ICANN asks European Commission for legal clarity on revised Whois system and GDPR compatibility

The Internet Corporation for Assigned Names and Numbers (ICANN) has sent a letter to the European Commission asking for legal clarity on the application of the General Data Protection Regulation (GDPR) in the context of ICANN’s work on a mechanism for access to non-public generic top-level domain (gTLD) registration data (a revised whois system for access to domain name registration data). ICANN notes that the community has developed a series of recommendations for a System for Standardized Access/Disclosure (SSAD) for non-public gTLD registration data that ‘will protect the privacy of registrants’ personal data while also meeting the needs of its users in a manner that complies with the GDPR’. The organisation calls on the European Commission to continue to engage with data protection authorities and help ICANN obtain legal clarity that ‘could mean the difference between ICANN having a fragmented system that routes most request for access to non-public registration data from requestors to thousands of individual registries and registrars for a decision, on the one hand, versus ultimately being able to implement a centralised, predictable solution in which decisions about whether or not to disclose non-public registration data in most or all cases could be made consistently, predictably, in a manner that is transparent and accountable to request and data subjects alike’.