EU data protection authorities write again to ICANN on WHOIS and the GDPR
On 11 April 2018, the Article 29 Data Protection Working Party (composed of data protection authorities in EU member states) wrote to the Internet Corporation for Assigned Names and Numbers (ICANN) with regard to ICANN’s proposal for an ‘Interim model for compliance with ICANN agreements and policies in relation to the European Union’s General Data Protection Regulation (GDPR)’. The group welcomed ICANN’s proposal for layered access to WHOIS data (data of domain name registrants) and for an accreditation programme to govern access of law enforcement agencies and other parties to non-public WHOIS data. But it also raised concerns about several provisions of the proposed interim model seen as not being in line with the GDPR, and asked ICANN to further work on issues such as: explicitly defining the legitimate purposes for which registrant data is collected; specifying more clearly the relation between the legitimate purposes of the data processing and the relevant legal basis; developing policies applicable to incidental and systematic requests for access to WHOIS data, in particular for law enforcement agencies; and ensuring that registrars and registries have appropriate logging and auditing mechanisms in place to detect possible misuse of WHOIS data.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.