Interesting development. ICANN sues on GDPR specifically on WHOIS Data.
See email thread below.
This I will be watching closely.
*AHK & Associates*
Tel: +254 713 601113
13th Floor , Delta Towers, Oracle Wing,
Chiromo Road, Westlands,
Any information of a personal nature expressed in this email are purely
mine and do not necessarily reflect the official positions of the
organizations that I work with.
*From: *”Joke Braeken” <email@example.com>
*To: *firstname.lastname@example.org, ccTLDcommunity@cctld-managers.org,
*Sent: *Tuesday, May 29, 2018 4:38:56 PM
*Subject: *[ccnso-council] ICANN Files Legal Action in Germany to
Preserve WHOIS Data
ICANN on 25 May 2018 filed injunction proceedings against EPAG, a
Germany-based, ICANN-accredited registrar that is part of the Tucows Group.
ICANN has taken this step to ask the court for assistance in interpreting
the European Union’s General Data Protection Regulation (GDPR) in order to
protect the data collected in WHOIS. ICANN’s “one-sided filing” in Bonn,
Germany, seeks a court ruling to ensure the continued collection of all
WHOIS data, so that such data remains available to parties demonstrating
legitimate purpose to access it, consistent with the GDPR.
EPAG recently informed ICANN that when it sells new domain name
registrations it would no longer collect administrative and technical
contact information, as it believes collection of that data would violate
the GDPR rules. ICANN requires that information to be collected, via its
contract with EPAG which authorizes it to sell generic top-level domain
name registrations. ICANN recently adopted [icann.org]
a new Temporary Specification [icann.org]
regarding how WHOIS data should be collected and which parts may be
published, which ICANN believes is consistent with the GDPR.
“We are filing an action in Germany to protect the collection of WHOIS data
and to seek further clarification that ICANN may continue to require its
collection. It is ICANN’s public interest role to coordinate a
decentralized global WHOIS for the generic top-level domain system. ICANN
contractually requires the collection of data by over 2,500 registrars and
registries who help ICANN maintain that global information resource,” said
John Jeffrey, ICANN’s General Counsel and Secretary. “We appreciate that
EPAG shared their plans with us when they did, so that we could move
quickly to ask the German court for clarity on this important issue. We
also appreciate that EPAG has agreed that it will not permanently delete
WHOIS data collected, except as consistent with ICANN policy.”
If EPAG’s actions stand, those with legitimate purposes, including
security-related purposes, law enforcement, intellectual property rights
holders, and other legitimate users of that information may no longer be
able to access full WHOIS records.
ICANN does not seek to require its contracted parties to violate the law.
EPAG’s position has identified a disagreement with ICANN and others as to
how the GDPR should be interpreted. This lawsuit seeks to clarify that
difference in interpretation. In its 17 May 2018 adoption of the Temporary
Specification for gTLD Registration Data [icann.org]
the ICANN Board noted that the global public interest is served by the
implementation of a unified policy governing aspects of gTLD registration
data when the GDPR goes into effect.
“The ICANN org is committed to enforcing our contracts to the fullest
extent the law allows and preserving the integrity of the WHOIS system,”
said ICANN President and CEO Göran Marby.
The Temporary Specification [icann.org]
effective today, still requires gTLD registry operators and registrars to
collect all registration data. If you submit a WHOIS query for a
registration subject to the GDPR, you will only receive “thin” data in
return, which includes technical data sufficient to identify the sponsoring
registrar, status of the registration, and creation and expiration dates
for each registration, but not personal data. Additionally, you will have
access to an anonymized email address or a web form to facilitate email
communication with the relevant contact for that registration. If you are a
third party with legitimate interests in gaining access to the non-public
data held by the gTLD registry operator or registrar, there are still ways
for you to access that data. You can look up the sponsoring registrar and
contact them, and they are obligated to respond to you in a reasonable time.
If you do not get a response, ICANN’s complaint mechanisms [icann.org]
will be available for you to use. If you find individual parties who you
believe are not complying with their obligations under this Temporary
Specification or their agreements with ICANN, you may contact ICANN’s
Contractual Compliance Department to file a complaint.
ICANN appreciates the ongoing discussions with the European Commission, and
WP29, together with all of the ICANN stakeholders. However, ICANN has seen
steps taken by some of our contracted parties that violate their
contractual agreements with ICANN. Thus, ICANN must file this action now to
both prevent permanent harm to the public interest and seek clarification
of the laws, as they relate to the integrity of the WHOIS services.
Read the news alert here:
ccNSO Policy Advisor
Follow @ccNSO on Twitter: https://twitter.com/ccNSO
Follow the ccNSO on Facebook: www.facebook.com/ccnso/
kictanet mailing list