In a follow-up to the adoption, in May 2018, of the Temporary Specification for gTLD Registration Data, ICANN has published for discussion the draft Framework Elements for a Unified Access Model for Continued Access to Full WHOIS Data. The specification established that registries and registrars for generic top-level domains (gTLDs) continue to collect robust domain name registration data, but personal data is restricted to layered/tired access, by users with legitimate purposes. The draft Framework Elements outline several questions to help frame the discussion on a possible model for how legitimate users could access personal WHOIS data and how such users would be accredited (the so-called 'accreditation and access model'). The document outlines an important role for governments. For example, governments within the European Economic Area would be tasked with identifying or facilitating the identification of broad categories of users eligible for continued access to WHOIS data. They would also determine authentication requirements for determining which law enforcement authorities from their jurisdictions should be granted access to full WHOIS data. ICANN also envisions that it would consult with its Governmental Advisory Committee on identifying relevant bodies to be tasked with authenticating users for access to WHOIS.
Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.