The European Commission, through its Directorate-General for Communications Networks, Content and Technology, has sent a letter to the Internet Corporation for Assigned Names and Numbers (ICANN), expressing concerns over the organisation's proposed models for ensuring compliance between its WHOIS policy and the EU General Data Protection Regulation (GDPR). In the letter, the Commission asks ICANN to delay its final decision on an interim model, and to instead allow for further 'discussion with all stakeholders involved, as well as the data protection authorities'. It also noted that the proposed models are abstract, and difficult to assess regarding their scope and impact, therefore encouraging ICANN to further develop possible options 'to balance the various legal requirements, needs, and interests'. The letter came a few weeks after the EU Commissioner for Migration, Home Affairs and Citizenship, the Commissioner for Justice, Consumers and Gender Equality, and the Commissioner for the Security Union wrote to ICANN's CEO on the same topic GDPR compliance.
Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.