ICANN to continue discussions on its proposed interim model for compliance with the GDPR
Following discussions held in the context of its 61st meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) announced that it will continue to work on its proposed ‘Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union’s General Data Protection Regulation’ (published in early March and communicated to data protection authorities in the EU). The organisation noted that there are several open questions and points of divergence among the ICANN community with regard to several elements of the proposed model and that it continues to ‘seek guidance’ on those points. At the ICANN61 meeting, the Governmental Advisory Committee (GAC) announced that it ‘does not envision an operation role in designing and implementing’ an accreditation programme for tiered access to WHOIS data, as the interim model suggested. The committee also recommended that ICANN reconsider its proposal to stop making e-mail addresses of registrants available in the public WHOIS (and, instead, replace this with an online form that would allow communication with the registrant without revealing their e-mail). According to GAC, ‘this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection’. This view is shared by the intellectual property and business communities within ICANN. There are also concerns within the ICANN community that the slow progress in deciding how WHOIS will look like when the GDPR enters into force (May 2018) – including regarding devising the proposed accreditation model – could lead to WHOIS data being completely unaccessible at least for a while. A meeting between ICANN and Article 29 Working Party (representing EU member states data protection authorities) is envisioned for late March.