

ICANN shared with them additional details on the ICANN org’s work with the community to develop an interim compliance model. Instead of finding a permanent solution to the whois/GDPR problem ICANN has spend months trying to negotiate an interim model and is just stalling.

ICANN reiterated ICANN‘s mission and how it relates to the purposes of WHOIS defined in the model. The Bylaws (Section 1.2) require ICANN to perform its mission “for the benefit of the Internet community as a whole;” and that ICANN must take into account that WHOIS, “meets the legitimate needs of law enforcement, promoting consumer trust and safeguarding registrant data.” (Section 4.6 (e)(ii)).

During the meeting ICANN hand-delivered communications received from the Business Constituency [PDF, 108 KB], Intellectual Property Constituency [PDF, 137 KB], International Trademark Association [PDF, 202 KB], Non-Commercial Stakeholders Group [PDF, 179 KB], and the U.S. Government [PDF, 259 KB].

They also provided the following materials:

• A chart [XLSX, 14 KB] comparing ICANN‘s Proposed Interim Model [PDF, 922 KB] with input received from WP29 [PDF, 400 KB], the International Working Group on Data Protection in Telecommunications (IWGDPT, a.k.a. “Berlin Group”) and the GAC [PDF, 232 KB];
• A proposed timeline [PDF, 33 KB] for implementing the interim compliance model;
• And a technical paper [PDF, 1.85 MB] outlining how WHOIS works.

ICANN reiterated to the WP29 that they are committed to compliance with the law and that they, along with the community and ICANN‘s 2,500 contracted parties, still need additional time for implementation. Also, without further guidance from the data protection authorities (DPAs) on a working model, it is difficult to retain a single approach to a GDPR compliant WHOIS system. During the discussion regarding the timeline, the DPAs requested information regarding the implementation of anonymized email addresses in WHOIS contact information. ICANN claims that it is clear from the meeting that registrant, administrative, and technical contact email addresses must be anonymized.

ICANN also shared some further thinking on the accreditation model and will provide them with a more detailed version based on their input during the meeting. This information will also be shared with the community.

ICANN appreciates the feedback received during the meeting. From the discussions, all agreed that there are still open questions remaining, and that ICANN will provide a letter seeking additional clarifying advice to better understand the plan of action to come into compliance with the law. ICANN also understands that the community may have opinions regarding the clarifications or interpretations of the law provided by the DPAs. All of this information is needed for the ICANN org and community to move forward, so that ICANN can continue to establish the necessary milestones for compliance, and ultimately implement a model that is fully compliant with the law.

You can follow the latest updates on our Data Protection/Privacy Issues page including the updates to the FAQs [PDF, 76 KB]. ICANN welcomes the community’s input and invite you to email your thoughts to gdpr@icann.org.