The European Data Protection Board sends letter to the Internet Corporation for Assigned Names and Numbers
The European Data Protection Board (EDPB) sent a letter to the Internet Corporation for Assigned Names and Numbers (ICANN), written by the EDPB Chair, Andrea Jelinek, with the purpose of providing guidance to ‘enable ICANN to develop a General Data Protection Regulation (GDPR) compliant model for access to personal data processed in the context of WHOIS’. In response to a letter sent by ,Göran Marby, President and CEO of the Board of Directors, ICANN, to the EDPB on 10 May 2018, the EDPB addresses the following issues: purpose specification and lawfulness of processing, collection of ‘full WHOIS data’, registration of legal persons, logging of access to non-public WHOIS data, data retention, and codes of conduct and accreditation. The Article 29 Working Party (WP29), the EDBP’s predecessor, has been offering guidance to ICANN since 2003, on how to bring WHOIS into compliance with European data protection law. It is stated that the EDPB expects ICANN to develop and implement a WHOIS model for legitimate use by the relevant stakeholders, such as law enforcement, of personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of that data.